https://armypubs.army.mil/epubs/DR_pubs/DR_a/ARN42588-PPM_CIO-052-000-WEB-1.pdf
DEPARTMENT OF THE ARMY
CHIEF INFORMATION OFFICER
107 ARMY PENTAGON
WASHINGTON DC 20310-0107
PR-RES-AC-052
SAIS-PR (25-1rrrr) 04 December 2024
MEMORANDUM FOR SEE DISTRIBUTION
SUBJECT: Information Technology Approval System Reform
1. References. See Enclosure 1.
2. Purpose. To reform the Information Technology Approval System (ITAS) guidance
(references 1a and 1b), including requirements for the ITAS business process and
workflow, established to implement Information Technology Investment Accountability
(ITIA) policy (reference 1c).
3. Background.
a. References 1a–d require Army organizations to receive approval for information
technology (IT) procurements via ITAS prior to expenditure of funds. The ITAS process
has heretofore required final approval from the Army Chief Information Officer (CIO), or
the Office of the Deputy Chief of Staff (ODCS), G-6 on behalf of the CIO, for IT
procurements previously stated by policy as needing Headquarters, Department of the
Army (HQDA)-level approval.
b. The CIO has determined that the ITAS approval process needs to be streamlined
to ensure Army organizations are able to procure IT in a timely manner for mission
success.
4. Scope. This memorandum and its enclosures apply to—
a. All IT and IT procurement requests as identified in references 1a–b, including
requests for waivers and exceptions to Army IT procurement policy.
b. All Army organizations—defined for the purpose of this memorandum as
including HQDA organizations, Army Commands, Army Service Component
Commands, Direct Reporting Units, Program Executive Offices, the Army National
Guard, and the U.S. Army Reserves—with respect to procuring IT.
5. Policy.
a. Organizations cannot procure commercial off-the-shelf (COTS) IT in lieu of Army
equipment with a designated Line-Item Number (LIN), in lieu of deliverables from
SAIS-PR (25-1rrrr)
SUBJECT: Information Technology Approval System Reform
program of record (POR) or program manager fielded equipment, or in lieu of services
identified in the Army Unified Network Services Catalog.
(1) For routine exceptions to change or to procure in lieu of a baseline service,
the requestor shall submit the proposal to the Army Unified Network Council (AUNC) for
approval.
(2) For a request in support of an immediate operational requirement that
mitigates mission risk to Department of Defense or HQDA-assigned contingency or
deployment missions, the organizations should contact the ODCS, G6, through the
AUNC. Such requests must be approved at the organizational level by a Commander at
GS-15/O-6 grade/rank or above and requester must upload to ITAS a copy of the legal
concurrence, a Chief Information Security Officer (CISO) risk assessment, and ATO
compliance documentation.
b. All Army organizations shall submit IT procurement requests in ITAS and shall
approve ITAS procurement requests in accordance with this policy.
c. No later than 6 January 2025, the Office of the Chief Information Officer (OCIO)
and ODCS, G-6 ITAS Administrators will complete updating the ITAS workflow and
internet application to implement this memorandum’s requirements for processing IT
procurement requests and approvals in ITAS.
d. Effective 6 January 2025—
(1) ODCS, G-6 no longer provides final approval for IT procurement requests
submitted by Army organizations that are not assigned to ODCS, G-6. However, the
ODCS, G-6 ITAS Administrators will continue to review and approve ITAS requests
internal to ODCS, G-6. In addition, the ODCS, G-6 will for the Army continue to
manage the ITAS application, manage ITAS accounts, provide ITAS training, resolve
ITAS application incidents, and ensure ITAS help desk support.
(2) As noted in reference 1a, ITAS approvals have heretofore been granted at
the ‘Command-level’ and the ‘HQDA-level’. As of 6 January 2025, all final ITAS
approvals will be provided by the ITAS Command-level, including for HQDA
organizations submitting ITAS requests.
