Share this:

IT Modernization Best Practices Repository

Wikis > IT Modernization Best Practices Repository

The IT Modernization Best Practices Repository wiki was created for the Cyber Resilience Summit series. Here you will find meeting notes, presentations, policy updates, press coverage and more.


The IT Modernization Best Practices Repository is managed by




Cyber Resilience Summit: The Crossroads of IT Modernization & Cybersecurity

October 16, 2018 at the Army Navy Country Club in Arlington, VA, USA

Registration is now open! Admission is complimentary for government employees and elected officials, not-for-profit standards developing organizations, and universities; industry $250.






Download meeting notes from the March 20, 2018 Cyber Resilience Summit


Download meeting notes from the October 19, 2017 Cyber Resilience Summit



Standards for Managing Cybersecurity, Risk and Technical Debt
Dr. Bill Curtis, Executive Director, Consortium for IT Software Quality (CISQ)
Cyber Resilience Summit, March 20, 2018


Using Software Quality Standards with Outsourced IT Vendors – a Fortune 100 Case Study
Marc Cohen, Vendor Management practitioner at Fortune 100 institution
Cyber Resilience Summit, March 20, 2018


Security Risk Management
Adam Isles, Principal, Chertoff Group
Cyber Resilience Summit, March 20, 2018


Bugcrowd – The Pentagon Opened Up to Hackers and Fixed Thousands of Bugs
Michael Chung, Head of Government Solutions, Bugcrowd
Cyber Resilience Summit, March 20, 2018


Risk Management Standards in Practice
Robert Martin, Senior Principal Engineer, MITRE
Cyber Resilience Summit, March 20, 2018


Getting IT Quality Standards into Practice – Confessions of a Texas IT Champion
Herb Krasner, University of Texas at Austin (ret.), Texas IT Champion
Cyber Resilience Summit, March 20, 2018


UL 2900 Security Standards
Jeff Barksdale, Principal Security Advisor, Underwriters Laboratories (UL)
Cyber Resilience Summit, March 20, 2018


Roadmap for IT Modernization and Cyber Resilience
John Weiler, Vice Chair, IT Acquistion Advisory Council (IT-AAC)
Cyber Resilience Summit, October 19, 2017


Supply Chain Risk Management (SCRM) for Continuous Diagnostics and Mitigation (CDM) Products

Emile Monette, Senior Cybersecurity Strategist and Acquisition Advisor, DHS OCISO

Cyber Resilience Summit, October 19, 2017




Resources-strapped agencies are leaving networks vulnerable to cyberattack
Jessie Bur, Federal Times, March 21, 2018


Tony Scott calls IT workforce drain a “creeping” crisis bigger than Y2K
Carten Cordel, fedscoop, October 20, 2017


Report: DHS Tests Cyber Tech Acquisition Management Model
Nichols Martin, ExecutiveGov, October 20, 2017


DHS piloting agile cyber acquisition, CDM for cloud, CISO says
Carten Cordel, fedscoop, October 19, 2017


DHS to Stand Up CDM Cloud Services for Small Agencies
Morgan Lynch, Meritalk, October 19, 2017


Learn to Deal With Cyber Risk
Morgan Lynch, Meritalk, October 19, 2017




GSA is weighing “multiple initiatives” for the next wave of IT Modernization CoE (Centers of Excellence) projects in 2019, reports fedscoop. The CoE program, announced in December 2017, is built on five teams of IT talent specializing in cloud adoption, IT infrastructure optimization, customer experience, contact center services and service delivery analytics. Those teams are paired with contractors, as well as personnel at target agencies, to carry out IT modernization projects based on their skill sets. They kicked off work in April. The USDA was selected to be the “lighthouse” agency for the rollout of all five CoE teams.


The Technology Modernization Fund (TMF), which supports the transformation of agency IT to improve mission execution and delivery of services to the American public, has awarded funding for three projects (for more information see The TMF website has launched for updates:


The White House Office of Management and Budget published the Federal Cybersecurity Risk Determination Report and Action Plan on May 20, 2018 in accordance with Presidential Executive Order 13800, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, (Executive Order 13800) and OMB Memorandum M-17-25, Reporting Guidance for Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.


The Presidents Management Agenda was released on March 20, 2018 and focuses on three drivers: IT modernization, modern workforce, data transparency and accountability. “A key part of the President’s Management Agenda is establishing cross-agency priority goals, or what we call CAP goals, to compliment the broad vision and get into execution and on the ground tactics,” says Office of Management and Budget Deputy Director for Management Margaret Weichert. “Each CAP goal will be led by an interagency team of senior federal leaders.” Read more on Federal Times. Says the White House, “Because accountability is important part of the PMA, CAP goal results will be tracked publicly each quarter online at”


OMB’s user guide to the MGT Act – February 6, 2018 on FWC

The Office of Management and Budget is working on a rules-of-the-road document to cover how agencies can seek funds under the Modernizing Government Technology Act. In a 19-page draft memorandum to agency heads obtained by FCW, OMB lays out what information agencies should include in their project proposals to receive money from the centralized modernization fund, housed by the General Services Administration, as well as how to navigate using their IT working capital funds.


Gen. Burke “Ed” Wilson was promoted to OSD Policy on Cyber. Read the announcement published January 29, 2018 on


Suzette Kent, principal at Ernst & Young, is appointed new Federal CIO by President Donald Trump. Read Trump picks federal CIO (FCW) on January 26, 2018.


Final White House IT Modernization Plan delivered to President Trump in December 2017 outlining plans to accelerate the modernization of legacy systems. See


IT-AAC Federal IT Modernization Report signed September 20, 2017 was submitted to White House American Technology Council (ATC) in response to Executive Order 13,800.


IT-AAC Recommendations for Embracing Commercial Cloud in DoD signed November 17, 2017 submitted to DoD Cloud Executive Steering Group.




Consortium for IT Software Quality (CISQ)

Also see related standards and guidelines including NIST, ISO, CMM, etc.




New Automated Technical Debt Standard

The CISQ measure of Automated Technical Debt has just been approved by the OMG® as a standard for measuring the future cost of defects remaining in system source code at release. Technical Debt hinders innovation and puts businesses at unacceptable levels of risk, including high IT maintenance costs, outages, breaches, and lost business opportunities. Dr. Bill Curtis, CISQ Executive Director, delivers an overview of the specification.


Using Software Quality Standards with Outsourced IT Vendor Engagements – a Fortune 100 Case Study

Marc Cohen led IT vendor management at American Express and discusses how to use software quality standards from CISQ in outsourcing engagements. He explains how to derive better software, better development resources, and better vendor relationships by leveraging software quality standards.


Using Software Quality Standards at Scale in Agile and DevOps Environments

Over the past two years Fannie Mae IT has transformed from a waterfall organization to a lean culture enabled by Agile and DevOps. Barry Snyder, DevOps Product Manager at Fannie Mae, discusses how to use software measurement standards from CISQ to demonstrate significant improvements in code quality and development productivity. Executive management monitors the organization’s Agile-DevOps transformation by reviewing quality, productivity, and delivery-to-speed.




DoD’s acquisition and sustainment chief, Ellen Lord, shares path forward for new office, envisioning an agile acquisition framework, reports Federal News Radio on May 25, 2018.




A Useful Point of Reference for Critical Infrastructure Resilience
Don O’Neill, Independent Consultant


Presentations from OMG® Modernization Summit, March 21, 2018 in Reston, VA






View more photos from the Cyber Resilience Summit here

Comments are closed.