This is the accessible text file for GAO report number GAO-06-666 entitled 'Defense Acquisitions: Further Management and Oversight Changes Needed for Efforts to Modernize Cheyenne Mountain Attack Warning Systems' which was released on July 7, 2006. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to Congressional Committees: United States Government Accountability Office: GAO: July 2006: Defense Acquisitions: Further Management and Oversight Changes Needed for Efforts to Modernize Cheyenne Mountain Attack Warning Systems: GAO-06-666: GAO Highlights: Highlights of GAO-06-666, a report to congressional committees. Why GAO Did This Study: The Cheyenne Mountain Operations Center houses numerous complex computer systems for tracking air, missile, and space events that could threaten homeland security or undermine military operations in theater. To ensure this mission can be met, the systems require ongoing upgrades. The most recent upgrade program —the Combatant Commanders’ Integrated Command and Control System (CCIC2S)—was initiated in 2000. Given the critical missions supported by Cheyenne Mountain systems, GAO initiated a review to (1) determine the status of the CCIC2S program in terms of meeting its cost, schedule, and performance goals; (2) gauge the extent to which DOD has followed best practices in managing program requirements; and (3) assess DOD’s control and oversight mechanisms for CCIC2S. What GAO Found: Like its predecessor, the Department of Defense’s (DOD) CCIC2S program is over cost, behind schedule, and some capabilities have been deferred indefinitely which could pose risks to performing some future operations. The Air Force, which has overall responsibility for the program, currently estimates program costs will total about $707 million through fiscal year 2006—about a 51 percent increase over initial estimates. Schedules have also expanded significantly, and most critical mission capabilities will not be delivered in fiscal year 2006, as initially planned. The deferral of capabilities and performance shortfalls has significant implications for future missions—especially if program dollars are needed to maintain legacy systems longer than expected. The tracking of space objects could be particularly affected, given that none of the work on CCIC2S’s critical space mission capabilities has been completed, and estimated completion dates for this work have yet to be determined. Figure: Comparison of Initial and Current Estimates of CCIC2S Program Costs from Inception through Fiscal Year 2006 (Then-Year Dollars in Millions): [See PDF for Image] Source: Air Force data, GAO analysis. [End of Figure] Unstable program requirements and the failure to match requirements to available resources have contributed to the program’s cost and schedule overruns. Since the program began in 2000, the Air Force has added, deleted, and modified requirements without adequately determining the effect of these changes on resources. To control cost growth, the Air Force has frequently deferred work to later years and has yet to determine when and at what cost development is to be completed. Several key controls needed to mitigate the CCIC2S program’s cost and schedule problems are not in place. First, DOD did not designate the CCIC2S program as a major automated information system acquisition—a designation that would have required high-level oversight other than that provided by the Air Force, which has been ineffective. In addition, the Air Force’s contracting approach has limited the program’s ability to thoroughly assess the reliability of the contractor’s cost and schedule performance information and the impact of defining, prioritizing, and adding capabilities. Despite this risky approach, the Defense Contract Management Agency did not independently monitor contractor performance. According to DOD officials, actions are being taken to implement better controls and to determine whether the CCIC2S program should be categorized as a major automated information system acquisition. What GAO Recommends: GAO is recommending that DOD designate CCIC2S as a major acquisition program; establish effective management controls; and conduct an affordability assessment, economic analysis, and independent estimate of life- cycle costs. DOD agreed to designate CCIC2S as a major acquisition program and establish management controls. In addition, DOD stated that it will conduct the affordability assessment and other analyses on future CCIC2S development activities. [Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-06-666]. To view the full product, including the scope and methodology, click on the link above. For more information, contact Lisa Shames at (202) 512- 4841 or shamesl@gao.gov. [End of Section] Contents: Letter: Results in Brief: Background: CCIC2S Program Has Experienced Cost and Schedule Overruns and Performance Shortfalls: Cost and Schedule Overruns Caused by Not Adhering to Best Practices for Managing Program Requirements: CCIC2S Program Oversight and Controls Have Been Ineffective: Conclusions: Recommendations for Executive Action: Agency Comments and Our Evaluation: Appendix I: Scope and Methodology: Appendix II: Comments from the Department of Defense: Appendix III: Software Development Capability Maturity Model: Appendix IV: DOD Acquisition Categories, Thresholds, and Oversight: Appendix V: GAO Contact and Staff Acknowledgments: Related GAO Products: Tables: Table 1: Cheyenne Mountain Mission Centers, Operations, and Systems: Table 2: Comparison of Initial and Current Estimates of CCIC2S Program Costs from Inception through Fiscal Year 2006 (Then-Year Dollars in Millions): Table 3: Air Force Cost Estimate for CCIC2S through Fiscal Year 2007 Before Program Initiation and Designation of Acquisition Category Level (Fiscal Year 1996 Constant Dollars in Millions): Table 4: Software Capability Maturity Model® Scale: Table 5: DOD Acquisition Categories and Decision Authorities (as of March 15, 1996, When the Air Force Initiated the CCIC2S Program): Figures: Figure 1: Cheyenne Mountain Systems Time Line of Upgrade Efforts: Figure 2: Status of Critical Capabilities to Be Delivered: Figure 3: CCIC2S Program Rebaselines and Their Impacts on Program Schedule: Abbreviations: ACAT: acquisition category: CMU: Cheyenne Mountain Upgrade: DCMA: Defense Contract Management Agency: DOD: Department of Defense: EVM: earned value management: MAIS: Major Automated Information System: MDAPS: Major Defense Acquisition Programs: NORAD: North American Aerospace Defense Command: RAIDRS: Rapid Attack Identification Detection and Reporting System: RDT&E: research, development, test, and evaluation: SPADOC: Space Defense Operations Center: TSPR: Total System Performance Responsibility: USNORTHCOM: United States Northern Command: USSTRATCOM: United States Strategic Command: United States Government Accountability Office: Washington, DC 20548: July 6, 2006: Congressional Committees: The Department of Defense's (DOD) Cheyenne Mountain Operations Center, built in the early 1960s, currently houses numerous complex computer systems intended to help monitor, process, and interpret air, missile, and space events that could threaten North America or have operational impacts on U.S. forces or capabilities. New threats have emerged over time that have necessitated improved capabilities from Cheyenne Mountain systems. Examples of these evolving threats include events such as the September 11, 2001, terrorist attacks on the U.S. and attacks on space assets that could negatively impact military operations as well as the economy. These systems--which are housed in three major centers: Air Warning, Missile Correlation, and Space Control--require ongoing upgrades in order to incorporate new mission capabilities and technologies and reduce the cost of maintaining older systems. However, our reviews over the past 2 decades have found that DOD's efforts to modernize and integrate Cheyenne Mountain systems have been fraught with cost increases, schedule delays, and performance shortfalls due, in large part, to poor program management and oversight. For example, in September 1994, we reported that upgrade efforts were 8 years behind schedule and $792 million over budget, due to development and integration problems stemming from management shortfalls.[Footnote 1] While DOD declared the most recent Cheyenne Mountain upgrades to be operational in 1998, that same year, it determined that some of the systems' components were not well integrated, were becoming unsupportable because they were no longer produced, and would be unresponsive to future mission needs. Subsequently, DOD initiated a program in 2000 to modernize and integrate Cheyenne Mountain systems under a program called the Combatant Commanders' Integrated Command and Control System, or CCIC2S, and assigned overall responsibility for the program to the Air Force. We have recently testified that DOD's costly current and planned acquisitions are running head-on into the nation's unsustainable fiscal path.[Footnote 2] DOD starts more programs than it can afford and sustain, and in the past 5 years, it has doubled its planned investments in programs. However, these programs continue to experience recurring problems with cost overruns, missed deadlines, and performance shortfalls. Our work has shown that DOD will continue to experience such problems until it is able to make oversight and management control improvements, including making sure programs are executable, locking in requirements before programs are initiated, and making clear who is responsible for what and holding people accountable when these responsibilities are not fulfilled. Additionally, our work has shown that once a program is initiated, inevitable changes to the requirements baseline need to be controlled in terms of assessing the cost, schedule, and performance implications of the changes. As part of these assessments, the risks associated with these factors need to be identified and mitigated.[Footnote 3] Within this context, we initiated this engagement under the authority of the Comptroller General of the United States to (1) determine the status of the CCIC2S program in terms of meeting its cost, schedule, and performance goals; (2) gauge the extent to which DOD has followed best practices with regard to managing program requirements, including matching requirements to available resources; and (3) assess DOD's oversight and control mechanisms for Cheyenne Mountain systems modernization and integration efforts under way and planned. We are addressing this report to you because of your committees' and subcommittees' jurisdictions. In conducting our work, we spoke with officials from appropriate DOD, Air Force, and contractor offices. We also reviewed DOD and Air Force acquisition policies; planning documents; and program requirements, cost, and schedule data. Additional information on our scope and methodology is in appendix I. We conducted our work from July 2005 to April 2006 in accordance with generally accepted government auditing standards. Results in Brief: As with previous Cheyenne Mountain upgrade efforts, the CCIC2S program is over cost, behind schedule, and some capabilities have been deferred indefinitely. This deferral could pose risks to performing some future operations. The Air Force initially estimated the CCIC2S program would complete upgrades of critical air, missile, and space warning capabilities in fiscal year 2006 at a program cost (including sustainment activities) of approximately $467 million. However, the Air Force currently expects the program to cost about $707 million through the same year--about a 51 percent increase--with no estimated completion date and without delivering most mission critical capabilities. The deferral of capabilities has significant implications for future missions--especially if program dollars are needed to maintain legacy systems longer than expected or to modify these systems. Operations to track man-made space