(a) This rescinds all previous policy requirements for the ODCS, G-6 ITAS
Administrator to coordinate HQDA-level reviews for requests submitted from across the
rest of the Army and provide final approval for the IT products and services listed in
paragraph 5e(1)–(5) of reference 1a. In place of the HQDA-level review and final
approval for that list of IT products and services, this policy hereby substitutes the
Command-level for review and final approval.
2
SAIS-PR (25-1rrrr)
SUBJECT: Information Technology Approval System Reform
(b) Final Command-level approval for IT procurement requests must be provided
by the requester’s parent organization. Parent organizations are responsible for
assigning and delegating Command-level approvers in ITAS according to their
organizational hierarchies and chains of command.
(3) ITAS requests shall only be approved according to separation of duties.
Individuals requesting an IT procurement are ineligible to approve the same IT
procurement request; self-approvals in ITAS are not allowed. ITAS requests must only
be approved at a rank or organizational level above the requesting individual.
(4) For organizations that fall outside of a Command—for example (but not
limited to), an HQDA organization—an O-6/GS-15 or above within the organization may
approve the ITAS request, with the exception noted in Enclosure 2. (NOTE: This
delegation does not alter the ITAS reporting requirements in paragraph 6.)
(5) For issuance of final approval for ITAS requests—
(a) ITAS must assign to each final approval of an IT procurement request a
unique approval number for reference and issue the approval to the requester. A record
of the final approval, listed by the assigned approval number, must be retained in the
ITAS database.
(b) ITAS final approval will be a manually generated memorandum until the ITAS
approval issuance is automated or subsumed by another IT solution.
(c) In accordance with the Army Federal Acquisition Regulation Supplement
(AFARS) (reference 1e), the ITAS approval and supporting documentation shall be part
of the requirements package submitted to the Contracting Officer and shall also be part
of the resulting solicitation and contract file documentation. The OCIO will work with the
Deputy Assistant Secretary of the Army for Procurement (DASA (P)) to update the
AFARS as needed concerning ITAS approvals.
(6) Commands shall follow policy about purchasing and employing commercial
cloud Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-
as-a-Service (SaaS) solutions via the Army Enterprise Cloud Management Agency
(ECMA).
e. All ITAS requests for purchases of notebooks, tablets, and desktop computers
must comply with the standard configurations offered through the Program Executive
Office (PEO) Enterprise Digital Marketplace. See Enclosure 2 for additional guidance
on standard and non-standard IT configurations and purchases.
3
SAIS-PR (25-1rrrr)
SUBJECT: Information Technology Approval System Reform
6. Compliance.
a. Army Unified Network Plan (AUNP) alignment. To enforce alignment of Army IT
procurement with the AUNP lines of effort (reference 1f), the ODCS, G-6 ITAS team will
provide a quarterly briefing, to include a written report, to Army Unified Network Council
(AUNC) members. The reports should include relevant details regarding Army IT
procurement requests submitted in ITAS during the current fiscal year aligned to the
Army IT Category Management framework. The AUNC is authorized to set thresholds
for above baseline procurements in accordance with Enclosure 2.
b. In accordance with Category Management policy and guidance (reference 1g),
all Army organizations procuring IT will receive Command-level approval through ITAS
and will provide a quarterly report to the OCIO Director for Policy, Resources, and
Analysis (PRA). At a minimum, this report must include an assessment of IT
procurements by category, an enumeration of non-standard IT purchase with
associated waivers and exceptions to policy with execution financial data from the
General Fund Enterprise Business System (GFEBS) or equivalent.
(1) Twice annually, this report shall be certified at the General Officer (GO) or
Senior Executive Service (SES) level and Army organizations must certify compliance
with Army IT procurement policy and provide financial data by IT category identifying
contracts and purchases.
