FEDERAL SOFTWARE LICENSES: Better Management Needed to Achieve Significant Savings Government-Wide GAO-14-413: Published: May 22, 2014. Publicly Released: May 22, 2014.
What GAO Found The Office of Management and Budget (OMB) and the vast majority of agencies that GAO reviewed do not have adequate policies for managing software licenses. While OMB has a policy on a broader information technology (IT) management initiative that is intended to assist agencies in gathering information on their IT investments, including software licenses, it does not guide agencies in developing comprehensive license management policies. Regarding agencies, of the 24 major federal agencies, 2 have comprehensive policies that include the establishment of clear roles and central oversight authority for managing enterprise software license agreements, among other things; 18 have them but they are not comprehensive; and 4 have not developed any. The weaknesses in agencies' policies were due, in part, to the lack of a priority for establishing software license management practices and a lack of direction from OMB. Without an OMB directive and comprehensive policies, it will be difficult for the agencies to consistently and effectively manage software licenses. Federal agencies are not adequately managing their software licenses because they generally do not follow leading practices in this area. The table lists the leading practices and the number of agencies that have fully, partially, or not implemented them. 24 Major Agencies' Implementation of Software License Management Leading Practices
Leading practice
Fully implemented
Partially implemented
Not implemented
Centralized management
4
15
5
Established software license inventory
2
20
2
Tracking and maintain inventory
0
20
4
Analyzing software license data
0
15
9
Providing sufficient training
0
5
19
Source: GAO analysis of agency data.
The inadequate implementation of leading practices in software license management was partially due to weaknesses in agencies' policies. As a result, agencies' oversight of software license spending is limited or lacking, and they may miss out on savings. The potential savings could be significant considering that, in fiscal year 2012, one major federal agency reported saving approximately $181 million by consolidating its enterprise license agreements even though its oversight process was ad hoc. Given that agencies lack comprehensive software license inventories that are regularly tracked and maintained, GAO cannot accurately describe the most widely used software applications across the government, including the extent to which they were over and under purchased. Further, the data provided by agencies regarding their most widely used applications had limitations. Specifically, (1) agencies with data provided them in various ways, including by license count, usage, and cost; (2) the data provided by these agencies on the most widely used applications were not always complete; and (3) not all agencies had available data on the most widely used applications. Until weaknesses in how agencies manage licenses are addressed, the most widely used applications cannot be determined and thus opportunities for savings across the federal government may be missed.
Why GAO Did This Study The federal government plans to spend at least $82 billion on IT products and services in fiscal year 2014, such as software licenses. Federal agencies engage in thousands of licensing agreements annually. Effective management of software licenses can help avoid purchasing too many licenses that result in unused software. GAO was asked to review federal agencies' management of software licenses. GAO (1) assessed the extent to which OMB and federal agencies have appropriate policies on software license management, (2) determined the extent to which agencies adequately manage licenses, and (3) described agencies' most widely used software and extent to which they were over or under purchased. GAO assessed policies from 24 agencies and OMB against sound licensing policy measures. GAO also analyzed and compared agencies' software inventories and management controls to leading practices, and interviewed responsible officials. To identify sound licensing policy measures and leading practices, GAO interviewed recognized private sector and government software license management experts.
What GAO Recommends GAO recommends OMB issue a directive to help guide agencies in managing licenses and that the 24 agencies improve their policies and practices for managing licenses. OMB disagreed with the need for a directive, but GAO believes it is needed, as discussed in the report. Most agencies generally agreed with the recommendations or had no comments. For more information, contact Carol R. Cha at (202) 512-4456 or
[email protected] (mailto:
[email protected]) .
Recommendations for Executive Action 1. Recommendation: The Director of the OMB should issue a directive to the agencies on developing comprehensive software licensing policies comprised of the seven elements identified in this report. Agency Affected: Executive Office of the President: Office of Management and Budget
2. Recommendation: To ensure the effective management of software licenses, the Secretary of Agriculture should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified. Agency Affected: Department of Agriculture
3. Recommendation: To ensure the effective management of software licenses, the Secretary of Agriculture should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Department of Agriculture
4. Recommendation: To ensure the effective management of software licenses, the Secretary of Agriculture should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Department of Agriculture
5. Recommendation: To ensure the effective management of software licenses, the Secretary of Agriculture should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics. Agency Affected: Department of Agriculture
Status: Closed - Implemented Comments: In June 2016, the Office of Management and Budget (OMB) issued guidance to improve federal agencies' software license management practices. The OMB guidance, among other things, comprises the seven elements that a comprehensive software licensing policy should specify, as GAO recommended in May 2014. For example, the guidance requires agencies to maintain a continual agency-wide inventory of software licenses and leverage IT to support processes for compiling and maintaining software license inventories. In addition, OMB's guidance calls for agencies to analyze inventory data to ensure compliance with software license agreements, consolidate redundant applications, and identify other cost-saving opportunities. As a result, federal agencies should have adequate policies for consistently and effectively managing software licenses and be able to take advantage of opportunities to systematically identify software license related cost savings across agencies and the federal government. Status: Open Comments: In October 2017, the US Department of Agriculture reported that its Departmental Regulation 3160-001, and Departmental Manual 3160-001 -- both titled "Licensed IT Software" -- are moving through the clearance process and will be provided to GAO as soon as they are approved.
Status: Closed - Implemented Comments: The Department of Agriculture (USDA) implemented GAO's recommendation by employing a centralized software licenses approach that is coordinated and integrated with key USDA personnel. For example, USDA established a Software Category Manager and Category Management Team responsible for the oversight of all of the software licenses enterprise agreements. In addition, USDA has established Enterprise IT Category Management guidance to support the central oversight authority within the department for managing enterprise software license agreements. By employing a centralized software license management approach, USDA should be able to more consistently and cost-effectively make agency-wide decisions on software licenses. Status: Closed - Implemented Comments: In October 2017, the US Department of Agriculture (Agriculture) demonstrated that it has implemented a tool to establish the department's software license inventory. In addition, Agriculture provided examples of the types of reports that can be generated by the software inventory tool, including reports on: 1) the software license count by product and version, 2) products by each computer, and 3) top publishers whose products are used by the department. Agriculture also provided background information on the software inventory tool, including its capabilities, platform components, architecture, and update schedule. As a result of implementing a department-wide inventory of software licenses, Agriculture is more likely to be able to ensure compliance with software license agreements, allow for agency-wide visibility that consolidates redundant applications, and enable the identification of cost-saving opportunities. Status: Closed - Implemented Comments: In October 2017, the US Department of Agriculture (Agriculture) demonstrated that it uses its software inventory tool to track and maintain a comprehensive inventory of software licenses. Specifically, Agriculture obtains cost data from USASpending.gov and then compares it to data from the software inventory tool. For example, Agriculture can track software product usage data such as the date of last usage and number of times used for each of almost 6,500 Agriculture computers. Then Agriculture can follow up with users to determine if license is still necessary. As a result, Agriculture is in a better position to ensure that the agency has the appropriate number of licenses for each item of software in accordance with current use.
6. Recommendation: To ensure the effective management of software licenses, the Secretary of Agriculture should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making. Agency Affected: Department of Agriculture
7. Recommendation: To ensure the effective management of software licenses, the Secretary of Agriculture should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. Agency Affected: Department of Agriculture
8. Recommendation: To ensure the effective management of software licenses, the Secretary of Commerce should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified. Agency Affected: Department of Commerce
9. Recommendation: To ensure the effective management of software licenses, the Secretary of Commerce should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Department of Commerce
10. Recommendation: To ensure the effective management of software licenses, the Secretary of Commerce should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Department of Commerce
11. Recommendation: To ensure the effective management of software licenses, the Secretary of Commerce should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics. Agency Affected: Department of Commerce
12. Recommendation: To ensure the effective management of software licenses, the Secretary of Commerce should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making. Agency Affected: Department of Commerce
13. Recommendation: To ensure the effective management of software licenses, the Secretary of Commerce should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. Agency Affected: Department of Commerce
14. Recommendation: To ensure the effective management of software licenses, the Secretary of Defense should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified Agency Affected: Department of Defense
15. Recommendation: To ensure the effective management of software licenses, the Secretary of Defense should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Department of Defense
16. Recommendation: To ensure the effective management of software licenses, the Secretary of Defense should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Department of Defense
Status: Closed - Implemented Comments: In October 2017, the US Department of Agriculture (Agriculture) demonstrated that it is using agency-wide data to identify opportunities for contract consolidation and reduction in licenses. For example, Agriculture showed that between 2016 and 2017 it was able to save $85,000 dollars on a software product by consolidating all of the agency's contracts for the product. In addition to the cost savings, the consolidation effort improved the agency's security by bringing all users up to the latest version of software. In another example, Agriculture showed how it has analyzed the usage reports for different software and has found that by consolidating and sharing the services they can reduce the number of licenses needed and the overall cost to the department. According to Agriculture, they are currently working with procurement to consolidate the order for this software product. As a result of these types of analyses, Agriculture is able to identify software license contract savings opportunities and make better investment decisions. Status: Closed - Implemented Comments: In October 2017, the US Department of Agriculture (Agriculture) demonstrated that it is providing comprehensive training to personnel on software licensing management topics. Agriculture reported that its software license management team is comprised of four individuals, three of whom are currently certified Contract Officer Representatives, with the fourth in the process of obtaining that certification. Agriculture provided supporting documentation to show that the team has attended classes regarding contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. As a result, Agriculture will be able to develop the skills and knowledge of employees so they can perform their roles more effectively and efficiently. Status: Open Comments: In October 2017, the Department of Commerce (Commerce) demonstrated it has taken steps to create a department wide software license management policy. Specifically, Commerce issued a directive for each of its bureaus to provide their current software license management policies. Based on these policies, Commerce will create a department-wide policy, which it expects to issue by March 2018. GAO will continue to monitor the department's progress in implementing this recommendation. Status: Open Comments: In October 2017, the Department of Commerce reported that a working group has been established to execute license management policies. However, meetings of the group have been put on hold due to resource constraints. GAO will continue to monitor the department's progress in implementing this recommendation.