objects could be particularly affected, given that none of the work on CCIC2S's space mission critical requirements has been completed and that estimated completion dates for this work have yet to be determined. Deferring expected capabilities may also affect programs that rely on CCIC2S for their implementation, such as a defensive counterspace system that the Air Force is developing, which is expected to use Cheyenne Mountain systems information to help thwart attacks against valuable DOD space assets. The ineffective management of CCIC2S's requirements has contributed to the program's cost and schedule overruns. In contrast to best practices, which call for stabilizing requirements and matching them to available resources, CCIC2S's requirements were not established until 2004, more than 3 years after the program began. The Air Force--which was responsible for managing CCIC2S--did not effectively assess the appropriateness of the program's requirements prior to initiating the program. Since the program began in 2000, the Air Force has made significant additions, deletions, and modifications to the initial requirements. At the same time, the Air Force did not determine the effect of these changes on resources. Consequently, the Air Force has rebaselined CCIC2S's cost and schedule goals annually; currently, the program is undergoing its fifth rebaselining. While rebaselining can provide an important perspective on a program's current status, it can also obscure how programs perform over time because a rebaseline shortens the period of reported performance and, more importantly, resets the measurement of cost and schedule growth to zero. With each rebaseline of the CCIC2S program, significant amounts of work have been deferred to address cost increases. As a result, the Air Force has implemented the program without reliable expectations of what capabilities are to be delivered, when, and at what cost. The oversight and control mechanisms of the CCIC2S program have been inadequate to mitigate many of the problems it has experienced. Specifically, (1) DOD did not designate the CCIC2S program as a major automated information system acquisition, which would have required high-level oversight and comprehensive and independent assessments of the program; (2) the Assistant Secretary of the Air Force for Acquisition--the CCIC2S milestone decision authority with overall responsibility for the program--did not provide effective oversight; and (3) the Air Force's contract management approach limited the program office's ability to thoroughly assess the reliability of the contractor's cost and schedule performance information and the impact of defining, prioritizing, and adding capabilities. Additionally, the Defense Contract Management Agency did not independently monitor contractor performance, although it signed a memorandum of agreement with the program to do so in 2003. According to DOD officials, actions- -such as initiating a formal system-level technical review process--are being taken to implement better controls and DOD is in the process of determining whether to categorize the CCIC2S program as a major automated information system acquisition. To ensure the program addresses current shortcomings and proceeds on a successful path, we are recommending that the Secretary of Defense direct the Secretary of the Air Force to maintain Cheyenne Mountain's essential operation and maintenance activities and limit future CCIC2S development activities to those deemed critical to national security until DOD (1) approves an acquisition approach that designates the program as a major automated information system acquisition and delineates oversight and accountability responsibilities, and (2) conducts an affordability assessment, economic analysis, and independent estimate of life-cycle costs. Furthermore, the Secretary of Defense should direct the Secretary of the Air Force to establish and implement effective management controls for the program by implementing an approach to manage requirements and resource changes and ensure program cost and performance data are reliable. DOD agreed with designating the program as a major automated information system acquisition, delineating responsibilities, and establishing and implementing effective management controls for the program. In addition, DOD agreed with conducting an affordability assessment, economic analysis, and independent estimate of life-cycle costs on future development activities but not with the current activities due to potential mission impacts. We do not disagree with this approach to the extent that continuing these development activities is critical to national security. However, continuing CCIC2S development without establishing a match between requirements and available resources may also hinder DOD's ability to satisfy national security needs because of the increased risk that the program fails to achieve its promised capability. DOD comments on a draft of this report appear in appendix II. Background: DOD built the Cheyenne Mountain Operations Center in the early 1960s at Cheyenne Mountain Air Force Station, Colorado. Throughout its history, its mission has continually evolved to adapt to changing threats--which have ranged from a perceived Soviet nuclear threat after the 1957 launch of Sputnik, the first man-made satellite successfully placed in orbit, to theater ballistic missiles in the Persian Gulf during Operation Desert Storm in the early 1990s. Currently, Cheyenne Mountain's mission is to help monitor, process, and interpret air, missile, and space events that could threaten North America or have operational impacts on U.S. forces or capabilities, using air, ground, and space-based sensors that link to the complex's computer systems located more than 2,000 feet under ground. The President, Secretary of Defense, combatant commanders, and the Prime Minister of Canada rely on Cheyenne Mountain systems to provide accurate, timely, and unambiguous information essential for determining courses of actions warfighters are to carry out. Air Force Space Command is responsible for operating, funding, and setting requirements for the systems, and Air Force Materiel Command's Electronic Systems Center is responsible for maintaining the systems and for acquiring new systems and capabilities. Table 1 provides a summary of Cheyenne Mountain's three mission centers, operations, and systems. Table 1: Cheyenne Mountain Mission Centers, Operations, and Systems: Mission centers: Air warning. Mission centers: Air Warning: Supports the North American Aerospace Defense Command (NORAD) and United States Northern Command (USNORTHCOM) in their missions to monitor and secure North American airspace; Operations: OPerations: Monitors North America's airspace to detect aircraft or cruise missiles that might violate airspace or represent a threat, which now includes warning of events such as the September 11, 2001, terrorist attacks; Systems: Air and ground-based radars inside and along the periphery of North America. Mission centers: Missile correlation: Supports NORAD, USNORTHCOM, and United States Strategic Command (USSTRATCOM) in their strategic and theater missions to protect U.S. and Canadian interests from ballistic missile attacks; Operations: Provides warning of missile attacks launched against the United States and its territories, possessions, and forces overseas and supports USSTRATCOM in its mission to defend against strategic and theater missile attacks.[A]; Systems: A worldwide communications and ground-and space-based sensor network. Mission centers: Space control: Supports USSTRATCOM in its mission to protect U.S. space assets[B]; Operations: Detects, tracks, identifies, and catalogs all man-made space objects orbiting the Earth that are larger than about 4 inches in size; Systems: A network of ground-based radars and optical sensors as well as a space-based sensor. Source: DOD. [A] Missile attacks can be characterized as strategic (long-range), such as intercontinental ballistic missiles launched against the United States as well as theater (short-and medium-range), such as the Scud missiles used by Iraq during the Gulf War. [B] A key element of this mission is space situational awareness, which involves identifying man-made objects orbiting the Earth and determining whom they belong to and their purposes. [End of table] Previous Cheyenne Mountain Upgrade Efforts: In 1981, the Air Force began efforts to modernize its Cheyenne Mountain systems under five separate programs scheduled to be completed in 1987 at a total estimated cost of $968 million. Subsequently, the Air Force consolidated the five separate Cheyenne Mountain upgrade programs into a single Cheyenne Mountain Upgrade (CMU) program. Beginning in the late 1980s, we issued a dozen reports on the program's cost, schedule, and performance problems. For example, we reported that the Air Force did not adequately define program requirements which resulted in an underestimation of the upgrade efforts' cost and schedule goals. In its attempts to maintain short-term cost and schedule goals, the Air Force continually deferred requirements and problem resolution to the future, as well as relaxed performance requirements. (See Related GAO Products at the end of this report.) Despite not meeting original performance expectations for the program, in 1998, the Air Force declared the Cheyenne Mountain upgrades to be operational--almost $1 billion over cost and 11 years late. That same year, DOD determined that some of the systems were not well integrated, would be unresponsive to future mission needs, and some components were becoming unsupportable. As a result, in 2000, the Air Force initiated the CCIC2S program to modernize and integrate Cheyenne Mountain systems.[Footnote 4] Figure 1 depicts the timeline of Cheyenne Mountain upgrades. Figure 1: Cheyenne Mountain Systems Time Line of Upgrade Efforts: [See PDF for image] Source: GAO. [End of figure] On September 19, 2000, the Air Force awarded a cost-plus award fee contract[Footnote 5] to Lockheed Martin Mission Systems[Footnote 6] to begin work on the CCIC2S program. The initial period of performance was for 6 years, with annual options for operations and maintenance activities for an additional 9 years. CCIC2S Program Has Experienced Cost and Schedule Overruns and Performance Shortfalls: Like its predecessor, the CMU program, the CCIC2S program is over cost, behind schedule, and some capabilities have been deferred indefinitely. This deferral could pose risks to performing some future operations. The Air Force's current program cost estimates through fiscal year 2006 represent about a 51 percent increase over its initial estimate. Additionally, while the Air Force initially estimated CCIC2S upgrades to be completed in fiscal year 2006, most critical mission capabilities will not be delivered by this time, and for some of these capabilities, the Air Force has yet to estimate a completion date. The deferrals of capabilities and performance shortfalls could have implications for future missions. The CCIC2S Program Is Over Cost and Behind Schedule: As shown in table 2, the Air Force initially estimated the CCIC2S program to complete upgrades in fiscal year 2006 at an estimated cost of about $467 million.