(2) This report will include IT procurements aligned to programs, non-standard
configurations purchased and exceptions to policy granted. This report will be made
available to OCIO and ODCS, G-6 Management Decision Package (MDEP) managers
to assist in managing IT costs.
c. Army organizations’ procurement of IT will be evaluated annually in development
of the Army IT Service Catalog (see reference 1h) and the Program Objective
Memorandum (POM) to verify IT percentages used to allocate resources when building
the Army budget. PRA will conduct evaluations of the reported data against IT
spending recorded in the GFEBS to assess Army compliance with Category
Management and ITAS policy and guidance.
d. The Army CIO may request an audit or inspection of select organizations to
assess compliance with the separation of duties requirement regarding ITAS requests
and approvals—see paragraph 5c(3) above.
7. Intended Effect. This policy is intended to reduce undue labor and bureaucracy
associated with achieving IT accountability for IT purchases across the Army. It
delegates processing ITAS requests to the lowest level possible and streamlines
processes for legitimate requests. It ensures Army IT procurement visibility and
4
SAIS-PR (25-1rrrr)
SUBJECT: Information Technology Approval System Reform
accountability under Category Management and places responsibility for certification
and accountability for most Army IT spending on Commands and organizations below
HQDA. Finally, this policy applies a requirements management approach to set
standard levels of service with the AUNC providing oversight of the requirements
baseline.
8. Duration. This memorandum will stay in effect until superseded, rescinded, or
incorporated into Army Regulation 25-1.
9. Review. The OCIO Policy Division will lead a review of this memorandum and its
effect no later than two years after signature to determine its retention, rescission, or
need for revision.
10. Points of Contact.
a. CIO Policy Inbox: usarmy.pentagon.hqda-cio.mbx.policy-inbox@army.mil
b. AUNC Inbox: usarmy.pentagon.hqda-dcs-g-6.mbx.AUNC-Secretariat@army.mil
c. IT Category Management and ITIA policy: Ms. Tamara Sutherland, SAIS-PR
Deputy Director, (703) 697-7776, tamara.g.sutherland.civ@army.mil
d. ITAS process execution: Mr. James Mark, DANI-RIB, (703) 692-4519,
james.n.mark.civ@army.mil
e. Army Portfolio Management Solution (APMS): Mr. Timothy Frederick, SAIS-PR,
(703) 545-1505, timothy.m.frederick.civ@army.mil
f. All Satellite Communications and Satellite as a Managed Service as outlined in
Enclosure 2: Mr. Byron Browning, HQDA, ODCS, G-6 Space Branch Office, (571) 256-
898, byron.l.browning.civ@army.mil
LEONEL T. GARCIGAEncls
Chief Information Officer
DISTRIBUTION:
Principal Officials of Headquarters, Department of the Army
Commander
U.S. Army Forces Command
(CONT)
5
SAIS-PR (25-1rrrr)
SUBJECT: Information Technology Approval System Reform
DISTRIBUTION: (CONT)
U.S. Army Training and Doctrine Command
U.S. Army Materiel Command
U.S. Army Futures Command
U.S. Army Pacific
U.S. Army Europe and Africa
U.S. Army Central
U.S. Army North
U.S. Army South
U.S. Army Special Operations Command
Military Surface Deployment and Distribution Command
U.S. Army Space and Missile Defense Command/Army Strategic Command
U.S. Army Cyber Command
U.S. Army Medical Command
U.S. Army Intelligence and Security Command
U.S. Army Corps of Engineers
U.S. Army Military District of Washington
U.S. Army Test and Evaluation Command
U.S. Army Human Resources Command
U.S. Army Corrections Command
Superintendent, U.S. Military Academy
Commandant, U.S. Army War College
Director, U.S. Army Civilian Human Resources Agency
Executive Director, Military Postal Service Agency
Director, U.S. Army Criminal Investigation Division
Director, Civilian Protection Center of Excellence
Superintendent, Arlington National Cemetery
Director, U.S. Army Acquisition Support Center
CF:
Principal Cyber Advisor
Director of Enterprise Management
Director, Office of Analytics Integration
Commander, Eighth Army
6
References
a. HQDA CIO memorandum (Information Technology Investment Accountability (ITIA)
Requirement—Use of the Information Technology Approval System (ITAS)),
26 February 2021.
b. HQDA CIO memorandum (Information Technology Approval System (ITAS)
Supplemental Policy Guidance), 1 November 2022.