Status: Open Priority recommendation Comments: In October 2017, the Department of Commerce (Commerce) reported that it is considering options for establishing a comprehensive inventory of software licenses in the department. It is considering different automated tools, modifying its present tool suite, or using General Services Administration's Software License Management Service. Commerce reports that it is completing an analysis of alternatives and working with the budget office to determine available funding. GAO will continue to monitor the department's progress in implementing this recommendation. Status: Open Comments: In October 2017, the Department of Commerce (Commerce) reported that it is considering options for acquiring an automated tool for tracking and maintaining a comprehensive inventory of software licenses throughout the department. Commerce reports that it is completing an analysis of alternatives and working with the budget office to see what funding is available. GAO will continue to monitor the department's progress in implementing this recommendation. Status: Closed - Implemented Comments: In October 2017, the Department of Commerce (Commerce) reported that its Enterprise Services Acquisition team has been using agency-wide software license data to identify opportunities to reduce costs. Commerce reported that the use of blanket purchase agreements resulted in over $27 million in savings between May 2015 and October 2017. As a result of these types of analyses, Commerce is able to identify software license contract savings opportunities and make better investment decisions. Status: Open Comments: In October 2017 the Department of Commerce (Commerce) reported that it currently does not provide training specific to software license management. However, Commerce officials state that they are working to development this training. For example, Commerce officials are currently reaching out to another federal agency to learn about the software license management training they offer. Commerce states that it plans to incorporate lessons learned into the department's future training plans. GAO will continue to monitor the department's progress in implementing this recommendation. Status: Open Comments: In October 2017 the Department of Defense (Defense) provided a number of documents to support its statement that it has a software inventory license reporting plan that includes actions for developing an appropriate license management policy. Defense does not have one definitive plan. In May 2016 the House Armed Forces Committee asked for a briefing on Defense's activities. The briefing does not address all of the seven elements that a comprehensive software licensing policy should specify, including topics such as roles, responsibilities, oversight mechanisms, details about the implications of the phases of software license management life-cycle phases on cloud computing decisions, and training. However, Defense stated that the Chief Information Officer was in the process of drafting another key document, which should be issued in January 2018. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation. Status: Closed - Implemented Comments: The Department of Defense (Defense) has taken actions taken to implement a centralized software license management approach. For example, in October 2017 the department provided evidence that the DOD chief information officer (CIO) is leveraging the Defense Enterprise Software Initiative and joint enterprise license agreement efforts, which are centrally managed by the Defense Information Systems Agency, to coordinate centralized acquisitions for licenses that are commonly purchased across Defense. The Defense CIO also issued memorandums in November 2015 and January 2016 directing department-wide migration to one operating system by January 2017, which will support an enterprise approach for centrally coordinating software license management. As a result, Defense will be more likely to effectively centralize software license record keeping and allow for agency-wide visibility that consolidates redundant applications and identification of other cost-saving opportunities. Status: Open Comments: In October 2017, the Department of Defense (Defense) reported on actions to implement a comprehensive inventory using automated tools. For example, Defense reported that it has completed a software inventory license reporting plan. It also continues to automate security domains for asset management and plans to implement automated support and processes for software license management processes in Fiscal Year 2020. However, the documentation available from Defense was insufficient to support these statements. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
17. Recommendation: To ensure the effective management of software licenses, the Secretary of Defense should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics. Agency Affected: Department of Defense
18. Recommendation: To ensure the effective management of software licenses, the Secretary of Defense should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making. Agency Affected: Department of Defense
19. Recommendation: To ensure the effective management of software licenses, the Secretary of Defense should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. Agency Affected: Department of Defense
20. Recommendation: To ensure the effective management of software licenses, the Secretary of Education should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified. Agency Affected: Department of Education
21. Recommendation: To ensure the effective management of software licenses, the Secretary of Education should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Department of Education
22. Recommendation: To ensure the effective management of software licenses, the Secretary of Education should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Department of Education
23. Recommendation: To ensure the effective management of software licenses, the Secretary of Education should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics. Agency Affected: Department of Education
24. Recommendation: To ensure the effective management of software licenses, the Secretary of Education should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making. Agency Affected: Department of Education
25. Recommendation: To ensure the effective management of software licenses, the Secretary of Education should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. Agency Affected: Department of Education
26. Recommendation: To ensure the effective management of software licenses, the Secretary of Energy should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified. Agency Affected: Department of Energy
27. Recommendation: To ensure the effective management of software licenses, the Secretary of Energy should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Department of Energy
Status: Open Comments: In October 2017 the Department of Defense (Defense) noted that it does not yet collect software asset data for all Defense end-points, but plans to start the process in fiscal year 2018. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation. Status: Open Priority recommendation Comments: In October 2017, the Department of Defense stated that it does not yet collect software asset data for the entire department. We will continue to monitor the department's progress in implementing this recommendation.
Status: Closed - Implemented Comments: In October 2017, the Department of Defense (Defense) demonstrated that it has provided software license management training in a variety of areas to agency personnel during fiscal years 2015 through 2017. For example, Defense demonstrated that it has added a new webinar training session on software license management and developed a two-day in-person training course on strategic vendor management that introduces participants to category management best practices for commercial software. The webinars and two-day sessions were attended by over 600 personnel in fiscal years 2016 and 2017. Defense also conducted other training on commercial software licensing which was provided to over 340 personnel in fiscal years 2016 and 2017. In addition, Defense provided documentation that it provided access to web-based software licensing resources to Defense personnel. For example, between fiscal years 2015 and 2017 its software licensing training videos were accessed almost 200,000 times, and its software licensing tool kits and white papers were accessed over 63,000 times. Finally, in October 2017 Defense provided evidence that it is providing training in the areas of contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management, as recommended by GAO. As a result, Defense should be able to develop the skills and knowledge of employees so they can perform their roles more effectively and efficiently. Status: Open Comments: In October 2017, the Department of Education stated that the department is working to streamline its software management process through the revision of its current Software Asset Management and Acquisition Policy directive, and IT Governance guidance. These are expected to be issued in 2017. We will continue to monitor the department's efforts to address this recommendation. Status: Closed - Implemented Comments: The Department of Education has employed a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprisewide licenses. This centralized approach is delineated in the department's Software Asset Management and Acquisition Policy which among other things, calls for centralized record keeping and management of software license information by the Office of the Chief Information Office. As a result, the department should be able to more effectively manage its agency-wide software licenses. Status: Closed - Implemented Comments: The Department of Education concurred with, and took actions to establish an inventory of software licenses using automated tools for its enterprisewide licenses. In addition, Education's directive on Software Asset Management and Acquisition Policy requires the department to regularly track and maintain its comprehensive inventory of software licenses using automated tools and metrics. A comprehensive inventory should help the department ensure compliance with software license agreements, and identify cost-saving opportunities. Status: Closed - Implemented Comments: The Department of Education concurred with, and took actions to implement this recommendation. The department's Software Asset Management and Acquisition Policy and its Software Asset Management Tool Implementation Plan include procedures for regularly tracking and maintaining an inventory using automated tools and metrics. For example, the Software Asset Management Tool Implementation Plan calls for the generation of reports showing licensing usage, cost, and under/over usage of software licensing. In addition, the department provided evidence that it has begun to regularly track software license data, such as the Federal Student Aid (FSA) Usage report, that show the number of licenses FSA has purchased and the number of licenses FSA has in use. As a result, the department can better ensure that it has the appropriate number of licenses for each item of software in use to reconcile with current use. Status: Closed - Implemented Comments: In October 2017, the Department of Education provided audit reports showing the analysis of software license data, associated costs, and cost savings. For example, Education estimated that it saved $683,643.00 in fiscal year 2017 by reducing the number of licenses needed, changing the software edition to a cheaper version, negotiating with vendors, and not renewing unneeded licenses. As a result, Education is able to identify software license contract savings opportunities and make better investment decisions. Status: Open Comments: In October 2017, the Department of Education (Education) reported that the department's initial training was designed to familiarize the community with the various requirements and mandates highlighted in the latest version of its software management directive and policy. Although the training covered a wide variety of topics, it did not specifically address software license contract terms and conditions, laws and regulations, and security planning. According to Education, the release of the revised Software Asset Management and Acquisition directive will appropriately address these areas. The policy is expected to be issued 2017. We will continue to monitor the department's efforts to address the recommendation. Status: Open Comments: In August 2017, the Department of Energy (Energy) provided a copy of Energy Order 200.1A, Information Technology Management. This document was updated in January 2017 to incorporate Federal Information Technology Acquisition Reform Act (FITARA) requirements. The order says that IT will be managed consistent with all statutory, regulatory, OMB and Departmental requirements, and that integrated IT management will be administered by the Office of the Chief Information. One of the requirements of the CIO is to perform software asset management including the tracking, licensing, and utilization of Energy's software license inventory. However, there is insufficient detail to addresses the weaknesses of policies that GAO found in our report. In October 2017, Energy stated that it is in the process of updating its policies. According to Energy, it has a draft of a Software Management Centralization Plan and plans to draft a Vendor Management Strategy. It anticipates having the policies finalized by the end of 2017. We will continue to monitor Energy's efforts to address this recommendation. Status: Open Comments: In 2017, the Department of Energy (Energy) reported that it needs is taking steps to address this recommendation, but that more remains to be done. Energy officials stated that it needs to leverage the existing Office of the Chief Information Officer (OCIO) Enterprise-wide Agreement Program for commercial off the shelf software and the OCIO's Enterprise Architecture Repository Solution, which identifies existing software within the OCIO-managed environment. Energy stated that the enterprise-wide agreement program has resulted in cost savings, but did not provide documentation to support this. We will continue to monitor the department's efforts to address this recommendation.