[Footnote 7] However, program cost estimates through the same year have increased about 51 percent to nearly $707 million. Air Force officials said they never estimated the life-cycle cost of delivering all CCIC2S validated requirements. Table 2: Comparison of Initial and Current Estimates of CCIC2S Program Costs from Inception through Fiscal Year 2006 (Then-Year Dollars in Millions): Time frame of cost estimate: Initial (July 2000); Fiscal year: 2000: $4.7; Fiscal year: 2001: $77.5; Fiscal year: 2002: $78.4; Fiscal year: 2003: $76.1; Fiscal year: 2004: $78.6; Fiscal year: 2005: $75.7; Fiscal year: 2006: $76.0; Total: $467.0. Time frame of cost estimate: Current (February 2006); Fiscal year: 2000: 4.7[A]; Fiscal year: 2001: 102.0[A]; Fiscal year: 2002: 107.0[A]; Fiscal year: 2003: 94.4[A]; Fiscal year: 2004: 133.4[A]; Fiscal year: 2005: 132.7; Fiscal year: 2006: 132.7; Total: 706.9. Source: Air Force data, GAO analysis. [A] Actual expenditures. [End of Table] Along with the increases in estimated program costs, schedules have expanded significantly. The Air Force initially estimated development activities to be completed in fiscal year 2006, but only a fraction of the expected capabilities have been delivered (see fig. 2). Of the three mission areas--air, missile, and space--the Air Force has delivered only initial air and some initial missile mission critical capabilities. DOD considers these critical capabilities to be the most essential for the program--failure to provide these capabilities can be cause for a program to be reassessed or terminated. The remaining missile warning critical capabilities are now expected to be delivered in fiscal year 2007--over 3 years later than initially estimated. The Air Force has postponed the delivery of all critical space mission capabilities to some undetermined point in the future. According to Air Force officials, the space mission capability deliveries will not be scheduled until future investment decisions are made. Figure 11: Status of Critical Capabilities to Be Delivered: [See PDF for image] Source: Air Force data, GAO analysis. [End of figure] According to the CCIC2S program office and other DOD officials, one of the reasons the program's initial cost and schedule estimates differ from current estimates is that work that was not included in the original estimates was added to the program. Examples of work added to the program include replacing an aging missile warning processing and display system as well as developing a computer operational status monitoring system. We did not assess the cost and schedule impacts of these added capabilities. Also, as a result of the September 11, 2001, attacks on the U.S., the Air Force diverted a portion of CCIC2S funding and personnel to make improvements to other Cheyenne Mountain systems so that aircraft traffic within the U.S. could be monitored by the air warning center. However, according to DOD officials, the impacts of the September 11, 2001, terrorist attacks on the CCIC2S program were not significant because monitoring aircraft traffic within the U.S. is not a required upgrade under the CCIC2S program. Prior to these improvements, the focus of the air warning system was to monitor aircraft traffic outside the North American border. Deferral of Capabilities and Performance Shortfalls Have Implications for Future Missions: The deferral of capabilities and performance shortfalls that have resulted from cost and schedule overruns in the CCIC2S program could significantly impact future missions--especially if program dollars are needed to maintain legacy systems longer than expected. USSTRATCOM-- responsible for protecting U.S. space assets--could be particularly affected, given that none of the work on CCIC2S's critical space mission capabilities has been completed and that estimated completion dates for this work have yet to be determined. DOD has been counting on CCIC2S to replace the Space Defense Operations Center (SPADOC)--Cheyenne Mountain's current space object tracking system--and provide a system capable of processing larger volumes of data. Some DOD officials have stated that CCIC2S is to be the foundation for carrying out future space awareness functions. SPADOC's capabilities are currently overtaxed. It currently handles about 400,000 space object observations per day from sensors--about 167 percent more than it was designed to handle. The Air Force has implemented an inefficient workaround to address SPADOC's limited processing capabilities. Specifically, the Space Control Center is using CaveNet, an off-line tool, to assist with analyzing and processing space object observations. However, to analyze and process the information in CaveNet, Space Control Center operators must first download information from SPADOC and then manually type the processed information back into SPADOC. Air Force officials stated that manually typing CaveNet information back into SPADOC has recently become significant enough to request an automated interface. According to Air Force officials, efforts are on-going to assess the mission impact of SPADOC performing beyond design specifications. With other programs to improve data collection sensors that feed data into CCIC2S--such as the Space Fence and Space Based Space Surveillance system[Footnote 8]--the number of observations and processing requirements will increase significantly in the future, taxing the current system further. In a 2005 study, the CCIC2S contractor determined that SPADOC's processing capacity will not be able to handle the increased number of observations predicted beginning in 2012. For the near term, according to Air Force officials, the CCIC2S contractor has identified operations and maintenance changes for SPADOC to handle increases in the number of observations. However, DOD has not made a decision on when to pursue upgrades for SPADOC and cost estimates for upgrading SPADOC have not been finalized. With the delay of CCIC2S space capabilities and no decision on when SPADOC will be replaced, USSTRATCOM will have to continue relying on pushing SPADOC to its limits. Delays in the delivery of expected CCIC2S capabilities also affect programs that are not directly part of the program but are relying on CCIC2S for their implementation. For example, the Air Force's Rapid Attack Identification Detection and Reporting System (RAIDRS)--a defensive counterspace system--is expected to use information provided by Cheyenne Mountain systems to aid in the detection, reporting, identification, location, and classification of attacks against valuable space assets. However, according to a DOD official, the CCIC2S space capability delays have presented a serious acquisition dilemma for the RAIDRS program because it is dependent on the CCIC2S space segment. Funding has not been made available for the CCIC2S space segment that is to support RAIDRS, according to Air Force Space Command. Furthermore, other programs will experience the same acquisition dilemma because Air Force Space Command has instructed all of its sensor, satellite, and weapon programs to be able to integrate with CCIC2S. Cost and Schedule Overruns Caused by Not Adhering to Best Practices for Managing Program Requirements: The CCIC2S program's failure to match requirements and resources before its start has contributed to the cost and schedule overruns that have forced the program to defer delivery of CCIC2S capabilities. For each year since the program's inception, the Air Force has rebaselined CCIC2S's cost and schedule goals. The unreliable cost and schedule estimates that resulted have forced the program to frequently defer work to later years to control cost growth. The Air Force has yet to determine when and at what cost development is to be completed. Match Not Made between Program Requirements and Available Resources: Our body of work on best practices has shown that matching program requirements to resources--that is, time, funding, technology, and personnel--is key to successful outcomes.[Footnote 9] We have also reported that the requirements-setting phase is one of the most important for software-intensive acquisitions.[Footnote 10] Missing, vague, or changing requirements tend to be a major cause of poor outcomes in these programs. For example, according to Air Force officials, the major causes for the delay in the Air Mission Evolution system[Footnote 11]--a CCIC2S system that was delivered in January 2004, over 2 years behind schedule--included problems with software development and integration. Additionally, the contractor stated that changing priorities within the program as well as added requirements contributed to the delay.[Footnote 12] Without a stable set of requirements, the Air Force could not appropriately estimate program costs and in hindsight, the resources needed to satisfy program requirements were severely underestimated. To better ensure programs are affordable and fully funded before they are initiated, DOD guidance calls for every acquisition program to stabilize requirements and determine the program's total costs before program start.[Footnote 13] Despite best practices and DOD policy, the Air Force initiated the CCIC2S program without establishing a stable set of program-specific requirements and did not do so until January 2004--more than 3 years after program start. In that time, the Air Force made numerous additions, deletions, and modifications to CCIC2S's requirements. For example, the Air Force deleted, added back, and then modified a requirement for multiple security levels. According to an Air Force review of program requirements, some deleted requirements were duplicative or conflicting. Assessments of available resources were also inadequate. According to DOD guidance, every acquisition program should rigorously address issues such as the program's life-cycle costs and whether it is affordable and fully funded.[Footnote 14] By not conducting these rigorous assessments, DOD and the Air Force did not have the information needed to commit to the program over its life cycle. Although the CCIC2S program acquisition plan refers to the development of a life-cycle cost estimate before the program was initiated, it did not include the operations and maintenance costs of sustaining existing systems through the program's entire life cycle.[Footnote 15] Additionally, software development capabilities of the contractor should also be assessed. The contract for CCIC2S development specifies that the contractor be rated at the highest level (level 5) using the Capability Maturity Model® for Software developed by Carnegie Mellon University's Systems Engineering Institute.[Footnote 16] At this most mature level, quantitative feedback about performance and innovative ideas and technologies contribute to continuous process improvements. A senior program official stated that the CCIC2S contractor was rated at a level 5 for software development. According to DOD documentation, Capability Maturity Model® assessments are typically performed at an organization wide level and may not necessarily apply to a project team associated with any given acquisition program. We did not examine the program's software development efforts and the capabilities of the contractor. For more information on this model, see appendix III. Furthermore, DOD has not funded the program at requested levels since the program began due to other priorities. We have previously reported that program funding instability often occurs because DOD starts too many programs, creating severe budget constraints. Another factor we have reported that contributes to funding instability is that DOD's programs are funded annually, requiring competition among other programs for limited available funding.