c. Secretary of the Army memorandum (Information Technology Investment
Accountability), 21 Jul 2020.
d. AR 25-1 (Army Information Technology).
e. Army Federal Acquisition Regulation Supplement (AFARS), 5139.101-90.
f. Under Secretary of the Army and Vice Chief of Staff of the Army (The Army Unified
Network Plan Framework), 2021.
g. HQDA CIO memorandum (Revisions to Information Technology (IT) Category
Management (CM) Policies), 1 June 2022.
h. Army Unified Network Services Catalog (AUNSC), Version 13 or newer, as
amended.
i. The National Defense Authorization Act for Fiscal Year 2012, Section 2867: Data
servers and centers. Available at:
https://www.congress.gov/112/plaws/publ81/PLAW-112publ81.pdf
j. AR 71-9 (Warfighting Capabilities Determination)
ENCLOSURE 1
Guidance for Procurement of Information Technology Configurations
1. Exception to standard configurations. Requests to procure information technology
(IT) items with nonstandard configurations through the Program Executive Office (PEO)
Enterprise Digital Marketplace must be approved by a General Officer (GO) or Senior
Executive Service (SES) member having approval authority in the Information
Technology Approval System (ITAS). Two-star level approval required by reference 1g
(see Enclosure 1) may be delegated as appropriate in accordance with this guidance.
2. This guidance authorizes a blanket approval of legacy system replacements (desktops
and laptops) required to enable upgrade to Microsoft Windows 11, and nonstandard
configurations through the PEO Enterprise Digital Marketplace in accordance with
enterprise user experience programs authorized by the CIO through Army Cyber
Command (ARCYBER) and Network Enterprise Technology Command (NETCOM).
Purchases shall be registered in ITAS and do not require an approved waiver from
Headquarters, Department of the Army (HQDA).
3. All commercial satellite communication (COMSATCOM) services (Low Earth Orbit
(LEO), Medium Earth Orbit (MEO), Geostationary Earth Orbit (GEO), etc.) and
capabilities including terminals, airtime and support services will be managed through
the HQDA, Office of the Deputy Chief of Staff (ODCS), G-6 Space Branch Office in
coordination with Program Executive Office, Command, Control, Communications–
Tactical (PEO C3T), Program Manager, Tactical Networks. All requests for services
and capabilities must be submitted in accordance with the Army Unified Network Plan
(AUNP) (see reference 1f).
4. Army must continue to optimize data centers for efficiency and account for IT costs
in the Army Portfolio Management Solution (APMS) per reference 1d. All data center IT
costs will be review by the ODCS, G-6 Army Data Center Consolidation Plan (ADCCP)
team, including IT procurement requests not otherwise permitted (expendables) in this
guidance and related to systems or facilities having hardware or software components,
licenses, or IT services capable of being related to data centers (see reference 1i). This
includes Edge Computing Capability (ECC) and Installation Service (telecom) Nodes
(ISN).
5. The Army Unified Network Council (AUNC) shall govern and approve requirements
for IT solutions that provide capabilities or services as defined by the Army Unified
Network Services Catalog (AUNSC) or a Program of Record (POR). When necessary,
the AUNC will work adjustments to existing requirements or the AUNSC for
implementation across the Army. For all above baseline IT services and capabilities,
the Information Technology Approval System (ITAS) must query the requester as to
whether the given request meets an AUNC or POR-validated requirement prior to
approval of the request.
ENCLOSURE 2