28. Recommendation: To ensure the effective management of software licenses, the Secretary of Energy should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Department of Energy
29. Recommendation: To ensure the effective management of software licenses, the Secretary of Energy should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics. Agency Affected: Department of Energy
30. Recommendation: To ensure the effective management of software licenses, the Secretary of Energy should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making. Agency Affected: Department of Energy
31. Recommendation: To ensure the effective management of software licenses, the Secretary of Energy should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. Agency Affected: Department of Energy
32. Recommendation: To ensure the effective management of software licenses, the Secretary of Health and Human Services should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified. Agency Affected: Department of Health and Human Services
33. Recommendation: To ensure the effective management of software licenses, the Secretary of Health and Human Services should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Department of Health and Human Services
34. Recommendation: To ensure the effective management of software licenses, the Secretary of Health and Human Services should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Department of Health and Human Services
35. Recommendation: To ensure the effective management of software licenses, the Secretary of Health and Human Services should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics Agency Affected: Department of Health and Human Services
36. Recommendation: To ensure the effective management of software licenses, the Secretary of Health and Human Services should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making. Agency Affected: Department of Health and Human Services
37. Recommendation: To ensure the effective management of software licenses, the Secretary of Health and Human Services should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. Agency Affected: Department of Health and Human Services
38. Recommendation: To ensure the effective management of software licenses, the Secretary of Homeland Security should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Department of Homeland Security
39. Recommendation: To ensure the effective management of software licenses, the Secretary of Homeland Security should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Department of Homeland Security
Status: Open Comments: In 2017, the Department of Energy (Energy) issued a data call to its components and created a software license inventory from the information provided. Energy plans on conducting similar data calls, supplemented by automated scans where available, at least twice a year. This data collection will provide information useful to consolidating software licenses and developing operating and cost efficiencies. However, Energy stated that given that the department is federated and has numerous networks, an enterprise-wide automated scan is not feasible, as GAO recommended in May 2014. We will continue to monitor the department's efforts to address this recommendation. Status: Open Comments: In August 2017, the Department of Energy (Energy) stated that it is in the early stages of developing a centralized software license management approach to address the requirements outlined in the Office of Management and Budget (OMB's software license policy. According to Energy, this centralized approach will include a plan for how Energy routinely tracks and maintains a department-wide inventory of its software licenses using automated tools and how Energy will analyze this information to facilitate better spending across the department. Energy also provided a task order for the implementation of continuous diagnostic and mitigation services. The services includes the use of automated tools for software asset management, configuration system management, and vulnerability management. However, the task order does not include timelines. We will continue to monitor Energy's efforts to address this recommendation. Status: Open Comments: In 2017, the Department of Energy (Energy) stated that while the Department has realized cost savings from its Enterprise-wide Agreement Program, it recognizes that a more robust, enterprise-wide coordinated effort is needed. Energy stated that a plan for how the inventory will be developed will be a part of its future centralized management approach. According to Energy, the plan will include analyzing the inventory to identify potential cost savings. However, the documentation provided by Energy for the enterprise wide agreement program does not provide any cost savings information. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation. Status: Open Comments: In October 2017, the Department of Energy (Energy) provided evidence that it has training courses in contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. However, Energy has yet to provide evidence that these courses have been attended by a sufficient number of Energy personnel. We will continue to monitor Energy's efforts to address this recommendation. Status: Open Comments: In October 2017, the Department of Health and Human Services (HHS) stated that it concurs with and will address this recommendation through an initiative that is focused on the Federal Information Technology Acquisition Reform Act. This initiative is expected to start making progress by May 2018 and lead to ongoing improvements. HHS also stated that HHS's federated IT environment, presents unique challenges to implement enterprise-wide software management. GAO will continue to monitor the department's efforts to addressing this recommendation. Status: Open Comments: In October 2017, the Department of Health and Human Services (HHS) stated that it concurs with and will address this recommendation through an initiative that is focused on the Federal Information Technology Acquisition Reform Act. This initiative is expected to start making progress by May 2018 and lead to ongoing improvements. HHS also stated that HHS's federated IT environment, presents unique challenges to implement enterprise-wide software management. GAO will continue to monitor the department's efforts to addressing this recommendation. Status: Open Comments: In October 2017, the Department of Health and Human Services (HHS) stated that it concurs with and will address this recommendation through an initiative that is focused on the Federal Information Technology Reform Acquisition Act (FITARA) Scorecard from the House Oversight and Government Reform Committee. This initiative is expected to generate solid results by May 2018 and be ongoing afterwards. HHS also stated that they will continue to seek GAO's advice on the implementation and execution of the recommendation given HHS's federated IT environment, which they feel presents unique challenges to implement enterprise-wide software management. GAO will continue to monitor the department's progress in implementing this recommendation. Status: Open Comments: In October 2017, the Department of Health and Human Services (HHS) stated that it concurs with and will address this recommendation through an initiative that is focused on the Federal Information Technology Acquisition Reform Act. This initiative is expected to start making progress by May 2018 and lead to ongoing improvements. HHS also stated that HHS's federated IT environment, presents unique challenges to implement enterprise-wide software management. GAO will continue to monitor the department's efforts to addressing this recommendation. Status: Open Comments: In October 2017, the Department of Health and Human Services (HHS) stated that it concurs with and will address this recommendation through an initiative that is focused on the Federal Information Technology Acquisition Reform Act. This initiative is expected to start making progress by May 2018 and lead to ongoing improvements. HHS also stated that HHS's federated IT environment, presents unique challenges to implement enterprise-wide software management. GAO will continue to monitor the department's efforts to addressing this recommendation. Status: Open Comments: In October 2017, the Department of Health and Human Services (HHS) stated that it concurs with and will address this recommendation through an initiative that is focused on the Federal Information Technology Acquisition Reform Act. This initiative is expected to start making progress by May 2018 and lead to ongoing improvements. HHS also stated that HHS's federated IT environment, presents unique challenges to implement enterprise-wide software management. GAO will continue to monitor the department's efforts to addressing this recommendation. Status: Open Comments: In June 2017, the Department of Homeland Security (DHS) reported that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) tool that enables industry best practices and standards for software license management. DHS also reported that the CDM implementation will facilitate normalization efforts across DHS by defining common software license and maintenance requirements. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation. Status: Open Comments: In June 2017, the Department of Homeland Security (DHS) reported that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) tool that enables industry best practices and standards for software license management. DHS also reported that the CDM implementation will provide DHS with an automated capability for IT hardware and software asset discovery; IT asset inventory tracking; software inventory normalization; software license
optimization; data sharing capabilities, and thus ensure full compliance with the requirement to maintain a continual agency-wide inventory of software licenses. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation. 40. Recommendation: To ensure the effective management of software licenses, the Secretary of Homeland Security should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics. Agency Affected: Department of Homeland Security
41. Recommendation: To ensure the effective management of software licenses, the Secretary of Homeland Security should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making. Agency Affected: Department of Homeland Security
42. Recommendation: To ensure the effective management of software licenses, the Secretary of Homeland Security should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. Agency Affected: Department of Homeland Security
43. Recommendation: To ensure the effective management of software licenses, the Secretary of Housing and Urban Development should develop an agencywide comprehensive policy for the management of software licenses that addresses the weaknesses we identified Agency Affected: Department of Housing and Urban Development
44. Recommendation: To ensure the effective management of software licenses, the Secretary of Housing and Urban Development should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics. Agency Affected: Department of Housing and Urban Development
45. Recommendation: To ensure the effective management of software licenses, the Secretary of Housing and Urban Development should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making. Agency Affected: Department of Housing and Urban Development
46. Recommendation: To ensure the effective management of software licenses, the Secretary of Housing and Urban Development should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. Agency Affected: Department of Housing and Urban Development
47. Recommendation: To ensure the effective management of software licenses, the Secretary of the Interior should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified. Agency Affected: Department of the Interior
48. Recommendation: To ensure the effective management of software licenses, the Secretary of the Interior should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Department of the Interior
49. Recommendation: To ensure the effective management of software licenses, the Secretary of the Interior should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Department of the Interior
Status: Open Comments: In June 2017, the Department of Homeland security (DHS) reported that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) tool that enables industry best practices and standards for software license management. DHS also reported that the tracking of software assets and inventory will be implemented as CDM is rolled out to each DHS Component. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation. Status: Open Comments: In June 2017, the Department of Homeland Security (DHS) reported that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) tool that enables industry best practices and standards for software license management. DHS also reported that CDM tracking of software assets and inventory will be implemented as CDM is rolled out to each DHS Component. The CDM tool will provide DHS with an automated capability for IT hardware and software asset discovery; IT asset inventory tracking; software inventory normalization; software license optimization; data sharing capabilities, and thus ensure full compliance with the requirement to maintain a continual agency-wide inventory of software licenses, including all licenses purchased, deployed, and in use, as well as spending on subscription services. As this data is captured the DHS OCIO, OSDO will analyze the software license data to track cost, usage, benefits to establish spending data that allows to the Department to perform trend analysis. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation. Status: Closed - Implemented Comments: In May 2014, the Department of Homeland Security concurred with this recommendation. In August 2015, the department provided evidence that it had developed software license management training that is available for the appropriate personnel. The training addresses contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. The department stated that the target training audience is agency personnel who are involved in managing software licenses such as project managers and members of the DHS Enterprise License Agreements. As a result, DHS staff involved in managing software licenses should have the skills and knowledge to perform their roles effectively and efficiently. Status: Open Comments: In October 2017, the Department of Housing and Urban Development (HUD) stated that the department developed a draft policy that will implement policies and responsibilities for managing software licenses and a software license consolidation plan to enable maintenance and enforcement of the software license management policy. In addition, the department reported that it had appointed a software license manager who is the single point of contact for software license management. Among other things, the department has initiated a software license management oversight working group, and worked to establish a software license management project management office. According to HUD, the targeted completion for implementing this recommendation is by the end of March 2018. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation. Status: Open Comments: In October 2017, the Department of Housing and Urban Development (HUD) reported that its Office of the Chief information Officer (OCIO) has achieved full operational capability for the agency's Federal Asset Management Enterprise System (FAMES) and began to populate FAMES with information on the agency's software assets in January 2017. However, HUD noted that it still needs to implement and test the interface between FAMES and the agency's automated procurement system. According to HUD, upon completion of the interface, OCIO will have the data extracts necessary to support enforcement of an agency-wide comprehensive policy that incorporates software license management into its configuration management and control process. HUD reports that the targeted completion for implementing this recommendation is by the end of June 2018. We will follow-up with the department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation. Status: Open Comments: In October 2017, the Department of Housing and Urban Development (HUD) reported on actions taken to implement this recommendation including the development of an analysis to support acquisition and deployment of an automated software license management capability. According to HUD, this capability will provide the department with the data necessary to identify opportunities to reduce cost, implement IT commodity-consolidated acquisitions and buy licenses in bulk. HUD reports that the targeted completion for implementing this recommendation is by the end of March 2018. However, HUD reported that it has identified $1.4 million in cost savings and avoidance utilizing its current inventory and processes. We will follow-up with the Department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation. Status: Open Comments: In October 2017, the Department of Housing and Urban Development (HUD) stated that the department is working to provide training to agency personnel. For example, HUD reports that it has worked with the Department of Defense (Defense) to offer Defense's Enterprise Software Initiative sponsored software license management training to staff. HUD also reports that it continues to work with peer agencies to identify opportunities to access required software management skills and other required training. HUD's target completion for addressing this recommendation by the end of March 2018. We will follow-up with the Department to obtain supporting documentation and continue to monitor its progress in implementing this recommendation. Status: Open Comments: In March 2017, the Department of Interior reported that the department has drafted a comprehensive policy that is comprised of the core elements of software management. In September 2017, the department reported that it had reevaluated its approach to software asset and license management and will issue an updated policy memorandum to Interior bureaus and offices during the second quarter of fiscal year 2018. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation. Status: Open Comments: In March 2017, the Department of Interior reported that the department is working on a comprehensive management approach for accounting for and managing IT Software Assets. The approach includes roles and responsibilities. In September 2017, the department reported that it plans to employ a centralized license management approach for its enterprise-wide software in the third quarter of fiscal year 2018. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation. Status: Open Comments: In March 2017, the Department of Interior reported that the department is working on a comprehensive management approach for accounting for and managing IT Software Assets. The approach includes roles and responsibilities. In August 2017, the department reported that it is using automated tools and technologies to begin compiling an inventory of installed software. Further, Interior officials reported that they are compiling information on software contracts that it maintains for enterprise-wide licensing. Department officials stated that they are investigating tools, techniques and approaches to automate matching its software
installations against enterprise-wide software contracts and licensing. The department plans to establish a comprehensive inventory of enterprise-wide licenses in the third quarter of fiscal year 2018. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation. 50. Recommendation: To ensure the effective management of software licenses, the Secretary of the Interior should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics. Agency Affected: Department of the Interior
51. Recommendation: To ensure the effective management of software licenses, the Secretary of the Interior should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making Agency Affected: Department of the Interior
52. Recommendation: To ensure the effective management of software licenses, the Secretary of the Interior should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. Agency Affected: Department of the Interior
53. Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified. Agency Affected: Department of Justice
54. Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Department of Justice
55. Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Department of Justice
56. Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics. Agency Affected: Department of Justice
57. Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making. Agency Affected: Department of Justice
58. Recommendation: To ensure the effective management of software licenses, the Secretary of Justice should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. Agency Affected: Department of Justice
59. Recommendation: To ensure the effective management of software licenses, the Secretary of Labor should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Department of Labor
60. Recommendation: To ensure the effective management of software licenses, the Secretary of Labor should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics. Agency Affected: Department of Labor
61. Recommendation: To ensure the effective management of software licenses, the Secretary of Labor should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making. Agency Affected: Department of Labor
Status: Open Comments: In March 2017, the Department of Interior reported that the department is working on a comprehensive management approach for accounting for and managing IT Software Assets. In August 2017, the department reported that it plans to establish a comprehensive inventory of enterprise-wide licenses in the third quarter of fiscal year 2018. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation. Status: Open Comments: In March 2017, the Department of Interior reported that the department is working on a comprehensive management approach for accounting for and managing IT Software Assets. In August 2017, the department reported that it plans to establish a comprehensive inventory of enterprise-wide licenses in the third quarter of fiscal year 2018, and to analyze the data by the end of second quarter fiscal year 2019. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation. Status: Open Comments: In March 2017, the Department of Interior reported that the department provides software license management training to agency personnel. However, the agency has not yet provided documentation showing that the training addresses key aspects of software license management, including addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. We will follow-up with the department to obtain supporting documentation. Status: Open Comments: In October 2017, the Department of Justice reported that it was in the process of finalizing its software license management policy with an expected completion date by the end of December 2017. We will continue to monitor the agency's progress in implementing this recommendation.
Status: Open Comments: In October 2017, the Department of Justice (Justice) reported that a software centralization plan for all software licenses is under development, with an expected completion date of June 30, 2018. In the meantime, Justice reports that it tracks software usage within the department's components. Justice is able to reassign licenses from one component to another in instances where one component has the license but it not using it. We will continue to monitor the agency's progress in implementing this recommendation. Status: Open Comments: In September 2017, the Department of Justice (Justice) reported that it is in the process of deploying a software inventory tool across the department. According to Justice, this will provide a comprehensive inventory of software licenses installed on end user desktops and laptops. Justice had planned to have the tool implemented by September 30, 2017. However, in October 2017, Justice stated that it is still working with the components to deploy the tool and currently does not have a target date for completion. We will continue to monitor the agency's progress in implementing this recommendation. Status: Open Comments: In September 2017, the Department of Justice (Justice) reported that it is in the process of developing the automated tools needed to track and maintain a comprehensive inventory of software licenses. Justice had planned to have the tool implemented by September 30, 2017. However, in October 2017 Justice stated that it is still working with the components to deploy the tool and currently does not have a target date for completion. We will continue to monitor the agency's progress in implementing this recommendation. Status: Open Comments: In September 2017, the Department of Justice (Justice) reported that it has taken initial steps to analyze agency-wide software license data. For example, it has worked to provide better governance of existing software enterprise agreements to achieve savings from processes across the components, with an initial focus on its largest software vendors. Justice reported that it is also in the process of deploying a software inventory tool across the department. According to Justice, this will enable the department to identify opportunities for cost savings through additional enterprise agreements. They anticipate that the license data will substantiate usage patterns that will allow Justice to define alternate licensing structures (with reduced fees) for software not included in the enterprise agreements. Justice had planned to have the inventory tool implemented by September 30, 2017. However, in October 2017 Justice stated that it is still working with the components to deploy the inventory tool and currently does not have a target date for completion. We will continue to monitor the agency's progress in implementing this recommendation. Status: Open Comments: The Department of Justice (Justice) reported in September 2017 that it has taken initial steps to provide training to appropriate agency personnel. For example, Justice states that in the department's Vendor Management Calls they provide training on processes and the use of tools, including contract terms, negotiations, laws and regulations, acquisition, security planning and configuration management. However, Justice has not yet provided documentation to support this. We will continue to monitor the agency's progress in implementing this recommendation. Status: Closed - Implemented Comments: In October 2017, the Department of Labor provided documentation showing that it had implemented a software solution that generates an agency-wide inventory of software assets. A comprehensive inventory will better ensure compliance with software license agreements, and allow the department visibility that reduces redundant applications and identification of other cost saving opportunities. Status: Closed - Implemented Comments: In October 2017, the Department of Labor provided documentation showing that it had implemented a software solution that generates an agency-wide inventory of software assets. As a result, the agency can ensure that it has the appropriate number of licenses for each item of software in use to reconcile with current use. Status: Open Comments: In October 2017, the Department of Labor (Labor) reported that it plans to implement a software solution in the first quarter of fiscal year 2018, to, among other things, assist in managing its inventory using automated tools and metrics. Further, Labor reported that it had developed a Departmental cross-functional team, including personnel from acquisitions, contracts, user service management, and finance, which evaluates software consolidation opportunities. According to Labor officials, the team's efforts have led to the consolidation of contracts for over 40 department-wide software companies, and identified and established enterprisewide software agreements. For example, the agency analyzed its software license inventory and as a result consolidated seven separate licenses into a single enterprise-wide license agreement. According to agency officials, the consolidation minimizes the contracting administration effort and enables the agency to scale software license usage without a contract action. We will continue to monitor the
agency's progress in implementing the software solution. 62. Recommendation: To ensure the effective management of software licenses, the Secretary of Labor should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. Agency Affected: Department of Labor
63. Recommendation: To ensure the effective management of software licenses, the Secretary of State should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified. Agency Affected: Department of State
64. Recommendation: To ensure the effective management of software licenses, the Secretary of State should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Department of State
65. Recommendation: To ensure the effective management of software licenses, the Secretary of State should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Department of State
66. Recommendation: To ensure the effective management of software licenses, the Secretary of State should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics. Agency Affected: Department of State
67. Recommendation: To ensure the effective management of software licenses, the Secretary of State should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making. Agency Affected: Department of State
68. Recommendation: To ensure the effective management of software licenses, the Secretary of State should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. Agency Affected: Department of State