[Footnote 17] The CCIC2S program has not been an exception to these factors. For example, prior to initiating the CCIC2S program in 2000, DOD reduced the program's initial estimated resource requirements by a total of $75 million. In 2002, DOD decided not to increase requested program funding. According to DOD, funding was limited to program baseline levels because the program was a lesser priority. Furthermore, in 2005, DOD and Congress reduced CCIC2S program funding estimates over the next 6 years by about $135 million, citing higher priority funding needs and poor program performance. The Air Force Has Implemented the CCIC2S Program without Solid Expectations of What Capabilities Are To Be Delivered, When, and at What Cost: According to the acquisition strategy for the CCIC2S program, annual rebaselines[Footnote 18] were to be conducted on the program to review and approve program implementation plans, including cost and schedule baselines. However, because the Air Force failed to make a match between requirements and resources, including not effectively assessing the impacts of adding unanticipated work to the program, the result of CCIC2S's annual rebaselines has been to defer significant amounts of work to the future in order to address cost increases. As a result, the Air Force has implemented the program as a "level of effort"--that is, without solid expectations of what capabilities are to be delivered, when, and at what cost. Currently, the CCIC2S program is undergoing its fifth rebaseline. According to program officials, after this fifth rebaseline, CCIC2S will no longer plan for annual rebaselinings, but would only rebaseline the program when necessary. Figure 3 depicts the effects of each of the rebaselines on the program. Figure 3: CCIC2S Program Rebaselines and Their Impacts on Program Schedule: [See PDF for image] Source: Air Force data, GAO analysis. [End of figure] The fifth and current rebaseline was prompted by efforts to complete development of the program's critical missile warning mission capabilities. To free up resources for the missile warning development efforts, the Air Force stopped work on many other aspects of the CCIC2S program in late 2004 and subsequently began rebaselining the program in early 2005. Air Force officials stated the rebaseline was to be finalized by August 2005; however, it has yet to be approved as of June 2006. According to Air Force officials, pending changes in program oversight as well as recent DOD and congressional funding estimate reductions are reasons for the delay in approving the rebaseline. As currently structured, the rebaseline would again significantly defer the amount of capability scheduled to be delivered. Specifically, missile warning critical requirements would not be delivered until fiscal year 2007, and the schedule for the work on the space portion is undetermined. CCIC2S Program Oversight and Controls Have Been Ineffective: The oversight and control mechanisms of the CCIC2S program have been inadequate to prevent or mitigate many of the problems it has experienced. Additionally, the Air Force's contract management approach limited the program office's ability to thoroughly assess the reliability of the contractor's cost and schedule performance information and the impact of defining, prioritizing, and adding capabilities. Furthermore, the Defense Contract Management Agency (DCMA) did not independently monitor contractor performance. According to DOD officials, actions are being taken to implement better controls. DOD Did Not Designate CCIC2S as a Major Acquisition: Placement into a specific acquisition category (ACAT) determines the accountability level and analysis requirements of a program. DOD policy requires major automated information system acquisitions to have high- level oversight and comprehensive and independent assessments of life- cycle cost estimates and benefits to ensure they are reasonable and built on realistic program and schedule assumptions.[Footnote 19] In determining whether an automated information system acquisition program warrants a "major" designation, DOD applies dollar value thresholds. If a program does not meet these thresholds, it can be designated as a major acquisition based on other factors such as technical complexity. (See appendix IV for more detail on the designation criteria for acquisition programs that were in place when the Air Force initiated the CCIC2S program.) The CCIC2S program met the dollar threshold criteria for designation as a major automated information system acquisition program. However, DOD did not designate the program as a major automated information system acquisition. According to a senior Air Force Space Command official, the program was initially considered to be a weapon system acquisition and therefore below the threshold criteria for designating the program as a major defense acquisition program. At this lower acquisition category, oversight for the program was assigned to Air Force headquarters. Initial cost estimates for CCIC2S indicated that it should have been designated as a major automated information system acquisition. Specifically, at program initiation, CCIC2S's program cost estimate of about $463 million well exceeded DOD's threshold of $360 million (fiscal year 1996 constant dollars)--DOD's then-threshold for total life-cycle costs--for designation as a major automated information system program (see table 3).[Footnote 20] Table 3: Air Force Cost Estimate for CCIC2S through Fiscal Year 2007 Before Program Initiation and Designation of Acquisition Category Level (Fiscal Year 1996 Constant Dollars in Millions): Funding Type: Research, Development, Test, and Evaluation; Fiscal Year: 2000: $0.4; Fiscal Year: 2001: $13.0; Fiscal Year: 2002: $10.4; Fiscal Year: 2003: $10.2; Fiscal Year: 2004: $11.9; Fiscal Year: 2005: $11.5; Fiscal Year: 2006: $10.6; Fiscal Year: 2007: $10.7; Total: $78.7. Funding Type: Procurement; Fiscal Year: 2000: 0.9; Fiscal Year: 2001: 15.3; Fiscal Year: 2002: 13.6; Fiscal Year: 2003: 12.4; Fiscal Year: 2004: 12.4; Fiscal Year: 2005: 12.4; Fiscal Year: 2006: 12.4; Fiscal Year: 2007: 12.4; Total: 91.8. Funding Type: Operations and Maintenance; Fiscal Year: 2000: 3.1; Fiscal Year: 2001: 42.4; Fiscal Year: 2002: 45.9; Fiscal Year: 2003: 43.6; Fiscal Year: 2004: 42.5; Fiscal Year: 2005: 38.8; Fiscal Year: 2006: 38.4; Fiscal Year: 2007: 38.1; Total: 292.8. Funding Type: Total; Fiscal Year: 2000: 4.4; Fiscal Year: 2001: 70.7; Fiscal Year: 2002: 69.8; Fiscal Year: 2003: 66.2; Fiscal Year: 2004: 66.7; Fiscal Year: 2005: 62.8; Fiscal Year: 2006: 61.4; Fiscal Year: 2007: 61.2; Total: 463.2. Source: Air Force and modified by GAO to fiscal year 1996 constant dollars. [End of table] Additionally, the CCIC2S program is a technically challenging and complex acquisition. For example, one of the primary goals of the program is to integrate 40 stovepiped systems into a single common architecture. The complexity of the CCIC2S effort is further illustrated by our previous work which showed that the CMU program had experienced long-standing, serious integration problems, as well as software development problems with incorporating new technologies.[Footnote 21] DOD and Office of Management and Budget have issued guidance[Footnote 22] on conducting analyses that can help decision making on major automated information system acquisitions. These analyses include: * an affordability assessment to demonstrate that the program's resources (including projected funding and manpower requirements) are realistic and achievable in the context of the DOD component's overall long-range modernization plan to ensure full funding and funding stability for the program; * an economic analysis to determine the best program acquisition alternative by assessing the net life-cycle costs and benefits of the proposed program; and: * an independent estimate of program life-cycle costs. Taken together, such reviews can give DOD the knowledge it needs to prevent or mitigate many of the types of problems the CCIC2S program has experienced. We have consistently reported that the decision to invest in any system should be based on reliable analyses of estimated system costs and expected benefits over the life of the program.[Footnote 23] Without designation as a major acquisition, the CCIC2S program lacked the high- level oversight and independent analyses and review that could have identified key program weaknesses, including: * funding instability; * program cost, schedule, and performance problems; [See PDF for image] * the mismatch between requirements and available resources; and: * the inability to prioritize and commit to the program within the context of other acquisition programs and long-range investment plans. CCIC2S Milestone Decision Authority Did Not Provide Effective Oversight: DOD acquisition policy states that overall program responsibility rests with the milestone decision authority. In this role, the milestone decision authority is responsible for ensuring accountability and maximizing credibility in program cost, schedule, and performance reporting by reviewing the program throughout its acquisition life cycle, including (1) whenever the program reaches a milestone decision point;[Footnote 24] (2) whenever costs, schedule, or performance goals are baselined or must be changed; and (3) periodically through review of program status reports. While the Assistant Secretary of the Air Force for Acquisition--the designated milestone decision authority for the CCIC2S program--played an active oversight role from 2000 to 2001, its program oversight thereafter was minimal, including during the numerous program rebaselines and attempts to address cost, schedule, and performance shortfalls. The Assistant Secretary's oversight appears to have been limited to brief program status updates provided by the program executive officer as part of a weekly reporting on all programs under the program executive officer's purview, and, according to DOD officials, annual and semi-annual program execution and budget reviews. According to Air Force officials, the Assistant Secretary delegated its milestone decision authority responsibilities for the program to the program executive officer level. However, officials from the Office of the Assistant Secretary of the Air Force for Acquisition and the Office of the Program Executive Officer were unable to provide us documentation of a formal delegation of these responsibilities, or explain why this delegation took place. Program Lacked Sufficient Management Controls over the Contractor: In addition to matching requirements to resources, our best practices work has shown that to better ensure programs deliver capabilities within expected costs and schedules, program offices must have in place certain controls, including: (1) assessments of the effects of any changes in requirements on cost, schedule, and performance goals and (2) insights into contractor activities and progress to ensure commitments are implemented.[Footnote 25] The contract to develop CCIC2S was awarded under a Total System Performance Responsibility (TSPR) approach, which transfers certain government management responsibilities from the program office to the contractor. In the mid-1990s, DOD began making sweeping changes to its acquisition policy and procedures to streamline its acquisition infrastructure. One of these reforms was the introduction of the TSPR concept, which gave a contractor total responsibility for the integration of an entire weapon system and for meeting DOD's requirements. According to DOD officials, the Air Force no longer uses TSPR for its acquisition programs due to the shortcomings resulting from using this management concept. We have previously reported that TSPR contracts often result in the government's lacking accurate cost, schedule, and performance information needed to adequately manage programs because it had to rely on unverified contractor data.