GSA Enterprise Architecture Policy

Purpose

This Order establishes agency-wide policy, principles, roles and responsibilities for the establishment and implementation of the General Services Administration (GSA) Enterprise Architecture (EA).

Background

The Clinger-Cohen Act of 1996 requires agency Chief Information Officers (CIO) to oversee the development and maintenance of a sound and integrated agency-wide information architecture. The Office of Management and Budget (OMB), through Circular A-130, has interpreted the information architecture identified in the Clinger-Cohen Act to mean the agency Enterprise Architecture (EA). The E-Government Act of 2002 defines EA as: a strategic information asset base, which defines the mission, the information necessary to perform the mission, the technologies necessary to perform the mission, and the transitional processes for implementing new technologies in response to changing mission needs, and includes a baseline architecture, a target architecture, and a sequencing plan.

Applicability

1. This Order applies to all GSA organizations and persons in positions with responsibility for using information technology to support business and administrative operations in GSA.
2. This Order applies to the Office of Inspector General (OIG) to the extent that the OIG determines this Order is consistent with the OIG’s independent authority under the IG Act, and it does not conflict with other OIG policies or the OIG mission.
3. This Order applies to the Civilian Board of Contract Appeals (CBCA) to the extent that the CBCA determines that the Order is consistent with the CBCA’s independent authority under the Contract Disputes Act and applicable regulations and court decisions.

Cancellation

This Order cancels CIO 2110.3, GSA Enterprise Architecture Policy, dated September 29, 2015.

Roles and Responsibilities

The organizational roles and responsibilities listed below are specific to the requirements of the EA practice within GSA.

1. GSA Administrator

• The Administrator is responsible for the agency’s Strategic Plan which guides the development and maintenance of the agency’s EA and Capital Planning and Investment Control (CPIC) process.

2. Heads of Service and Staff Offices (HSSOs)

• The HSSOs and RAs ensure that their organizations actively participate with the Chief Enterprise Architect (CEA) to define their change drivers, business and information management requirements, and performance measures in order to assure that the overall EA supports their Business and Strategy Segment Architecture segments’ goals and objectives. Service and Staff Offices (SSOs) will be responsible for resourcing the development of the OMB approved GSA architecture segments in their business lines;

3. Chief Information Officer (CIO)

• The CIO is responsible for the IRM Strategic Plan and IT Capital Plan in support of the agency’s Strategic Plan. The IT Capital Plan, being operational in nature, supports the goals and missions identified in the IRM Strategic Plan developed as part of GSA’s EA program.

4. Chief Financial Officer (CFO)

• The CFO is the responsible authority for all architectural considerations required under the Chief Financial Officers Act of 1990 (the CFO Act) and ensuring the EA and the CPIC processes are integrated with strategic and budget planning.

5. Chief Information Security Officer (CISO)

• The CISO is responsible for carrying out the Federal Information Security Management Act (FISMA) and acting as the agency-wide information security liaison. Additionally, the CISO and Chief Enterprise Architect (CEA) will ensure appropriate guidance is developed for incorporating security into enterprise and segment architectures.

6. Chief Enterprise Architect (CEA)

• The CEA is responsible for providing direction for the EA development and maintenance, and ensuring its collaboration with the Federal Enterprise Architecture and with GSA’s partners. GSA’s EA is maintained in the GSA EA Analytics and Reporting (GEAR) tool, accessible at ea.gsa.gov. GEAR is the authoritative source for the application list, the IT Standards profile, the FISMA Systems list, and business capabilities.