69. Recommendation: To ensure the effective management of software licenses, the Secretary of Transportation should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified. Agency Affected: Department of Transportation
70. Recommendation: To ensure the effective management of software licenses, the Secretary of Transportation should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Department of Transportation
71. Recommendation: To ensure the effective management of software licenses, the Secretary of Transportation should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Department of Transportation
72. Recommendation: To ensure the effective management of software licenses, the Secretary of Transportation should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics. Agency Affected: Department of Transportation
Status: Open Comments: In October 2017, the Department of Labor (Labor) reported that it had provided software license training to six personnel, including automated tool training, software security and configuration management training. Further, Labor reported that it plans to provide further software management related training. We will follow-up with the agency to obtain supporting documentation, and will continue to monitor its progress in implementing this recommendation. Status: Open Comments: In October 2017, the Department of State reported that it is working to develop a comprehensive policy for the management of software licenses. In addition, the department reported that it has a policy that identifies a single office within the department that is responsible for managing the enterprise software licensing agreements. We will continue to monitor the department's efforts to address the recommendation. Status: Open Comments: In October 2017, the department reported that existing policy identifies roles and responsibilities for key stakeholders in the acquisition of software including the CIO and systems owners. In addition, the department reported that it uses a centralized approach for five products. However, the department did not provided evidence that it is employing a centralized management approach for other software licenses. We will continue to monitor its efforts to address this recommendation. Status: Open Comments: In October 2017, the Department of State reported that it owns several tools that assist the department with software asset management. In addition, the department reported that it currently has insight into procurement information as well as a broad range of software inventory information available via the department's current network monitoring toolset and purchasing system. In addition, the department stated that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) initiative spearheaded by the Department of Homeland Security. According to the department, the CDM is expected to provide an improved, more consolidated, user-friendly, and actionable view into software license data on its network. However, the department has not yet provided documentation of a comprehensive inventory of software licenses using automated tools. We will continue to monitor the department's efforts to address this recommendation. Status: Open Comments: In October2017, the department reported that it currently has insight into procurement information as well as a broad range of software inventory information available via the department's current network monitoring toolset and purchasing system. In addition, the department stated that it is in the process of implementing the Continuous Diagnostics and Mitigation (CDM) which is expected to become the department's automated tool to track its software inventory. We will continue to monitor the department's efforts to address this recommendation. Status: Open Comments: In October 2017, the department reported that it has established a centralized procurement for five products. Further, the department reported that it has saved over $69 million by using this approach. Moreover, the department reported that it is considering other products that might benefit from a centralized approach. In addition, the department reported that its software asset management framework is being updated to centralize, standardize and consolidate purchases of software licenses. However, the department reported that it currently conducts software licenses analysis on a contract-by-contract basis, and has not provided documentation showing that it is analyzing agency-wide software license data. We will continue to monitor the department's efforts to address this recommendation. Status: Open Comments: In October 2017, the Department of State reported that it employees have access to the Foreign Service Institute's training, which includes acquisition courses. However, the department has not provided documentation showing that these courses address software licenses. In addition, in July 2017 the department reported that it has provided software license management training to the agency's Information Resource Management and acquisition personnel and that the agency plans to provide more relevant software license training in the future. We will followup with the agency to obtain supporting documentation and we will continue to monitor its efforts to address this recommendation. Status: Open Comments: In February 2017, the Department of Transportation (DOT) stated that it has developed a policy addressing components of centralized management and management of software licenses through the entire life cycle. In addition, DOT updated its policy to address regularly tracking licenses using automated tools, analyzing license data to inform investment decision making, providing license management training to personnel, and establishing goals and objectives of the program. However, while DOT's Order 1351.21 states that each Enterprise License Agreement will be accompanied by a licensed management portal to provide department-wide transparency on how many licenses are available and when licenses need to be renewed, the policy did not include details on procedures for establishing a comprehensive inventory by identifying and collecting information about software license agreements using automated discovery and inventory tools. We will follow up with the department to obtain evidence of the department-wide implementation of this recommendation. Status: Closed - Implemented Comments: The Department of Transportation (DOT) implemented this recommendation. Specifically, DOT issued Order 1351.21 which provides procedures for employing a centralized software license management approach that is integrated with key personnel for department-wide Enterprise License Agreements (ELAs). In addition, DOT has assigned a software license manager position in accordance to the Federal Information Technology Acquisition Reform Act (FITARA) guidance, with responsibility to, among other duties, lead the agency-wide effort to centralize license management, implement strategies to reduce duplication and ensure the adoption of software management best practices. The software manager is also required to report to the agency CIO and work in collaboration with the offices of the CIO, CAO, CFO, and other organizations as appropriate. By employing a centralized software license management approach, DOT should be able to more consistently and costeffectively make agency-wide decisions on software licenses. Status: Open Comments: In October 2017, the Department of Transportation (DOT) reported that, to be consistent with MEGABYTE Act requirements, the department is focused on applying software license management to the top 80 percent of its software spending. DOT reported that it has developed a methodology to use USASpending.gov and additional data from the department's procurement system to identify its software license spending. In addition, DOT reported that it is also leveraging tools from the Continuous Diagnostic and Monitoring) program as well as Microsoft System Center Configuration Manager and the Federal Procurement Data System to identify software that is installed base and their spending. Moreover, DOT is developing a tool is that they plan to use to create and monitor their software inventory using the data described above. We will continue to monitor the department's efforts to implement the recommendation. Status: Open
Comments: The Department of Transportation (DOT) has made progress in addressing this recommendation by among other things, developing policy requiring its components to regularly track software license data such as usage on a regular basis. For example, the DOT?s Enterprise License Agreements policy requires its information technology offices within the Operating agencies to report software license usage information on a bi-annual basis. We will follow up with the department to obtain evidence of the department-wide implementation of this recommendation. 73. Recommendation: To ensure the effective management of software licenses, the Secretary of Transportation should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making. Agency Affected: Department of Transportation
74. Recommendation: To ensure the effective management of software licenses, the Secretary of Transportation should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. Agency Affected: Department of Transportation
75. Recommendation: To ensure the effective management of software licenses, the Secretary of the Treasury should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified. Agency Affected: Department of the Treasury
76. Recommendation: To ensure the effective management of software licenses, the Secretary of the Treasury should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.
Status: Open Comments: In February 2017, the Department of Transportation (DOT) noted that it was following guidance under the Federal Information Technology Acquisition Reform Act (FITARA). However, DOT did not provide evidence that it analyzes agency-wide software license data to identify opportunities to reduce cost and inform decisions. We will follow up with the department to obtain evidence of the department-wide implementation of this recommendation. Status: Open Comments: In February 2017, the Department of Transportation (DOT) reported that its Office of the Chief Information Officer (OCIO) is piloting the Staff Training Education and Professional Development Program (STEP) for all OCIO employees. The courses cover areas such as contracting and negotiations, laws and regulations and security training. However, DOT reported that the training is not specific to software licensing, although elements of software management are covered in full through the offerings within the STEP program. We will follow up with the department to obtain evidence of the department-wide implementation of this recommendation. Status: Closed - Implemented Comments: In April 2017, Treasury's Chief Information Officer and Senior Procurement Executive established a policy on software license management. The policy includes plans to employ a centralized software license management strategy, and developing and maintaining an agency wise software license inventory. Further, In March 2017, the Chief Information Officer appointed an IT Software Category Manager, who is responsible for managing all agency-wide software agreements and licenses. As a result, Treasury should be able to more effectively manage its agency-wide software licenses. Status: Open Comments: In April 2017, Treasury's Chief Information Officer and Senior Procurement Executive established a policy on software license management. The policy includes plans to employ a centralized software license management strategy. We will continue to monitor the agency?s efforts to develop the strategy.
Agency Affected: Department of the Treasury
77. Recommendation: To ensure the effective management of software licenses, the Secretary of the Treasury should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Department of the Treasury
78. Recommendation: To ensure the effective management of software licenses, the Secretary of the Treasury should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics.
Status: Open Comments: In October 2017, the Department of Treasury reported that it had piloted automated tools to inventory software assets; however, it resulted in inconsistent data and created potential security vulnerabilities. Thus, Treasury has not yet developed a comprehensive inventory. We will continue to monitor the department's efforts to implement the recommendation. Status: Open Comments: In October 2017, Treasury officials stated that they do not maintain a comprehensive centralized inventory of software assets within the enterprise. We will continue to monitor the department's efforts to address the recommendation.
Agency Affected: Department of the Treasury
79. Recommendation: To ensure the effective management of software licenses, the Secretary of the Treasury should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.
Status: Open Comments: In October 2017, department officials stated that they are not currently conducting analysis of agency-wide software license data. We will continue to monitor the department's efforts to address the recommendation.
Agency Affected: Department of the Treasury
80. Recommendation: To ensure the effective management of software licenses, the Secretary of the Treasury should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.
Status: Open Comments: In October 2017, department officials stated that they do not currently offer any training on software license management. We will continue to monitor the department's efforts to address the recommendation.
Agency Affected: Department of the Treasury
81. Recommendation: To ensure the effective management of software licenses, the Secretary of Veterans Affairs should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified. Agency Affected: Department of Veterans Affairs
82. Recommendation: To ensure the effective management of software licenses, the Secretary of Veterans Affairs should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Department of Veterans Affairs
83. Recommendation: To ensure the effective management of software licenses, the Secretary of Veterans Affairs should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Department of Veterans Affairs
84. Recommendation: To ensure the effective management of software licenses, the Secretary of Veterans Affairs should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics. Agency Affected: Department of Veterans Affairs
85. Recommendation: To ensure the effective management of software licenses, the Secretary of Veterans Affairs should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making. Agency Affected: Department of Veterans Affairs
86. Recommendation: To ensure the effective management of software licenses, the Secretary of Veterans Affairs should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.