[Footnote 26] For CCIC2S, the risks inherent in a TSPR approach were exacerbated by the program office's lack of sufficient staffing to oversee the definition and prioritization of needed capabilities. Because the Air Force reduced the number of personnel in the program office from 200 to between 15 and 30 in an effort to achieve efficiencies, it lacked the personnel to assess the cost and schedule impacts of defining and prioritizing requirements on the program. Without such information, the program office was not in a position to make trade-off decisions between different types of needed capabilities. According to the program office, as a result of its inability to manage the requirements definition and prioritization process, the contractor ended up communicating directly with the users to help define and prioritize requirements, sometimes without the knowledge of the program office. Program officials also noted that they lacked sufficient staff with the technical knowledge to determine whether contractor cost, schedule, and performance data were reliable. For example, according to the program office and the CCIC2S contractor, the program initially called for a contractor outside of the CCIC2S program to develop air mission software and provide it to the CCIC2S contractor for integration into the program. However, shortly after the Air Force initiated the CCIC2S program, it terminated the air mission software development contract due to unsatisfactory performance. Subsequently, the users recommended, and the program office added, the unfinished work to the CCIC2S program as part of the re-baseline process in January 2001. However, according to the program office, it was not able to effectively assess the cost and schedule impacts of this change on the program. TSPR does not relieve the government of its oversight responsibilities. Also, according to DCMA officials, the government should conduct contract surveillance and gauge contractor performance using specific performance metrics. However, the CCIC2S program office was not always aware of the contractor's decisions or performance. For example, program office officials acknowledged that they were not aware of some re-prioritization of work done by the contractor to meet the users' needs. Program Lacked Independent Contractor Performance Assessment: Acquisition programs commonly use DCMA to monitor higher risk contracts. Typically, after DOD awards a contract, DCMA can monitor contractors' information systems to ensure that cost, performance, and delivery schedules are in compliance with the terms and conditions of the contract. According to DCMA officials, however, their involvement in the CCIC2S program from inception through 2004 was minimal because DCMA lacked resources and the CCIC2S program office did not request DCMA assistance until that time. This is despite the fact that in January 2003, the Air Force and DCMA signed a memorandum of agreement calling for DCMA assistance on the contract for the CCIC2S program. The agreement called for DCMA to analyze the contractor's earned value management (EVM) systems to verify that monthly cost performance reports and related documents present a valid picture of contract cost and schedule progress. This type of analysis could have identified problems with the EVM system and led to corrective actions sooner. Since 2004, DCMA has been working with the program office and Air Force systems engineering officials to improve the quality of metrics to assess cost, technical performance, and risk, as well as to make improvements to the contractor's EVM system. Needed Management Controls and Redesignation of CCIC2S Program Are Being Considered: DOD is reconsidering CCIC2S's current designation as a non- major automated information system program. In September 2005, the Assistant Secretary of Defense for Networks and Information Integration notified the Assistant Secretary of the Air Force for Acquisition that it intended to recategorize the CCIC2S program as a major automated information system acquisition because of increased funding levels, national interest in the program, and our review of the program. Designating the CCIC2S program as a major automated information system acquisition would put in place the high-level oversight and rigorous analyses needed to help ensure (1) the program has top-level accountability and support for the program, (2) DOD has the knowledge necessary for making trade-offs in program requirements so that they match available resources, and (3) DOD has the ability to prioritize and commit to the program within the context of its other acquisition programs and long-range investment plans. As of June 2006, however, the office of the Assistant Secretary of Defense for Networks and Information Integration has yet to formally make a decision on whether to designate the program as a major automated information system acquisition. According to Air Force and DCMA officials, the program office has taken several steps, which we did not assess, to address some management control problems, including the following actions: * Prohibited direct contact between the contractor and users- -which they acknowledge had a direct impact on program cost and schedule performance--to keep the contractor from reprioritizing work to meet the immediate needs of the users, in 2004. Additionally, the program office and the contractor implemented an engineering review board process to evaluate any proposed change in terms of its validity in relation to validated requirements as well as its impact to program cost and schedule estimates. * Initiated a User Feedback Control Board process to identify where deliverables are not meeting users' needs and assess identified solutions in terms of their relationship to validated requirements as well as program cost and schedule implications, beginning in the spring of 2005. * Adopted a planning approach that is to more realistically account for program risks through a consideration of limiting factors such as test resources and the complexities surrounding installing and testing hardware and software in Cheyenne Mountain's operational environment. * Took steps to add technical staff to assess the effects of changes in requirements on cost, schedule, and performance goals and provide additional insight into contractor activities. * Implemented a formal system-level technical review process consisting of milestones, or gates, each of which have entrance and exit criteria. For example, deficiencies identified under the formal review must be addressed prior to proceeding into the next development phase. Conclusions: Cheyenne Mountain systems--which are to warn the U.S. and Canada of air, missile, and space attacks--are critical to national security. However, since the 1980s, DOD's efforts to modernize these systems have been fraught with cost increases, schedule delays, and performance shortfalls. Under the current development effort, the Air Force continues to defer the completion of key critical space requirements, placing the DOD's ability to perform air and missile defense and space situational awareness missions at risk. Without matching requirements to available resources, the CCIC2S program will continue to flounder. Failing to conduct this match at the onset of this complex effort led DOD to develop unrealistic cost and schedule estimates as well as to over-promise capability. Specifically, the Air Force did not ensure that the program had stable requirements and a sound process for clarifying and controlling them, and thus the resources to satisfy the requirements were severely underestimated. The minimal top-level and external oversight and accountability of the program contributed to the problems. Failure to make course corrections now without correcting the shortfalls will put the program at risk of failing to achieve promised capability. Recommendations for Executive Action: We recommend that the Secretary of Defense direct the Secretary of the Air Force to maintain Cheyenne Mountain's essential operation and maintenance activities and to limit future development activities to those deemed critical to national security needs until the Department takes the following five actions: * Designate the program as a major automated information system acquisition. * Conduct an affordability assessment to demonstrate that the program's resource estimates are realistic and achievable in terms of DOD's overall long-range modernization priorities and investment plans for Cheyenne Mountain. Such an assessment would require ensuring the requirements baseline is verified and validated and making a match between these requirements and available resources. * Conduct an economic analysis to assess the life-cycle costs and benefits of the program. * Conduct an independent estimate of program life-cycle costs, to provide a basis for relying on the cost estimates. * Determine and clearly delineate oversight responsibilities and accountability for the successful implementation of CCIC2S. Additionally, the Secretary of Defense should direct the Secretary of the Air Force to take the following three actions: * Develop and implement an approach that requires a rigorous analysis of resource impacts of any change in requirements for continuously making trade-offs between requirements and resources to ensure a match is maintained. * Ensure management controls are in place so that changes to requirements are decided on the basis of costs, benefits, risks, and affordability. * Develop and implement an approach for ensuring program cost and performance data are reliable. Agency Comments and Our Evaluation: DOD provided us with written comments on a draft of this report. DOD agreed that the CCIC2S program be designated as a major automated information system with the Assistant Secretary of Defense for Networks and Information Integration as the milestone decision authority with oversight responsibility and accountability for its successful implementation. In addition, DOD agreed with conducting an affordability assessment, economic analysis, and independent estimate of life-cycle costs on future development activities but not with the current activities due to potential mission impacts. Specifically, DOD stated these assessments should be conducted on future delivery blocks of the CCIC2S program, but not on the current block.[Footnote 27] DOD asserted that its recent $127 million CCIC2S funding reduction across the Future Years Defense Program (FYDP)[Footnote 28] pared down CCIC2S development activities to those essential to national security needs. We do not disagree with this approach to the extent that continuing these development activities is critical to national security. However, continuing CCIC2S development without establishing a match between requirements and available resources may also hinder DOD's ability to satisfy national security needs because of the increased risk that the program fails to achieve its promised capability. While DOD raises the issue of the cost of delaying the program, it does not address the cost of proceeding as planned. Our work has shown that in numerous programs, continuing to spend money on development programs without sufficient knowledge or clear direction results in cost overruns and schedule delays. Further, given recent congressional concerns over DOD's management of CCIC2S,[Footnote 29] demonstrating on a timely basis how requirements and available resources are to be matched while protecting national security is especially important. Since an assessment of CCIC2S's specific operational risks to national security was beyond the scope of our review, we clarified our recommendation to read that the Secretary of Defense direct the Secretary of the Air Force to limit future development activities to those deemed critical to national security needs until the Department takes the actions discussed above. DOD agreed to take actions relating to establishing and implementing management controls and approaches to analyze the resource impacts of changes in requirements and to ensure reliable program data. DOD stated that these changes had already been implemented or are being planned. During our review, program and DCMA officials told us that some changes--such as prohibiting the contractor from reprioritizing work without Air Force approval and implementing an engineering review board to assess requirements changes--had been made. However, they also noted that other measures to manage requirements and institute better management controls--such as increasing program office management staffing and capabilities, modifying the work breakdown structure and earned value management system, and implementing a new approach and metrics to track program progress--were under way or planned. Given DOD has not fully demonstrated the effectiveness of the changes it has made or is making, and that it is planning to make other changes, we are retaining our recommendation. We are sending copies of this report to interested congressional committees and the Secretaries of Defense and the Air Force. We will also provide copies to others on request. In addition, this report will be available at no charge on the GAO Web site at [Hyperlink, http://www.gao.gov]. If you have any questions about this report or need additional information, please call me at (202) 512-4841 (shamesl@gao.gov). Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. GAO staff who made major contributions to this report are listed in appendix V. Signed by: Lisa Shames: Acting Director, Acquisition and Sourcing Management: List of Congressional Committees: The Honorable John Warner: Chairman: The Honorable Carl Levin: Ranking Minority Member: Committee on Armed Services: United States Senate: The Honorable Ted Stevens: Chairman: The Honorable Daniel K. Inouye: Ranking Minority Member: Subcommittee on Defense: Committee on Appropriations: United States Senate: The Honorable Duncan L. Hunter: Chairman: The Honorable Ike Skelton: Ranking Minority Member: Committee on Armed Services: House of Representatives: The Honorable C. W. Bill Young: Chairman: The Honorable John P. Murtha: Ranking Minority Member: Subcommittee on Defense: Committee on Appropriations: House of Representatives: [End of section] Appendix I: Scope and Methodology: [End of section] To determine the status of the Combatant Commanders' Integrated Command and Control System, or CCIC2S, in terms of meeting its cost, schedule, and performance goals, we reviewed our past work to determine whether the CCIC2S program has continued to experience the problems previous Cheyenne Mountain upgrade efforts had experienced. We also reviewed program status reports and budget data and spoke with Department of Defense (DOD) and contractor officials to assess program cost, schedule, and performance progress to date. Additionally, we spoke with CCIC2S users to determine their level of satisfaction with CCIC2S program performance. Specifically, we reviewed documentation from and interviewed officials in the Office of the Assistant Secretary of Defense for Networks and Information Integration; National Security Space Office; Office of the Secretary of Defense, Cost Analysis Improvement Group; Office of the Secretary of Defense, Program Analysis and Evaluation; Office of the Director, Operational Test and Evaluation; Office of the Joint Chiefs of Staff; Defense Contract Management Agency's CCIC2S Program Support Team; Office of the Assistant Secretary of the Air Force for Acquisition; Air Force Space Command; Air Force Air Combat Command; Office of the Air Force Program Executive Officer for Command and Control and Combat Support; Air Force Electronic Systems Center; Air Force Operational Test and Evaluation Center; United States Strategic Command; United States Northern Command; North American Aerospace Defense Command; and Lockheed Martin Integrated Systems & Solutions. To gauge the extent to which DOD has followed best practices with regard to managing program requirements, including matching requirements to available resources, we reviewed DOD, Office of Management and Budget, and Air Force acquisition guidance, as well as our previous best practices work, to determine criteria for managing requirements. We also reviewed program requirements documentation and spoke with DOD officials on how DOD developed requirements for the CCIC2S program. Furthermore, we reviewed requirements management documentation and spoke with DOD and contractor officials to assess how the Air Force managed its requirements, including the process it used for defining and prioritizing the requirements. Specifically, we reviewed documentation from and conducted interviews with officials in the Office of the Secretary of Defense, Cost Analysis Improvement Group; Office of the Secretary of Defense, Program Analysis and Evaluation; Office of the Director, Operational Test and Evaluation; Office of the Joint Chiefs of Staff; Defense Contract Management Agency's CCIC2S Program Support Team; Office of the Assistant Secretary of the Air Force for Acquisition; Air Force Space Command; Office of the Air Force Program Executive Officer for Command and Control and Combat Support; Air Force Electronic Systems Center; Air Force Operational Test and Evaluation Center; United States Strategic Command; United States Northern Command; North American Aerospace Defense Command; and Lockheed Martin Integrated Systems & Solutions. To assess DOD's oversight and control mechanisms for Cheyenne Mountain systems modernization and integration efforts underway and planned, we reviewed DOD and Air Force acquisition guidance and interviewed officials in the Office of the Assistant Secretary of Defense for Networks and Information Integration; Office of the Secretary of Defense, Cost Analysis Improvement Group; Office of the Secretary of Defense, Program Analysis and Evaluation; Office of the Director, Operational Test and Evaluation; Defense Contract Management Agency's CCIC2S Program Support Team; Office of the Assistant Secretary of the Air Force for Acquisition; Air Force Space Command; Office of the Air Force Program Executive Officer for Command and Control and Combat Support; Air Force Electronic Systems Center; Air Force Operational Test and Evaluation Center; United States Strategic Command; United States Northern Command; North American Aerospace Defense Command; and Lockheed Martin Integrated Systems & Solutions. We conducted our work from July 2005 through April 2006 in accordance with generally accepted government auditing standards. [End of section] Appendix II: Comments from the Department of Defense: Networks And Information Integration: Assistant Secretary Of Defense: 6000 Defense Pentagon: Washington, DC 20301-6000: JUN 23 2006: Ms. Lisa Shames: Acting Director, Acquisition and Sourcing Management: U.S. Government Accountability Office: 441 G Street, N.W.: Washington, DC 20548: Dear Ms. Shames: This is the Department of Defense (DoD) response to GAO draft report 06- 666 "Defense Acquisitions: Further Management and Oversight Changes Needed for Efforts to Modernize Cheyenne Mountain Attack Warning Systems," dated May 12, 2006 GAO Code 120473). The GAO assessment of the Combatant Commanders' Integrated Command and Control System (CCIC2S) was informative and certainly provided additional insight into issues the Department was addressing with the Air Force since January 2004. The Department non concurs with the GAO's first recommendation and concurs with the GAO's second recommendation as reflected in attachment. The processes and activities described during the GAO fact finding visits and in the attached response meet the spirit and intent of the GAO's second recommendation. Therefore the Department considers GAO's second recommendation as satisfied and this set of actions closed. Additionally, the Department conducted a security review of the draft GAO report and declares it cleared for open publication. The Principal Action Officer for this effort is Lt Col Martin Edwards and he can be contacted at (703) 607-0661 or by email at martin.edwards@osd.mil. Sincerely, Signed by: John G. Grimes Attachment: As stated: GAO Draft Report Dated May 12, 2006 GAO-06-666 (GAO CODE 120473): "Defense Acquisitions: Further Management And Oversight Changes Needed For Efforts To Modernize Cheyenne Mountain Attack Warning Systems" Department Of Defense Comments To The Gao Recommendations: Recommendation 1: The GAO recommended that, the Secretary of Defense direct the Secretary of the Air Force to maintain Cheyenne Mountain's essential operation and maintenance activities and halt the Combatant Commanders' Integrated Command and Control System (CCIC2S) development activities until the Department takes the following five actions: a) Designate the program as a major automated information system acquisition; b) Conduct an affordability assessment to demonstrate that the program's resource estimates are realistic and achievable in terms of DOD's overall long-range modernization priorities and investment plans for Cheyenne Mountain. Such an assessment would require ensuring the requirements baseline is verified and validated and making a match between these requirements and available resources; c) Conduct an economic analysis to assess the life-cycle costs and benefits of the program; d) Conduct an independent estimate of program life-cycle costs, to provide a basis for relying on the cost estimates; e) Determine and clearly delineate oversight responsibilities and accountability for the successful implementation of CCIC2S. (p. 23/GAO Draft Report): DOD Response: Recommendation 1: DoD non concurs with the recommendation to halt the Combatant Commanders' Integrated Command and Control System (CCIC2S) development activities due to mission impacts. Such a delay or halt of the delivery to replace legacy systems which are plagued with end of life sustainment problems could severely curtail or impact the operations of the Command and Control Center. Rationale: Halting CCIC2S Spiral 2 will curtail the delivery of the Missile Warning Release even though the program's developmental testing is completed and just prior to fielding. Additionally, it delays the Communications System Upgrade and critical Core Command and Control (C2) infrastructure replacement by approximately one year (six months to complete GAO recommended tasks plus six months to reconstitute development workforce). During the FY07 PB build, DoD reduced the CCIC2S program by $127M in RDT&E funding across the FYDP, which significantly pared down the program's development efforts to those deemed essential to national security needs. Planned CCIC2S Spiral 2 deliveries are key to decommissioning of several increasingly unsupportable legacy systems. Each of the affected areas is discussed below: Missile Analysis and Reporting System (replaces Correlation Center Processing_ and Display stem - Replace): Halting CCIC2S puts the ability to support National Decision Authorities with Strategic Missile Warning at extreme risk. Current plans complete CCIC2S Spiral 2 Missile Analysis and Reporting System's operational acceptance (OA) in April 2007. This delivery allows decommissioning of the current strategic missile warning system known as Correlation Center Processing and Display System - Replace (CCPDS-R) at Cheyenne Mountain and Offutt AFB. The CCPDS-R is considered obsolete due to end of life sustainment issues and is expected to be unsupportable by mid-FY09. Halting the Missile Analysis and Reporting System portion of the program would impact DoD's ability to support CCIC2S Spiral 2's planned operational test and fielding and increase operational risk of supporting strategic missile warning in the near-term. Communications Processing System - III (replaces Communication System Segment - Replace : The currently operational Communication System Segment-Replace (CSSR) capability suffers from very high failure rates consuming over 270 spare system level components in FY05. Additionally, the support base is fragile as only three vendors remain that can sustain the system, which is primarily done through cannibalization of other sites. The CCIC2S Program Office estimates CSSR will go critical because of the inability to sustain the system by mid-FY09. If the system should suffer a major failure prior to being replaced, STRATCOM's Joint Space Operations Center (JSPOC) cannot produce satellite positional data for Space Order of Battle or provide support to satellite operations. Space C2 will lack awareness of adversary satellite position and be unable to correlate events (launch, maneuvers, breakups, re-entries). It will degrade ability to confirm adversary actions and provide overflight warning. Additionally, notification of potential satellite collision/deconfliction will not be based on best-available data--orbital safety likely degraded. The Communications Processing System - III upgrade is required prior to CSSR decommissioning. Halting CCIC2S now would impact ability to support all activity leading to integration and development testing to support a planned April 2008 OA. Space Data Server - Replace (replaces Space Data Server): The Space Data Server - Replace (SDS-R) replaces the currently operational Space Data Server. Although the SDS system has logistics support until mid-FY 13, it lost its security accreditation and has the potential to be removed from the network by the local Designated Approval Authority. The lack of accreditation of the SDS guarding solution is driving the need to continue the CCIC2S development and deliver the SDS-R system. The SDS is operating at an increased security risk because the current guarding solution, the ISSE guard, is no longer supported by the developer. This presents an increased vulnerability to attack by hackers. The SDS system is required to operate under a recurring 90 day interim authority to operate until such time as the IS SE guard is replaced. The delivery of the SDS-R will replace the legacy IS SE guard with the supported Radiant Mercury guard. Removal of the SDS prior to replacement by SDS-R will have the following affect on the Cheyenne Mountain Complex mission: satellite positional data cannot be sent to users outside of Cheyenne Mountain, such as Combatant Commanders, theater warfighters, national agencies, NASA, civilian space organizations, and others. The impacts include degraded navigational accuracy for GPS-guided munitions, limited satellite area overflight information, decreased space support to special operations forces, and increased risk to manned space flight safety (International Space Station & Space Shuttle). Finally, without technical hardware and software refresh efforts there will be a significant increase in life cycle O&M costs. Recommendation la: DoD concurs with the recommendation to designate the CCIC2S as a major automated information system (MAIS) acquisition. The program office began the process of establishing a CCIC2S Acquisition Program Baseline (APB) as an ACAT IAM program. Last fall, CCIC2S prepared an APB based on Spring 05 Program Executive Officer (PEO) re- baseline and was prepared to brief the APB to OSD/NII. A $127M RDT&E funding reduction drove a major restructure of the CCIC2S effort. In January 2006, the program office worked with the user to reprioritize program requirements and reestablish a baseline as the CCIC2S program was significantly restructured. A new APB was established and is in the coordination process. It is anticipated that OSD NII, the Milestone Decision Authority (MDA), will approve the new CCIC2S APB in August 2006. CCIC2S will submit their first Defense Acquisition Executive Summary (DAES) when the APB is approved. Recommendation lb: DoD partially concurs with the recommendation to conduct an affordability assessment to demonstrate the program's resource estimates are realistic and achievable in terms of DOD's overall long-range modernization priorities and investment plans for Cheyenne Mountain. An affordability assessment should be accomplished to ensure overall CCIC2S program can meet all documented requirements and is affordable; however, DoD non-concurs on halting completion of CCIC2S Block 1 consisting of Missile Warning, Communications System Upgrade, and critical Core C2 infrastructure replacement, while the affordability assessment is conducted. Halting the CCIC2S Block 1 effort has the potential to impact the Cheyenne Mountain's Integrated Tactical Warning/Attack Assessment (ITW/AA) mission. During the CCIC2S Block 1 APB development the program was rigorously evaluated and found to be executable within current baseline funding. As part of future CCIC2S Milestone B preparations an affordability assessment will be conducted. Recommendation lc: DoD partially concurs with the recommendation to conduct an economic analysis to assess the life-cycle costs and benefits of the program. For the concluding elements of CCIC2S Block 1 it's more appropriate to establish the current "cost estimate" to complete at this phase of the program. However, for future CCIC2S Blocks, DoD concurs with the recommendation to conduct an economic analysis in support of CCIC2S milestone decisions. Recommendation 1 d: DoD partially concurs with the recommendation to conduct an independent estimate of program life-cycle costs, to provide a basis for relying on the cost estimates. Similar to the response to "RECOMMENDATION 1 c.", DoD concurs with the recommendation for effort beginning with CCIC2S Block 2 and beyond. Recommendation le: DoD concurs with the recommendation and CCIC2S is being addressed as an ACAT IAM program with OSD/NII established as the Milestone Decision Authority. Recommendation 2: The GAO recommended that, the Secretary of Defense direct the Secretary of the Air Force to take the following three actions: a) Develop and implement an approach that requires a rigorous analysis of resource impacts of any change in requirements for continuously making trade-offs between requirements and resources to ensure a match is maintained; b) Ensure management controls are in place so that changes to requirements are decided on the basis of costs, benefits, risks, and affordability; c) Develop and implement an approach for ensuring program cost and performance data are reliable. (p. 23/GAO Draft Report): DOD Response: Recommendation 2a: DoD concurs with the recommendation to implement an approach requiring a rigorous analysis of resource impacts of any change in requirements for continuously making trade-offs between requirements and resources to ensure a match is maintained. As briefed to the GAO auditors during their fact-finding visits in 2005, AFSPACE established a process where a Joint Requirements Integrated Process Team (JRIPT) adjudicates user requirements. The prioritized list of requirements is sent to the CCIC2S Program Management Office to determine the cost and schedule impacts of implementing these requirements. Once costs and schedule impacts are known the JRIPT will then determine if the benefits are significant enough to send the requirements to the operational approval authority. This enhancement of the process as well as others planned will ensure that new user requirements are not incorporated unless they provide operational benefit that outweighs impacts to cost and schedule. Recommendation 2b: DoD concurs with the recommendation to ensure management controls are in place so that changes to requirements are decided on the basis of costs, benefits, risks, and affordability. As briefed to the GAO auditors during their fact-finding visits, the program office re-invigorated their configuration control board (CCB) to review all proposed changes (i.e. Engineering Change Proposals, Contract Change Proposals, etc). The CCB is the official forum authorized to act on proposed changes, not affecting the APB, and provides information necessary to make changes based on costs, benefits, risks, and affordability. It is also the entry point for those items affecting the APB that will require MDA approval before implementing. The energizing of the CCB is the start of the CCIC2S Program Office's plan to ensure that requirements are addressed in a consistent way to minimize impact on the CCIC2S program. Recommendation 2c: DoD concurs with the recommendation to implement an approach for ensuring program cost and performance data are reliable. In FY04, USAF stopped the annual re-evaluation of the CCIC2S baseline and established a program baseline that affects multi-year efforts for each of the major CCIC2S Blocks. This change in procedure enables the CCIC2S Program to provide reliable expectations of capabilities to be delivered within reasonable costs and schedule projections. Additionally, the CCIC2S Program Office worked with the contractor to implement significant changes to improve the Earned Value Management Reports. Specifically the Work Breakdown Structure was changed to provide more insight on product deliveries. The percentage of work packages managed as level-of-effort (LOE) projects vice discrete efforts was significantly reduced. [End of section] Appendix III: Software Development Capability Maturity Model: Carnegie Mellon University's Software Engineering Institute, a federally funded research and development center, has identified specific processes and practices that have proven successful in fostering quality software development. The Software Capability Maturity Model®A rates maturity according to the following five levels of maturity. See table 4 for a description of these maturity levels. Table 4: Software Capability Maturity Model® Scale: Level of Maturity: Level 1 (Initial); Description: The software process is characterized as ad hoc. Success depends on individual effort. Level of Maturity: Level 2 (Repeatable); Description: The basic process is in place to track cost, schedule, and functionality. Some aspects of the process can be applied to projects with similar applications. Level of Maturity: Level 3 (Defined); Description: There is a standardized software process for the organization. All projects use some approved version of this process to develop and maintain software. Level of Maturity: Level 4 (Managed); Description: The organization uses and collects detailed data to manage and evaluate progress and quality. Level of Maturity: Level 5 (Optimizing); Description: Quantitative feedback about performance and innovative ideas and technologies contribute to continuous process improvement. Source: Software Engineering Institute, Carnegie Mellon University. [A] Capability Maturity Model is registered in the U.S. Patent and Trademark Office by Carnegie Mellon University. [End of table] [End of section] Appendix IV: DOD Acquisition Categories, Thresholds, and Oversight: Placement into a specific acquisition category (ACAT) determines the accountability level and analysis requirements of a program. As shown in table 5, for a major automated information system acquisition, the milestone decision authority is the Assistant Secretary of Defense for Networks and Information Integration, who is also the DOD Chief Information Officer. The Assistant Secretary of Defense for Networks and Information Integration may delegate the authority to the DOD component acquisition executive (such as the Assistant Secretary of the Air Force for Acquisition). For non-major automated information system acquisitions, the milestone decision authority is the component acquisition executive or his or her designee. Table 5: DOD Acquisition Categories and Decision Authorities (as of March 15, 1996, When the Air Force Initiated the CCIC2S Program): Acquisition category (ACAT): ACAT I; For major defense acquisition programs (not for automated information system acquisition programs); Dollar value (fiscal year 1996 constant dollars)[A]: * Total expenditure for research, development, test, and evaluation (RDT&E) of more than $355 million, or for procurement of more than $2.135 billion; Milestone decision authority: The Under Secretary of Defense for Acquisition and Technology[B] designates ACAT I programs as ACAT ID or IC; * Milestone Decision Authority for ACAT ID: Under Secretary of Defense for Acquisition and Technology; * Milestone Decision Authority for ACAT IC: Head of DOD Component (such as the Secretary of the Air Force), or, if delegated, the DOD Component Acquisition Executive (such as the Assistant Secretary of the Air Force for Acquisition). Acquisition category (ACAT): ACAT IA; For major automated information system acquisition programs; Dollar value (fiscal year 1996 constant dollars)[A]: * Program costs in any single year in excess of $30 million; * Total program costs in excess of $120 million; * Total life- cycle costs in excess of $360 million; Milestone decision authority: The Assistant Secretary of Defense for Command, Control, Communications, and Intelligence designates ACAT IA programs as ACAT IAM or ACAT IAC; * Milestone Decision Authority for ACAT IAM[C] Assistant