Status: Closed - Implemented Comments: In response to our recommendations, in July 2015, the department issued comprehensive software licensing policy that addressed the weaknesses identified in our report, including guidance for using analysis to better inform investment decision making. By establishing comprehensive software licensing policy, the Department is better able to ensure that it is consistently and costeffectively managing its software throughout the Department. Status: Closed - Implemented Comments: The Department of Veterans Affairs (VA) agreed with and implemented this recommendation. Specifically, in July 2015 VA issued Directive 6403, Software Asset Management, which documents the department's software license management policy and responsibilities for central management of agencywide software licenses. VA's policy for the management of software addresses the weaknesses we identified. By implementing our recommendation, VA should be able to consistently and cost-effectively manage software throughout the department. Status: Closed - Implemented Comments: In August 2017, VA provided documentation showing that it had implemented a solution to generate a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise wide licenses. A comprehensive inventory will better ensure compliance with software license agreements, and allow VA visibility that reduces redundant applications and identification of other cost saving opportunities. Status: Closed - Implemented Comments: In August 2017, Veterans Affairs provided documentation showing that it had implemented a solution to generate and maintain a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise wide licenses. As a result, the agency can ensure that it has the appropriate number of licenses for each item of software in use to reconcile with current use. Status: Closed - Implemented Comments: In August 2017, Veterans Affairs (VA) provided documentation showing that it had implemented a solution to analyze agency-wide software license data, including usage and costs. For example, VA reported that it has identified approximately $65 million in cost savings over 3 years due to analyzing one of their software licenses. As a result, VA is able to identify opportunities to reduce costs and better inform investment decision-making. Status: Closed - Implemented
Agency Affected: Department of Veterans Affairs
87. Recommendation: To ensure the effective management of software licenses, the Adminitrator of the Environmental Protection Agency should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified. Agency Affected: Environmental Protection Agency
88. Recommendation: To ensure the effective management of software licenses, the Adminitrator of the Environmental Protection Agency should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Environmental Protection Agency
89. Recommendation: To ensure the effective management of software licenses, the Adminitrator of the Environmental Protection Agency should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Environmental Protection Agency
90. Recommendation: To ensure the effective management of software licenses, the Adminitrator of the Environmental Protection Agency should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics. Agency Affected: Environmental Protection Agency
91. Recommendation: To ensure the effective management of software licenses, the Adminitrator of the Environmental Protection Agency should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making. Agency Affected: Environmental Protection Agency
92. Recommendation: To ensure the effective management of software licenses, the Adminitrator of the Environmental Protection Agency should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. Agency Affected: Environmental Protection Agency
93. Recommendation: To ensure the effective management of its software licenses, the Adminitrator of the General Services Administration should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified Agency Affected: General Services Administration
94. Recommendation: To ensure the effective management of its software licenses, the Adminitrator of the General Services Administration should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprisewide licenses. Agency Affected: General Services Administration
95. Recommendation: To ensure the effective management of its software licenses, the Adminitrator of the General Services Administration should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics. Agency Affected: General Services Administration
96. Recommendation: To ensure the effective management of its software licenses, the Adminitrator of the General Services Administration should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making. Agency Affected: General Services Administration
97. Recommendation: To ensure the effective management of its software licenses, the Adminitrator of the General Services Administration should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. Agency Affected: General Services Administration
98. Recommendation: To ensure the effective management of software licenses, the Adminitrator of the National Aeronautics and Space Administration should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses identified. Agency Affected: National Aeronautics and Space Administration
Comments: In November 2017, Veterans Affairs (VA) provided documentation showing that it had implemented software management training. The training addresses various aspects of software license management, including terms and conditions, acquisition, security planning, and configuration management. As a result, VA has enabled its employees to develop the skills and knowledge to perform their software license management roles effectively and efficiently. Status: Open Comments: In June 2017, Environment Protection Agency (EPA) reported that it is currently taking steps to develop a comprehensive policy that will address a centralized management program of licenses, an analysis to inform decision making, education and training goals and overall management throughout the lifecycle. In addition, EPA stated that it is still leveraging the efforts of the Continuous Diagnostics and Mitigation project as well as its Office of Acquisition Management's consolidation of its Microsoft suite. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation. Status: Open Comments: In June 2017, the Environment Protection Agency (EPA) reported that it is currently taking steps to develop a comprehensive policy that will address a centralized management program of licenses. In addition, EPA stated that it is still leveraging the efforts of the Continuous Diagnostics and Mitigation project as well as leveraging its Office of Acquisition Management's consolidation of enterprise licenses. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation. Status: Open Comments: In June 2017, EPA reported that it is currently leveraging its Continuous Diagnostics and Mitigation program for a comprehensive software license inventory. EPA also reported that this comprehensive inventory will be provided via an automated dashboard. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation. Status: Open Comments: In June 2017, the Environment Protection Agency (EPA) reported that it is currently leveraging its Continuous Diagnostics and Mitigation program for an automated tool that will establish a comprehensive software license inventory. EPA We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation. Status: Open Comments: In June 2017, the Environment Protection Agency reported that it is currently leveraging its Continuous Diagnostics and Mitigation program for a comprehensive software license inventory. that will be available by the second quarter of fiscal year 2017. EPA also stated that it has consolidated six of the agency's eight major software license contracts. In addition, EPA reported that it is currently conducting an analysis of licenses and maintenance with regards to category management to determine the current spend environment and visibility within the agency to develop strategies for addressing each platform. We will follow up with the agency to obtain supporting documentation and continue to monitor its progress in implementing this recommendation. Status: Open Comments: In June 2017, the Environment Protection Agency (EPA) reported that it is working to develop a robust training curriculum that addresses all software license requirements including but not limited to negotiations, laws and regulations, and contract terms and conditions department wide. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation. Status: Closed - Implemented Comments: The General Service Administration (GSA) agreed with, and has taken steps to implement this recommendation. Specifically, GSA has developed agency-wide policy for management of software licenses that addresses the weaknesses identified in our report. For example, in September 2015 GSA issued an order establishing a software license program that among other things identified clear roles, responsibilities, and central oversight authority within the administration for managing agency-wide software. In addition, the agency issued standard operating procedures for establishing a comprehensive inventory of software licenses using automated tools, regularly tracking and maintaining software licenses and analyzing software data to make cost-effective decisions. As a result, GSA will be able to more effectively manage its software licenses. Status: Closed - Implemented Comments: GSA agreed with this recommendation. In response, GSA established a comprehensive centralized inventory that incorporates elements of automated discovery and inventory tools that provide easy search and access to software license information, such as contract terms and agreement records. A comprehensive inventory will better ensure compliance with software license agreements, and allow GSA visibility that helps to reduce redundant applications and identify other cost-saving opportunities. Status: Closed - Implemented Comments: GSA agreed with, and has taken steps to implement this recommendation. GSA has implemented procedures requiring that it regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics; and update the inventory on a quarterly basis. As a result, the agency can ensure that it has the appropriate number of licenses for each item of software in use to reconcile with current use. Status: Closed - Implemented Comments: GSA agreed with, and has implemented this recommendation. GSA has analyzed its agency wide software license data to inform investment decisions. On a quarterly basis, GSA scans its agency-wide software inventory data to identify opportunities for software license consolidation opportunities and submits reports to GSA's information management. For example, in August 2016 provided evidence that it had analyzed its inventory of software license data and identified opportunities to consolidate several of its software products and identified an opportunity to establish an enterprise licensing agreement for one of its software products resulting in cost savings or cost avoidance totaling about five million dollars over about a three year period. Status: Closed - Implemented Comments: GSA agreed with, and has taken steps to implement the recommendation. Specifically, GSA has provided software license management training to appropriate agency personnel including training on contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. Sufficient software license management training should allow GSA employees to develop the skills and knowledge to perform their roles effectively and efficiently. Status: Closed - Implemented Comments: In response to our recommendation, in July 2017 NASA issued an Interim Directive on the management of software licenses that addresses the weaknesses identified in our report. For example, the Directive requires personnel involved in software license management to complete NASA's software management training. In addition, the Directive addresses the software license management life-cycle phases. As a result, NASA should be able to more effectively manage its agency-wide software licenses.
99. Recommendation: To ensure the effective management of software licenses, the Adminitrator of the National Aeronautics and Space Administration should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: National Aeronautics and Space Administration
100. Recommendation: To ensure the effective management of software licenses, the Adminitrator of the National Aeronautics and Space Administration should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprisewide licenses. Agency Affected: National Aeronautics and Space Administration
101. Recommendation: To ensure the effective management of software licenses, the Adminitrator of the National Aeronautics and Space Administration should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics. Agency Affected: National Aeronautics and Space Administration
102. Recommendation: To ensure the effective management of software licenses, the Adminitrator of the National Aeronautics and Space Administration should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making. Agency Affected: National Aeronautics and Space Administration
103. Recommendation: To ensure the effective management of software licenses, the Adminitrator of the National Aeronautics and Space Administration should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. Agency Affected: National Aeronautics and Space Administration
104. Recommendation: To ensure the effective management of software licenses, the Director of the National Science Foundation should develop an agencywide comprehensive policy for the management of software licenses that addresses the weaknesses we identified. Agency Affected: National Science Foundation
105. Recommendation: To ensure the effective management of software licenses, the Director of the National Science Foundation should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics. Agency Affected: National Science Foundation
106. Recommendation: To ensure the effective management of software licenses, the Director of the National Science Foundation should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making. Agency Affected: National Science Foundation
107. Recommendation: To ensure the effective management of software licenses, the Director of the National Science Foundation should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. Agency Affected: National Science Foundation
108. Recommendation: To ensure the effective management of software licenses, the Chairman of the Nuclear Regulatory Commission should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified. Agency Affected: Nuclear Regulatory Commission
109. Recommendation: To ensure the effective management of software licenses, the Chairman of the Nuclear Regulatory Commission should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Nuclear Regulatory Commission
Status: Closed - Implemented Comments: In response to our recommendation, in July 2017 NASA issued an Interim Directive which documents the administration's software license management policy including roles and responsibilities for central management of agency-wide software licenses. In addition, in May 2017 NASA's Administrator issued a memorandum requiring NASA components to use the agency's Enterprise License Management Team (ELMT) program for managing software licenses. By employing a centralized software license management approach, NASA should be able to more consistently and cost-effectively make agency-wide decisions on software licenses. Status: Closed - Implemented Comments: In August 2017, the National Aeronautics and Space Administration (NASA) implemented a software solution that generates an agency-wide inventory of software assets. A comprehensive inventory will better ensure compliance with software license agreements, and allow NASA visibility that reduces redundant applications and identification of other cost saving opportunities.
Status: Closed - Implemented Comments: In August 2017, the National Aeronautics and Space Administration (NASA) implemented a software solution that generates an agency-wide inventory of software assets. Further, the software updates the inventory as hardware or software changes in the environment, and NASA has the ability to generate inventory reports on demand. As a result, the agency can ensure that it has the appropriate number of licenses for each item of software in use to reconcile with current use. Status: Closed - Implemented Priority recommendation Comments: NASA has agreed with and implemented this recommendation. On an annual basis, NASA analyzes its agency-wide software license data to identify opportunities for software license cost avoidance. For example, NASA increased the number of software agreements managed by its enterprise license management team (ELMT) from 24 to 42 in fiscal year 2014 and analyzed the agency's software license data, such as cost, benefits, and usage to identify opportunities to reduce costs and make better informed investments moving forward. As a result of these actions, in fiscal year 2014, NASA avoided a cumulative cost of about $19.1 million. The agency also stated that it plans to continue to incrementally increase the number of ELMT-managed agreements in the future which should provide it opportunities to realize additional cost avoidance opportunities and better insight into the consumption of software in the future. Status: Closed - Implemented Comments: NASA agreed with, and implemented this recommendation. Specifically, NASA issued guidance in July 2017 requiring NASA personnel involved in software license management to complete the NASA Software Management training. In addition, in February 2017, NASA initiated software license management training that addressed negotiations, laws and regulations, and contract terms. Sufficient software license management training should allow NASA personnel involved with managing licenses to develop the skills and knowledge to perform their roles more effectively and efficiently. Status: Open Comments: In March 2017, National Science Foundation (NSF) reported on actions taken to implement this recommendation. For example, the agency reported that in July 2015 NSF issued a new acquisition policy that provides the Chief Information Officer central oversight authority for IT acquisitions including software agreements. However, the guidance does not specify policies on managing software licenses for regularly tracking and maintaining software licenses to assist the agency in implementing decisions throughout the software license management life cycle, analyzing software usage and other data to make costeffective decisions and providing training relevant to software license management. We will continue to monitor the agency's progress in implementing this recommendation. Status: Open Comments: In March 2017, the National Science Foundation (NSF) reported that it continues to regularly track and maintain a comprehensive inventory of software licenses. For example, NSF reported that in 2015 the agency implemented an automated tool to capture, track and report on software licenses. In addition, NSF reported that it is implementing a Continuous Diagnostic and Mitigation (CDM) capabilities to further consolidate and centralize management of the agency's software asset inventory in an automated way. However, NSF did not provide documentation showing that it regularly tracks and maintains its inventory using automated tools and metrics. We will follow-up with the agency to obtain supporting documentation and continue to monitor its progress in implementing this recommendation. Status: Open Comments: In March 2017, National Science Foundation (NSF) reported on its progress in analyzing agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making. However, NSF did not provide documentation demonstrating that it analyzed agency-wide software license data to inform investment decisions and identify opportunities to reduce costs. We will follow-up with the agency to obtain supporting documentation and continue to monitor its progress in implementing this recommendation. Status: Open Comments: In March 2017, National Science Foundation (NSF) reported that the agency is committed to providing software license training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. However, NFS did not provide documentation showing that this training include aspects of sufficient software license management training such as contract terms and conditions or negotiations. We will follow-up with the agency to obtain supporting documentation and continue to monitor its progress in implementing this recommendation. Status: Closed - Implemented Priority recommendation Comments: The Nuclear Regulatory Commission (NRC) implemented GAO's recommendation by updating its Information Technology Asset Management (ITAM) Policy to address the weaknesses identified in our report. Specifically, in December 2016, NRC updated its ITAM policy to include guidance on providing training relevant to software license management and considering the entire software license management life-cycle phases. By establishing comprehensive software licensing policy, NRC is better able to ensure that it is consistently and cost-effectively managing its software throughout the agency. Status: Open Comments: The Nuclear Regulatory Commission (NRC) has taken steps to implement this recommendation. For example, in March 2017, NRC reported that the agency's Software Manager is in the process of developing the NRC Software Management Centralization Plan to meet NRC's business needs and to ensure compliance with applicable Federal mandates and guidelines, including those from the Office of Management and Budget, the Federal Information Technology Acquisition Reform Act, the Federal Information Security Management Act, and from the National Institute of Standards and Technology. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
110. Recommendation: To ensure the effective management of software licenses, the Chairman of the Nuclear Regulatory Commission should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Nuclear Regulatory Commission
111. Recommendation: To ensure the effective management of software licenses, the Chairman of the Nuclear Regulatory Commission should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics. Agency Affected: Nuclear Regulatory Commission
112. Recommendation: To ensure the effective management of software licenses, the Chairman of the Nuclear Regulatory Commission should analyze agencywide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.
Status: Open Comments: In March 2017, the Nuclear Regulatory Commission (NRC) stated that a manual effort is underway to gather and verify data associated with the software on the list to complete a comprehensive inventory of software licenses. NRC also reported that it has developed requirements for an information technology asset management tool to support the establishment of a comprehensive inventory of software licenses using automated tools. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation. Status: Open Comments: In March 2017, the Nuclear Regulatory Commission (NRC) stated that a manual effort is underway to gather and verify data associated with the software on the list to complete a comprehensive inventory of software licenses. NRC also reported that it has developed requirements for an information technology asset management tool to support the establishment of a comprehensive inventory of software licenses using automated tools. Upon deployment of an automated tool, NRC reported that it will be able to regularly track and maintain a comprehensive inventory of all software licenses. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation. Status: Open Comments: In March 2017, the Nuclear Regulatory Commission (NRC) reported that the agency will analyze agency-wide software license data after it deploys an automated tool. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
Agency Affected: Nuclear Regulatory Commission
113. Recommendation: To ensure the effective management of software licenses, the Chairman of the Nuclear Regulatory Commission should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. Agency Affected: Nuclear Regulatory Commission
114. Recommendation: To ensure the effective management of software licenses, the Director of the Office of Personnel Management should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified Agency Affected: Office of Personnel Management
115. Recommendation: To ensure the effective management of software licenses, the Director of the Office of Personnel Management should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Office of Personnel Management
116. Recommendation: To ensure the effective management of software licenses, the Director of the Office of Personnel Management should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Office of Personnel Management
117. Recommendation: To ensure the effective management of software licenses, the Director of the Office of Personnel Management should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics. Agency Affected: Office of Personnel Management
118. Recommendation: To ensure the effective management of software licenses, the Director of the Office of Personnel Management should analyze agencywide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.
Status: Open Comments: In March 2017, the Nuclear Regulatory Commission (NRC) reported that the agency plans to provide software license management training to all key personnel. NRC also reported that its software training is currently being developed by the Office of Management and Budget, the Federal Acquisition Institute and the Defense Acquisition University. We will follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation. Status: Open Comments: OPM concurred with this recommendation and in September 2015, reported that it had developed a guide to capture enterprise architecture (EA) lifecycle activities including software licensing management, acquisition, and requirements during several points of the project lifecycle. We contacted the agency and, as of September 2017, are awaiting a response on the current status of efforts to implement this recommendation. Status: Open Comments: OPM concurred with this recommendation and in September 2015 reported that it is finalizing a revised Life Cycle Management draft policy which will use stage gate reviews to evaluate the progress of projects including software licenses throughout the agency. According to OPM, once the new policy is approved, OPM subject matter experts will review project documentation during stage gates reviews to make written recommendations on whether projects should continue. OPM's Investment Review Board will then review that recommendation and other procurement documentation to make a final recommendation to the OPM Director. We contacted the agency and, as of September 2017, are awaiting a response on the current status of efforts to implement this recommendation. Status: Open Comments: OPM concurred with this recommendation and in September 2015 OPM reported that it acquired an enterprise architecture repository tool and is collecting information on its software applications. OPM also reported that it is assembling and performing quality reviews on hardware and software lists currently maintained in spreadsheets, in its EA Systems database, and Remedy database in order to consolidate the entire hardware and software asset inventory. We contacted the department and, as of September 2017, are awaiting a response on the current status of efforts to implement this recommendation. Status: Open Comments: OPM concurred with this recommendation and in September 2015 OPM reported that it acquired an enterprise architecture repository tool and is collecting information on its software applications. We contacted the department and, as of September 2017, are awaiting a response on the current status of efforts to implement this recommendation. Status: Open Comments: In written comments to our report, OPM concurred with our recommendations and noted actions the agency plans to take. We contacted the department and, as of September 2017, are awaiting a response on the current status of efforts to implement this recommendation.
Agency Affected: Office of Personnel Management
119. Recommendation: To ensure the effective management of software licenses, the Director of the Office of Personnel Management should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management.
Status: Open Comments: In written comments to our report, OPM concurred with our recommendations and noted actions the agency plans to take. We contacted the department and, as of September 2017, are awaiting a response on the current status of efforts to implement this recommendation.
Agency Affected: Office of Personnel Management
120. Recommendation: To ensure the effective management of software licenses, the Administrator of the Small Business Administration should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified. Agency Affected: Small Business Administration
121. Recommendation: To ensure the effective management of software licenses, the Administrator of the Small Business Administration should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses.
Status: Open Priority recommendation Comments: In August 2017, the Small Business Administration (SBA) reported that it has developed and implemented enterprise policies to better manage its software. In addition, SBA reported that it is developing software asset policy and anticipates having it in place by the second quarter of fiscal year 2018. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation. Status: Open Comments: In August 2017, the Small Business Administration (SBA) reported that it has centralized the agency software license management through its Office of the Chief Information Officer. We will follow up with the agency to obtain documentation verifying the implementation of this recommendation.
Agency Affected: Small Business Administration
122. Recommendation: To ensure the effective management of software licenses, the Administrator of the Small Business Administration should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Small Business Administration
Status: Open Comments: In August 2017, the Small Business Administration (SBA) reported that the agency has taken several key steps to establish and build a comprehensive enterprise software inventory such as the use of Microsoft enterprise inventory tools. SBA also reported that it anticipates completing a comprehensive software license inventory by the second quarter of fiscal year 2018. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation.
123. Recommendation: To ensure the effective management of software licenses, the Administrator of the Small Business Administration should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics. Agency Affected: Small Business Administration
124. Recommendation: To ensure the effective management of software licenses, the Administrator of the Small Business Administration should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making. Agency Affected: Small Business Administration
125. Recommendation: To ensure the effective management of software licenses, the Administrator of the Small Business Administration should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. Agency Affected: Small Business Administration
126. Recommendation: To ensure the effective management of software licenses, the Commissioner of the Social Security Administration should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified Agency Affected: Social Security Administration
127. Recommendation: To ensure the effective management of software licenses, the Commissioner of the Social Security Administration should employ a centralized software license management approach that is coordinated and integrated with key personnel for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Social Security Administration
128. Recommendation: To ensure the effective management of software licenses, the Commissioner of the Social Security Administration should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprise-wide licenses. Agency Affected: Social Security Administration
129. Recommendation: To ensure the effective management of software licenses, the Commissioner of the Social Security Administration should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics. Agency Affected: Social Security Administration
130. Recommendation: To ensure the effective management of software licenses, the Commissioner of the Social Security Administration should analyze agency-wide departmental software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making. Agency Affected: Social Security Administration
131. Recommendation: To ensure the effective management of software licenses, the Commissioner of the Social Security Administration should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. Agency Affected: Social Security Administration
132. Recommendation: To ensure the effective management of software licenses, the Administrator of the U.S. Agency for International Development should develop an agency-wide comprehensive policy for the management of software licenses that addresses the weaknesses we identified. Agency Affected: United States Agency for International Development
133. Recommendation: To ensure the effective management of software licenses, the Administrator of the U.S. Agency for International Development should establish a comprehensive inventory of software licenses using automated tools for the majority of agency software license spending and/or enterprisewide licenses. Agency Affected: United States Agency for International Development
134. Recommendation: To ensure the effective management of software licenses, the Administrator of the U.S. Agency for International Development should regularly track and maintain a comprehensive inventory of software licenses using automated tools and metrics. Agency Affected: United States Agency for International Development
135. Recommendation: To ensure the effective management of software licenses, the Administrator of the U.S. Agency for International Development should analyze agency-wide software license data, such as costs, benefits, usage, and trending data, to identify opportunities to reduce costs and better inform investment decision making.
Status: Open Priority recommendation Comments: In August 2017, the Small Business Administration (SBA) reported that it has replaced multiple standalone inventory tracking tools with Microsoft System Center 2016 which provides the SBA enterprise with a single automated tool capability. SBA also reported that it anticipates completing a comprehensive software license inventory by the second quarter of fiscal year 2018. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation. Status: Open Comments: In August 2017, the Small Business Administration (SBA) reported on actions taken to analyze agency-wide software license data. For example, SBA reported that its Office of the Chief Information Office is leading an agency-wide effort to ensure that SBA is only purchasing the number of licenses needed during the renewal of software licensing contracts. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation. Status: Open Comments: In August 2017, the Small Business Administration (SBA) reported on actions taken to provide software license management training. For example, SBA reported that officials in the Office of the Chief Information Officer have held multiple sessions on Microsoft licensing practices as well as software licensing, in general. We plan to follow up with the agency to obtain supporting documents and continue to monitor its progress in implementing this recommendation. Status: Open Comments: The Social Security Administration agreed with this recommendation, and in response, developed an agency-wide policy for the management of software licenses that addresses six of the seven key elements that a comprehensive software license should specify, including identifying clear roles, responsibilities, and central oversight authority for agency wide software licenses; and analyzing software license usage to make cost effective decisions. However, SSA's policy did not include guidance on providing appropriate agency personnel with sufficient software management training. We will continue to work with SSA and monitor the agency's progress in implementing this recommendation. Status: Open Comments: The Social Security Administration (SSA) agreed with and has taken initial steps to implement our recommendation. In August 2017, SSA reported that it has established an informal workgroup to share software license management plans and processes. In addition, SSA's Information Technology Asset Management Policy discusses the agency's plan for a centralized software license management approach. We will continue to monitor SSA's progress in implementing this recommendation. Status: Open Comments: In August 2017, the Social Security Administration (SSA) reported on actions taken to address this recommendation. For example, SSA reported that it has installed a new version of an asset directory on its mainframe. The agency plans to implement additional software to assist with developing a software license inventory in fiscal year 2018. We will continue to monitor SSA's progress in implementing this recommendation. Status: Open Comments: In August 2017, the Social Security Administration (SSA) reported on actions taken to address this recommendation. For example, SSA reported that it has installed a new version of an asset directory on its Mainframe. The agency plans to implement additional software to assist with developing a software license inventory in fiscal year 2018. We will continue to monitor SSA's progress in implementing this recommendation. Status: Open Comments: The Social Security Administration (SSA) agreed with and has taken steps to implement our recommendation. In August 2017, SSA reported that it currently gathers data and conducts yearly exercises concerning its Microsoft software and reported on efforts to provide SSA the capability to analyze agencywide software license data. We will continue to monitor the SSA's progress in implementing this recommendation. Status: Open Comments: In October 2017, Social Security Administration (SSA) officials stated that personnel responsible for software acquisition receive regular training. However, the agency has not yet provided documentation showing that this training addresses software license management. We will continue to monitor the SSA's progress in implementing this recommendation.
Status: Closed - Implemented Comments: USAID has developed an agency-wide comprehensive policy and procedures for the management of software licenses that addresses the weaknesses we identified in our report. For example, in April 2015 USDAID issued a standard operating procedure that documents the roles and responsibilities for managing its enterprise software licenses and establishes procedures for tracking and maintaining an agency-wide software license inventory using automated tools and for analyzing software inventory data. In addition, in November 2016, USAID implemented procedures to provide appropriate agency personnel sufficient training on software license management. By establishing comprehensive software licensing policy and procedures, USAID is better positioned to ensure that it consistently and cost-effectively manages its software throughout the department. Status: Closed - Implemented Comments: The US Agency for International Development (USAID) has implemented this recommendation. USAID provided evidence that it has established and maintains a comprehensive inventory of software licenses using automated tools for the majority of agency enterprise-wide software licenses. In addition, USAID established a documented process to review and update of the inventory. A comprehensive inventory will better ensure compliance with software license agreements, and allow USAID agency-wide visibility that can help consolidate redundant applications and the identification of other cost-saving opportunities. Status: Closed - Implemented Comments: USAID has established a process and procedures to track and maintain a comprehensive inventory of software licenses using automated tools and metrics. For example, in April 2015 USDAID issued a standard operating procedure that documents the roles and responsibilities for tracking and updating the software inventory for new purchases, maintenance renewal and the retirement of software. In addition, in September 2016, USAID provided several documents on its software inventory tracking efforts including the agency's September 2016 updated software and hardware master inventory tracking report, demonstrating that USAID regularly tracks and maintains its inventory of software licenses using automated tools and metrics. Implementing this recommendation will help USAID ensure that its software licenses are used in compliance with licensing agreements and cost-effectively deployed. Status: Closed - Implemented
Agency Affected: United States Agency for International Development
136. Recommendation: To ensure the effective management of software licenses, the Administrator of the U.S. Agency for International Development should provide software license management training to appropriate agency personnel addressing contract terms and conditions, negotiations, laws and regulations, acquisition, security planning, and configuration management. Agency Affected: United States Agency for International Development
Comments: The US Agency for International Development (USAID) agreed with and has implemented this recommendation. USAID developed standard operating procedures for analyzing agency-wide software data and began to analyze its agency-wide software license data, such as costs and business value to identify opportunities to reduce costs through consolidation and/or elimination of software. For example, USAID held software license rightsizing discussions on the results of its analyses of fiscal year 2016 software license data to inform investment decisions. As a result of these actions, in fiscal year 2016 USAID realized cost savings of $639,561 through the reduction and elimination of selected software license contracts. Status: Closed - Implemented Comments: USAID agreed with this recommendation and subsequently implemented a program to provide appropriate agency personnel training on software license management including training on contract terms and conditions, negotiations, laws and regulations, acquisitions, security planning and configuration management. In addition, in October 2016 USAID issued its Asset Management Training Plan documenting the training schedule and topics to be delivered in 2016 and 2017 to the agencys Asset Management Team and individual training sessions for new hires. For example, in November 2016, USAID provided software license training focused on both the agencys software license renewal process and new software procurement process. As a result, USAID staff involved in managing software licenses should have the skills and knowledge to better perform their roles effectively and efficiently.