Secretary of Defense for Command, Control, Communications, and Intelligence; * Milestone Decision Authority for ACAT IAC: DOD Component Chief Information Officer (such as the Air Force Chief of Warfighting Integration and Chief Information Officer, within the office of the Secretary of the Air Force). Acquisition category (ACAT): ACAT II; For weapon system acquisition programs (not for automated information system acquisition programs); Dollar value (fiscal year 1996 constant dollars)[A]: Does not meet ACAT I criteria; Total expenditure for research, development, test, and evaluation (RDT&E) of more than $140 million, or for procurement of more than $645 million; Milestone decision authority: Component Acquisition Executive. Acquisition category (ACAT): ACAT III; Dollar value (fiscal year 1996 constant dollars)[A]: Does not meet criteria for ACAT I, ACAT IA, or ACAT II; Milestone decision authority: Designee of the DOD Component Acquisition Executive at the lowest level appropriate. Source: DOD. [A] If a program does not meet a dollar threshold, a program can be designated as a major acquisition based on other factors such as technical complexity. [B] The Under Secretary of Defense for Acquisition and Technology is now the Under Secretary of Defense for Acquisition, Technology, and Logistics. [C] Currently, the Milestone Decision Authority for ACAT IAM programs is the Assistant Secretary of Defense for Networks and Information Integration--this Assistant Secretary is also the DOD Chief Information Officer. Note: These criteria have since been superseded with updated criteria. This table is drawn from Department of Defense Regulation Number 5000.2- R, Mandatory Procedures for Major Defense Acquisition Programs (MDAPS) and Major Automated Information System (MAIS) Acquisition Programs (Mar. 15, 1996). [End of table] [End of section] Appendix V: GAO Contact and Staff Acknowledgments: GAO Contact: Lisa Shames (202) 512-4841: Acknowledgments: In addition to the contact named above, Art Gallegos, Peter Grana, Randolph C. Hite, Arturo Holguin, Rich Horiuchi, Gary Mountjoy, Karl Seifert, Karen Sloan, and Rona B. Stillman made key contributions to this report. [End of section] Related GAO Products: Attack Warning: NORAD's Communications System Segment Replacement Program Should Be Reassessed. GAO/IMTEC-89-1. Washington, D.C.: November 30, 1988. Space Defense: Management and Technical Problems Delay Operations Center Acquisition. GAO/IMTEC-89-18. Washington, D.C.: April 20, 1989. Attack Warning: Better Management Required to Resolve NORAD Integration Deficiencies. GAO/IMTEC-89-26. Washington, D.C.: July 7, 1989. Attack Warning: Defense Acquisition Board Should Address NORAD's Computer Deficiencies. GAO/IMTEC-89-74. Washington, D.C.: September 13, 1989. Defense Acquisition: Air Force Prematurely Recommends ADP Acquisitions. GAO/IMTEC-90-7. Washington, D.C.: March 29, 1990. Attack Warning: Costs to Modernize NORAD's Computer System Significantly Understated. GAO/IMTEC-91-23. Washington, D.C.: April 10, 1991. Computer Technology: Air Attack Warning System Cannot Process All Radar Track Data. GAO/IMTEC-91-15. Washington, D.C.: May 13, 1991. Attack Warning: Lack of System Architecture Contributes to Major Development Problems. GAO/IMTEC-92-52. Washington, D.C.: June 11, 1992. Attack Warning: Status of the Survivable Communications Integration System. GAO/IMTEC-92-61BR. Washington, D.C.: July 9, 1992. Granite Sentry. GAO/IMTEC-92-84R. Washington, D.C.: September 21, 1992. Attack Warning: Status of the Cheyenne Mountain Upgrade Program. GAO/ AIMD-94-175. Washington, D.C.: September 1, 1994. Defense Acquisitions: Status of Strategic C4 System Modernization and Plans To Integrate Additional Mission Capabilities. GAO/NSIAD-00-212R. Washington, D.C.: August 25, 2000. (120473): [End of section] FOOTNOTES [1] GAO, Attack Warning: Status of Cheyenne Mountain Upgrade Program, GAO/AIMD-94-175 (Washington, D.C.: Sept. 1, 1994). [2] GAO, Defense Acquisitions: Actions Needed to Get Better Results on Weapons Systems Investments, GAO-06-585T (Washington, D.C.: Apr. 5, 2006). [3] GAO, Information Technology: DOD's Acquisition Policies and Guidance Need to Incorporate Additional Best Practices and Controls, GAO-04-722 (Washington, D.C.: July 30, 2004). [4] The program was initially known as the North American Aerospace Defense Command/United States Space Command Warfighting Support System. The Air Force changed the name of the program to CCIC2S in 2002. Also, in that same year, DOD merged the responsibilities of the United States Space Command into the United States Strategic Command. [5] A cost-plus award fee contract is a cost-reimbursement contract that provides for a fee consisting of a base amount fixed at inception of the contract and an award amount, based upon a judgmental evaluation by the government, sufficient to provide motivation for excellence in contract performance. [6] Lockheed Martin Mission Systems is now Lockheed Martin Integrated Systems & Solutions. [7] This figure includes the development cost for the system as well as sustainment activities through this period. [8] The Space Fence is to replace the aging Air Force Space Surveillance System, a ground-based radar, that currently performs detection and tracking of orbiting space objects. The Space Based Space Surveillance project is developing a constellation of optical sensing satellites to find, fix, and track objects in Earth orbit. [9] GAO, Best Practices: Better Support of Weapon System Program Managers Needed to Improve Outcomes, GAO-06-110 (Washington, D.C.: Nov. 30, 2005). [10] GAO, Defense Acquisitions: Stronger Management Practices Are Needed to Improve DOD's Software-Intensive Weapon Acquisitions, GAO-04- 393 (Washington, D.C.: Mar. 1, 2004). [11] The Air Mission Evolution system was to replace the legacy air warning system, called Granite Sentry, and provide new communications systems and processing capability. The Air Mission Evolution system has not been tested for interoperability with other CCIC2S systems; interoperability was cited as one of the key shortcomings of the Granite Sentry legacy system. [12] Other aspects of requirements management which could contribute to cost and schedule problems, include, for example, validating the completeness and correctness of requirements, tracing and verifying contractual requirements to higher-order program requirements, and delineating mandatory versus optional requirements in deciding what requirements can be eliminated or postponed to meet other project goals. We did not assess these other aspects of requirements management and their impacts on program execution. [13] Memorandum for the Defense Acquisition Community, Subject: Update of the DOD 5000 Documents, Office of the Secretary of Defense, March 15, 1996. Currently, this guidance is located in DOD, Department of Defense Instruction Number 5000.2, Operation of the Defense Acquisition System (May 12, 2003). [14] Memorandum for the Defense Acquisition Community, Subject: Update of the DOD 5000 Documents, Office of the Secretary of Defense, March 15, 1996. Currently, this guidance is located in DOD, Department of Defense Instruction Number 5000.2, Operation of the Defense Acquisition System (May 12, 2003). [15] Air Force, Single Acquisition Management Plan for the NORAD/ USSPACECOM Warfighting Support System (N/UWSS) Program (July 28, 2000). [16] Capability Maturity Model is registered in the U.S. Patent and Trademark Office by Carnegie Mellon University. [17] GAO, DOD Acquisition Outcomes: A Case for Change, GAO-06-257T (Washington, D.C.: Nov. 15, 2005). [18] Rebaselining can occur at any time and cover any phase of a defense acquisition program. All rebaselines must be approved by the milestone decision authority, which has overall responsibility for the program. [19] Independent reviews are typically conducted by offices such as the Office of the Director, Program Analysis and Evaluation and its Cost Analysis Improvement Group. [20] Department of Defense Regulation Number 5000.2-R, Mandatory Procedures for Major Defense Acquisition Programs (MDAPs) and Major Automated Information System (MAIS) Acquisition Programs (Mar. 15, 1996). [21] GAO, Attack Warning: Lack of System Architecture Contributes to Major Development Problems, GAO/IMTEC-92-52 (Washington, D.C.: June 11, 1992) and Attack Warning: Better Management Required to Resolve NORAD Integration Deficiencies, GAO/IMTEC-89-26 (Washington, D.C.: July 7, 1989). [22] DOD, Defense Acquisition Guidebook, Version 1.0 (Oct.17, 2004); DOD, Department of Defense Instruction Number 5000.2, Operation of the Defense Acquisition System (May 12, 2003); and Office of Management and Budget, Circular No. A-11: Planning, Budgeting, Acquisition and Management of Capital Assets (June 21, 2005) and Circular No. A-94: Guidelines and Discount Rates for Benefit-Cost Analysis of Federal Programs (Oct. 29, 1992). [23] For example, see GAO, DOD Systems Modernization: Planned Investment in the Naval Tactical Command Support System Needs to Be Reassessed, GAO-06-215 (Washington, D.C.: Dec. 5, 2005) and DOD Systems Modernization: Continued Investment in the Standard Procurement System Has Not Been Justified, GAO-01-682 (Washington, D.C.: July 31, 2001). [24] According to DOD guidance, a milestone is a point at which a recommendation is made and approval sought regarding starting or continuing an acquisition program. [25] GAO, Information Technology: DOD's Acquisition Policies and Guidance Need to Incorporate Best Practices and Controls, GAO-04-722 (Washington, D.C.: July 30, 2004). [26] GAO, Defense Management: DOD Needs to Demonstrate That Performance- Based Logistics Contracts Are Achieving Expected Benefits, GAO-05-966 (Washington, D.C.: Sept. 9, 2005). [27] Under the draft rebaseline plan, the current development block is to deliver critical missile warning capabilities in fiscal 2007 as well as communications and space command and control infrastructure upgrades by the end of fiscal year 2008. [28] The FYDP is a DOD centralized report consisting of thousands of program elements that provides information on DOD's current and planned out-year budget requests and is one of DOD's principal tools to manage the spending for its transformation of strategic capabilities. The FYDP provides visibility over DOD's projected spending and helps inform DOD and Congress about resource data relating to identifying priorities and trade-offs. [29] House of Representatives, Department of Defense Appropriations Bill, 2007: Report of the Committee on Appropriations, Report No. 109- 504 (June 16, 2006) and House of Representatives, National Defense Authorization Act for Fiscal Year 2007: Report of the Committee on Armed Services, House of Representatives on H.R. 5122, Report No. 109- 452 (May 5, 2006). GAO's Mission: The Government Accountability Office, the investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through the Internet. GAO's Web site ( www.gao.gov ) contains abstracts and full-text files of current reports and testimony and an expanding archive of older products. The Web site features a search engine to help you locate documents using key words and phrases. You can print these documents in their entirety, including charts and other graphics. Each day, GAO issues a list of newly released reports, testimony, and correspondence. GAO posts this list, known as "Today's Reports," on its Web site daily. The list contains links to the full-text document files. To have GAO e-mail this list to you every afternoon, go to www.gao.gov and select "Subscribe to e-mail alerts" under the "Order GAO Products" heading. Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office 441 G Street NW, Room LM Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000: TDD: (202) 512-2537: Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov Automated answering system: (800) 424-5454 or (202) 512-7470: Public Affairs: Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, D.C. 20548: