6th Quarterly Report

President Clinton is committed to ensuring that Federal agencies are meeting the challenges posed by the year 2000 computer problem and to making sure that critical government services will not be disrupted by the transition to the year 2000. Since the last quarterly report, agencies have continued to make progress in their year 2000 efforts. As of August 15:

Of the Government's 7,343 mission-critical systems, 50 percent are now year 2000 compliant -- up from 40 percent in May. Of the remaining systems, 40 percent are being repaired, 9 percent are being replaced, and 1 percent are being retired.
Of the systems being repaired, 71 percent have now been renovated -- up from 55 percent in May.
For instances where system failures are possible, agencies are developing plans to assure continuity of their core business functions. Completing and testing these plans will become increasingly important as we approach the year 2000.

Individually, nine of the 24 major Federal agencies, grouped into Tier 3, are identified as continuing to make adequate progress on the year 2000 problem. Among these agencies, 74 percent of mission-critical systems are now year 2000 compliant, and 89 percent of systems being repaired have now been renovated.

At the same time, many agencies continue to face significant challenges in their year 2000 efforts. Eight agencies are identified as making progress, but with concerns (Tier 2), and seven are identified as not making adequate progress (Tier 1). In this report, one agency, the State Department, was downgraded to Tier 1. While increased high-level focus on the problem has resulted in improvement at some of the most troubled agencies, their overall progress must increase if they are to meet the Government-wide year 2000 milestones for completing their work by March 31, 1999.

To ensure that agencies are prioritizing their year 2000 efforts, on June 19, 1998, OMB directed all agencies of concern (Tiers 1 and 2) to provide to OMB their plans for monthly progress, and to subsequently provide to OMB, on a monthly basis, a report which measures progress against those plans. In addition, John Koskinen, Assistant to the President and Chair of the President's Council on Year 2000 Conversion, now attends monthly senior management meetings of the Tier 1 Cabinet agencies about the year 2000 problem.

Moreover, based on the rankings of this report, Vice President Gore on September 2 met with heads and senior officials of the Departments of Defense, Education, Energy, Health and Human Services, State, and Transportation, and of the U.S. Agency for International Development to review their plans for prioritizing year 2000 efforts.

On cost, agencies now estimate they will spend $5.4 billion fixing the problem in Federal systems -- up from $5 billion in May. This increase is consistent with the President’s budget request, which anticipated that additional requirements would emerge over the course of the year and included an allocation to provide flexible funding to address emerging needs. In fact, additional needs for one-time funding have been arising as anticipated. This increase is due, in part, to the success of verification and validation efforts which have enabled agencies to better ascertain the compliance of their systems. In response to these needs, the Administration supports Congressional action to create an emergency funding mechanism for Y2K computer conversion requirements. This action is consistent with the President's budget.

A number of Government-wide efforts are underway to coordinate progress in the areas of telecommunications, buildings systems, and bio-medical devices and laboratory equipment. These efforts have encountered resistance from some vendors, who, at times, are reluctant to provide the Federal Government with information about the compliance of their products. The Administration's proposed "Year 2000 Information Disclosure Act" would help to eliminate many of the barriers to information sharing. In the areas of Federal/State data exchanges, most Federal agencies have provided status information, as have most States.

Progress on Year 2000 Conversion
Report of the U.S. Office of Management and Budget
as of August 15, 1998

I. INTRODUCTION

This report is the sixth in a series of quarterly summary reports to Congress on the Administration's progress in fixing the year 2000 ("Y2K") computer problem in Federal systems. It outlines the continuing work to avert the problems that could occur if systems are not able to correctly process the year 2000. This summarizes data received from the 24 agencies that make up the Federal Chief Information Officers' (CIO) Council and from nine small and independent agencies. These data were due to OMB on August 15, 1998.^1/ It also describes the status of government-wide activities underway. This report and all previous reports are available on OMB's web site [/OMB], on the web site for the President's Council on Year 2000 Conversion [http://www.y2k.gov], or on the Federal Chief Information Officers' web page [http://cio.gov].^2/

OMB's initial Y2K report, entitled "Getting Federal Computers Ready for the Year 2000," was transmitted February 6, 1997. The report outlined the Federal Government's strategy to address the Y2K problem in its systems, one that remains predicated on agency accountability. The Government's approach follows the five phases of awareness, assessment, renovation, validation, and implementation. Working with the CIO Council, OMB set government-wide milestones for the completion of each phase. Agencies then established plans for each phase. The five phases overlap -- for example, validation of some systems begins while renovation of others continues.

The Administration has taken several significant steps during the last quarter to spur progress on the problem within and beyond the Federal Government. At a July 14 event on the Y2K problem, President Clinton and Vice President Gore underscored the importance of preparing systems for the year 2000, not only within the Federal government, but in the private sector as well. The President's Council on Year 2000 Conversion, which began operations in March and is chaired by Assistant to the President John Koskinen, has continued its efforts to increase awareness of the problem beyond the Federal Government. Under the Council's direction, agencies are reaching out to private sector organizations, State and local governments, and international institutions in their policy areas and are participating on 35 Council working groups to address year 2000 activities in key economic sectors. The working groups are working closely with industry to facilitate and coordinate information sharing on year 2000 progress and solutions. Their efforts are an important part of the Council's "National Campaign for Year 2000 Solutions," which was kicked-off at a July 28 event focused on the Y2K problem's implications for the electric power industry.

^1/ Except where noted, the summary data provided in this report refer solely to the 24 agencies on the CIO Council.

^2/ A list of key Federal year 2000 web sites may be found on the last page of this report.

The Administration also recognizes a critical need for industry to share information about their year 2000 problems and solutions with each other and with the public. Such sharing and cooperation is essential to making sure that companies can avoid "reinventing the wheel" and can proceed with their fixes in the most effective and timely way. Accordingly, the Administration has proposed the "Year 2000 Information Disclosure Act," which would encourage companies to share information about possible solutions to year 2000 problems.

The Administration has taken significant actions in the last quarter to ensure that agencies are focusing on compliance. On June 19, 1998, OMB directed all agencies in Tier 1 (those where there is insufficient evidence of adequate progress) and Tier 2 (those that have demonstrated progress, but still are of concern) to provide to OMB plans for monthly progress, and to subsequently provide to OMB, on a monthly basis, reports which measure actual progress against those plans. In addition, John Koskinen is now attending the monthly senior management meetings of Tier 1 agencies on the year 2000 problem to work with them on their programs. And on September 2, the Vice President met with heads and senior officials of Tier 1 Cabinet agencies, based on this report -- the Departments of Defense, Education, Energy, Health and Human Services, State, and Transportation, and the U.S. Agency for International Development. He stressed the importance surmounting obstacles to year 2000 progress.

II. SUMMARY OF GOVERNMENT-WIDE PROGRESS

This summary report shows that:

Only two agencies -- AID and HHS -- are working toward dates that are beyond the Government-wide milestones or the completion of their Y2K work. The government-wide milestones are completion of renovation by September 1998, validation by January 1999, and implementation by March 1999. Some agencies -- Justice, Treasury, GSA, OPM, SBA, and SSA -- have set goals ahead of the Government-wide milestones. (See Appendix A, Table 1.)
Senior Federal managers continue to reevaluate which systems are truly critical to their organizations' missions and reset their priorities accordingly. Agencies now identify 7,343 mission critical systems, which is slightly more than the 7,336 identified in the May report. (See Appendix A, Table 2.)
Of the 7,343 mission critical systems, 50 percent (3,692) are now year 2000 compliant, compared to 40 percent in the previous report. This includes systems repaired, replaced, and those that were already compliant. (See Appendix A, Table 2.)
Of the 7,343 mission critical systems, 40 percent (2,910) are still being repaired; 9 percent (650) are still being replaced; and 1 percent (91) will be retired. (See Appendix A, Table 2.)
Of those systems that have been or will be repaired, 71 percent have completed renovation, an increase from 55 percent in the previous report. Forty-four percent have now completed validation, while implementation is now 37 percent complete. (See Appendix A, Table 3.)
Agencies now estimate they will spend $5.4 billion fixing the problem from fiscal year 1996 through fiscal year 2000, an increase from $5.0 billion in the previous report.^3/ (See Appendix A, Table 4.) This is consistent with the President's budget, which anticipated that requirements would emerge over the course of the year and included an allocation to provide flexible funding to address emerging needs. In fact, as anticipated, additional needs for one-time funding have been rising.
This increase in estimated cost is attributable to refinement of estimates as agencies move through the phases of renovation and validation and to the newly-found costs associated with fixing the embedded chip problem. To the extent that agencies encounter unexpected difficulties, these estimates will continue to rise. Moreover, as agencies work through the validation phase and develop continuity of business plans, it is possible that some agencies will determine that they require significant additional funding. Such funding must be made available quickly in order to ensure that work proceeds without interruption. The Administration supports Congressional action to create an emergency funding provision for Y2K computer conversion requirements. This action is consistent with the President's budget.
Most agencies report that they have completed their assessments of non-mission critical systems. By definition, such systems are less critical to the functioning of the agencies, but many are still important. All of the agencies reported they have an active program to fix these systems, albeit as a lower priority.
Most agencies report that they have taken steps to assess embedded chip problems. This area is of increasing concern.

^3/ These estimates include the costs of identifying necessary changes, evaluating the cost effectiveness of making those changes (fix or scrap decisions), making changes, testing systems, and preparing contingencies for failure recovery. They include the costs for fixing both mission critical and non-mission critical systems, as well non-information technology products and systems such as air conditioning and heating. They do not include the costs of upgrades or replacements that would otherwise occur as part of the normal systems life cycle. They also do not include the Federal share of the costs for state information systems that support Federal programs.

The Federal Government continues to make progress in addressing the year 2000 problem. However, the overall rate of progress for some agencies is still not fast enough. OMB has categorized agencies into one of three tiers. Tier 1 comprises agencies where there is insufficient evidence of adequate progress. For agencies in Tier 2, OMB sees evidence of progress, but also has concerns. The remaining agencies in Tier 3 are making satisfactory progress.

Although 74 percent of Tier 3 agency systems are compliant, only 42 percent of Tier 1 agency are compliant. The following table provides detail on the progress of the agencies by tier.

Table 1
Government-wide Summary -- Year 2000 Status
Mission-Critical Systems

Agency Status	All Systems	Systems Being Repaired
Agency Status	Y2K Compliant ^4/	Renovation Complete ^5/	Implementation Complete ^6/
Tier Three (VA, EPA, FEMA, GSA, NASA, NRC, NSF, SBA, SSA)	74%	89%	70%
Tier Two (USDA, DOC, HUD, DOI, DOL, DOJ, Treasury, OPM)	56%	72%	42%
Tier One (DoD, Education, DOE, HHS, State, Transportation, AID)	42%	66%	24%
All Agencies	50%	71%	37%

^4/ Percentage of all mission-critical systems that will accurately process data through the century change; these systems have been tested and are operational and includes systems that have been repaired and replaced, as well as those that were found to be already compliant.

^5/ Percentage of mission-critical systems that have been or are being repaired; "Renovation complete" means that necessary changes to a system's databases and/or software have been made.

^6/ Percentage of mission-critical systems that are being or have been repaired; "Implementation Complete" means that the system has been tested for compliance and has been integrated into the system environment where the agency performs its routine information processing activities. For more information on definitions, see GAO/AIMD-10.1.14, "Year 2000 Computing Crisis: An Assessment Guide," September 1997, available at http://cio.gov under Year 2000 Documents.

During the last quarter, the Administration took several steps to focus management attention and resources to this problem in order to ensure that solving the year 2000 problem is the agencies' top management priority. As mentioned previously, John Koskinen attending the monthly senior management meetings of the Tier 1 Cabinet agencies on the year 2000 problem to engage in discussions of ways to evaluate and prioritize work. In addition, to better focus management attention on plans and progress, all agencies that were rated as Tier 1 or Tier 2 were requested to provide to OMB their plans for meeting their renovation, validation, and implementation goals with monthly benchmarks. These agencies are now reporting monthly on their progress against those benchmarks. These plans and progress reports are a factor in OMB's evaluation of agency-specific progress as outlined in section IV.

Finally, agencies are required to report on any mission-critical systems for which year 2000 renovation or replacements have fallen more than two months behind schedule. Agencies are also required to report on any system that will not meet the March 1999 target for completion of implementation. These agency exception reports are summarized in Appendix B.

A significant number of these plans show agencies completing work on a large number of systems in the month just before their target dates -- usually March 1999. This is troubling, as information technology projects in general are prone to unanticipated complications and delays. In response to this end-loading of work in plans, some agencies have taken strong and aggressive management action to make sure that their goals are met. For example, the Secretary of Defense, on August 7, 1998, directed detailed reviews and reports of the status of year 2000 implementation by each of the Unified Commanders-in-Chief and warned that, as of October 1, IT funding for the owners of some systems may be withheld if there is not sufficient evidence of progress.

III. GOVERNMENT-WIDE ISSUES

VERIFICATION EFFORTS

Independent verification assists senior management by providing a double-check that their mission-critical systems will, in fact, be ready. All large agencies have independent verification programs underway for that reason. These activities are paying off, as agencies have realized that some systems, which were considered compliant, were not. This process allows management sufficient time to take action.

It is essential that accurate information be reported to senior management in a timely manner, so that they can take appropriate action. Agency Inspectors General have been helpful to senior management in this regard as well. They are, for example, taking an active role in verifying the accuracy of reports to senior agency management and reports to OMB and the Congress.

CONTINGENCY PLANNING AND CONTINUITY OF BUSINESS PLANNING

In the reports this quarter, agencies have provided more detailed information on contingency planning for those systems that are expected to miss the March 1999 deadline for implementation. (See Appendix 5.) In addition, although most agencies provided some information on the steps they are taking to develop continuity of business plans, a great deal of work remains to be done. These plans should describe risk mitigation strategies and work-around alternatives to ensure the continuity of the agency's core business functions. Such functions rely not only on the agency's internal systems, but also on services outside of the agency's control, such as the ability of suppliers to provide products, services, or data, or the loss of critical infrastructure. This work remains in its early stages, but, given its importance, will be addressed by agencies in coming months.

To support agencies in these efforts, the Year 2000 Committee of the CIO Council worked with GAO to develop guidance on continuity of business planning.^7/ The Business Continuity and Contingency Plan of the Social Security Administration was shared with other agencies as a model. In addition, on July 22, 1998, OMB issued "Revised Reporting Requirements for Year 2000 Efforts" (M-98-12), which asked for additional information on contingency planning and continuity of business planning.

FUNDING

The President's budget anticipated that additional requirements would emerge over the course of the year and included an allocation to provide flexible funding to address emerging needs. In fact, additional needs for one-time funding have been rising as anticipated.

In response to these additional needs, on August 13, 1998, OMB asked agencies to provide to OMB their comprehensive plans and associated funding requirements for achieving year 2000 compliance. This information will augment the quarterly reports to OMB and will be used to assess the possible need for additional funding for each agency.

The Administration supports Congressional action to create an emergency fund mechanism for Y2K computer conversion requirements. This action is consistent with the President's budget. If approved by the Congress, such a fund could make up to $3.25 billion available to the agencies, to be used exclusively for the direct costs of addressing the year 2000 problem. The availability of these funds would be contingent upon the President's certification that these are, in fact, emergency requirements. These funds would be available to cover the unanticipated costs of agency year 2000 efforts for all types of information technology, including computer software and hardware, telecommunications systems and their components, and other systems and components (such as building security systems and medical devices) that contain or depend on embedded microchips. OMB expects that such funding will be particularly important for problems uncovered as a result of verification and validation efforts and for contingency planning and continuity of business planning.

^7/ GAO report, "Year 2000 Computing Crisis: Business Continuity and Contingency Planning." July, 1998; GAO/AIMD-10.1.19.

GOVERNMENT-WIDE INITIATIVES

The Chief Information Officers (CIO) Council Committee on the Year 2000 has a established Subcommittees on Telecommunications, on Buildings, and on Biomedical Devices and Laboratory Equipment, to work on government-wide areas where the Y2K problem occurs outside of computer systems. In these areas, the problem occurs in commercial products that rely on computers or have computer chips inside them; the problem needs to be fixed by manufacturers of those products. The Committee has also established a subcommittee on State Issues that is focusing on ensuring that exchanges of data between the Federal government and the States will not be interrupted.

Information sharing among vendors, manufacturers, service providers, and customers -- in this case, Federal agencies -- about year 2000 problems and solutions is critical. Despite intense efforts on the part of the Federal Government, many vendors, manufacturers, and service providers are reluctant to share information. In most cases, they fear that such information will be used as the basis for a liability lawsuit later -- despite the fact that failure to share information increases the probability that their products will not be ready in time. In response, the Administration has proposed the "Year 2000 Information Disclosure Act," which would encourage companies to share information about possible solutions to year 2000 problems.

Telecommunications Systems

Like the private sector, the Federal agencies are reliant upon commercial vendors and the information they supply to address the compliance of their telecommunications systems. GSA owns, manages, or resells consolidated telecommunications services to Federal agencies throughout the United States. In most cases, agencies must work with telecommunications vendors to receive system upgrades; a number of agencies have expressed frustration that some vendors have been slow to either provide information about the status of their products or to repair the system.

The Telecommunications Subcommittee, chaired by GSA's Federal Technology Service (FTS), is working with industry to ensure that the telecommunications services and systems provided to the Federal Government are year 2000 compliant. FTS has completed its inventory and assessment for all GSA Consolidated Systems, which provide local telecommunications services (including hardware, licensed proprietary software, and features such as voice mail) to Federal agencies nationwide.

Through special interest groups for testing telecommunications equipment, the Subcommittee has established a government-wide database with information about compliant and non-compliant telecommunications products. This database is available for vendors to post the status of their products at http://y2k.fts.gsa.gov. The site also provides links to the Web sites of more than 50 vendors.

The Federal Government will participate in network interoperability testing of certain critical systems scheduled by industry for early 1999. Thus far, testing has shown that 90 percent of the PBXs owned by GSA are already compliant. For the remaining 10 percent, manufacturers have indicated that they will provide upgrade solutions. With respect to service obtained from Local Exchange Carriers (LECs), GSA is contacting LEC service providers for information on their year 2000 status which it is then providing to other Federal agency users.

In the Washington Metropolitan Area, the Washington Interagency Telecommunications Systems (WITS) provides approximately 170,000 analog and digital lines supporting both data and voice applications to Federal agencies. The system was fixed in July 1998.

FTS 2000

Through the Government's FTS 2000 contract, GSA is responsible for ensuring year 2000 compliance for all Federal Government long distance telecommunications. GSA intends to transition to FTS2001 contracts where possible before the onset of the year 2000 to ensure compliance and a smooth transition. In the event that the transition to FTS2001 has not been completed by January 1, 2000, GSA has a contingency plan to use Sprint and AT&T FTS2000 services. Both companies have made formal commitments that their systems will be year 2000 compliant prior to the year 2000.

International Telecommunications

Within the United States, the International Direct Distance Dialing contract with AT&T that is managed by FTS has been certified compliant. Overseas, however, Federal agencies that have extensive foreign operations are reviewing the effect that the year 2000 may have on their ability to communicate with their overseas offices, which depend on the telecommunications infrastructures of other countries. The State Department has determined that more than 90 percent of the telecommunications equipment it operates overseas is compliant or can be operated in a manual mode. Roughly 5 percent of its telecommunications services are supported by equipment that is operated by the host nation. Several agencies, including the Peace Corps and the Agency for International Development, have expressed concern that overseas operations in some countries may be adversely affected by host nation telecommunications problems. In these instances, international agencies are working together to develop contingency plans or to identify backup systems, such as satellites, to ensure communications are maintained.

Other Government-wide Telecommunications Services

The equipment supplied by the Federal Wireless Telecommunications Service (FWTS) has been certified compliant by GTE. Contracts for the Wire and Cable Service; Electronic Commerce, Internet, and E-Mail Access; and Technical and Management Support contain year 2000 compliance clauses. All task orders for the Telecommunications Support Contract 2, which provides consulting and telecommunications services, include year 2000 compliance clauses.

Buildings Systems

Many products or systems in buildings, such as security systems, elevators, or heating and air conditioning systems, contain embedded chips. Frequently, these chips include a date function that helps run the system -- for example, to time maintenance procedures or to regulate temperature. If this date function is not year 2000 compliant, then the chip may not work. This problem is particularly complex, because chip manufacturers do not closely track how these chips are used. In addition, a manufacturer of equipment (such as a security system) is unlikely to know the status of the chips it is using. It may also be difficult to accurately test the compliance of these chips in a working environment. Once non-compliant chips are identified, they must be replaced. This otherwise simple task of replacement is complicated by the large numbers of such chips and the lack of complete information about where they are located.

In response, GSA is contacting the vendors and manufacturers of all equipment in all GSA-owned or GSA-managed buildings to determine the compliance or non-compliance of equipment and to determine any necessary remedial action. Based on this outreach, elevators, once thought to be highly susceptible, are no longer considered to be a concern. On the other hand, security/access systems are now coming under closer scrutiny.

In addition, GSA has established a website (http://globe.lmi.org/lmi_pbs/y2kproducts/) that provides year 2000 information for building systems products. While there are now over 9,000 products listed on this site (up from 6,000 in the previous report), less than 5 percent of all products are identified as non-compliant. Another website has been established which allows personnel from Federal agencies to determine the year 2000 compliance status of Federally owned and leased facilities. This site is for Federal Government use only.

GSA Owned or Managed Buildings

To ensure that Federal buildings are ready for the year 2000, the CIO Council established the Building Systems Subcommittee, which is chaired by GSA's Public Buildings Service (PBS). Their charge is to ensure that any equipment that contains embedded chips in GSA- owned or GSA-managed buildings is year 2000 compliant. In space where GSA is the owner, PBS continues to thoroughly review inventory and coordinate with vendors and manufacturers of equipment that contains embedded chips. Approximately 75 percent of the GSA building inventory has been surveyed to identify equipment considered susceptible to year 2000 issues.

GSA Leased Buildings

GSA is also working closely with the owners of buildings that are leased by GSA. For leased space, GSA sent letters that describe potential problems associated with building systems containing embedded microchips and requesting that lessors certify their space as year 2000 compliant. About 40 percent responded. GSA will send follow-up letters to non-responsive lessors and will forward brief surveys for "high-risk" leased locations within 60 days. Through a contractor, GSA is developing compliance reports for each building in order to provide building managers with the basis for developing remedial action plans. Finally, a year 2000 clause was developed for inclusion in all Solicitations For Offers for all new leased space.

Other Federal Government Buildings

The Subcommittee also holds monthly meetings with representatives from 45 Federal agencies and bureaus in order to disseminate information to tenant agencies as well as share information with agencies that own or manage their own buildings.

Contingency Planning for Buildings

GSA has also established a Business Continuity and Contingency Planning (BCCP) Task Force. This interagency task force is developing a model BCCP for buildings for use by Federal agencies. The BCCP will be organized around core business processes. The BCCP will also be made available to the public.

Biomedical Devices and Laboratory Equipment

Biomedical devices and laboratory equipment often rely on computer chips to help provide timing and maintenance functions. Although the effects on many devices are not serious, for others, they may result in equipment failure. Such failure will put patients at risk. Federal agencies and private sector users of biomedical devices and laboratory equipment need to know which equipment is susceptible to failure and must take corrective action.

To provide better information on the status of biomedical devices and laboratory equipment to the Federal agencies that own and use such devices, the CIO Council Year 2000 Committee established the Biomedical Equipment Subcommittee, chaired by the Department of Health and Human Services. On January 21, 1998, the Deputy Secretary of the Department sent a letter to over 14,000 manufacturers of biomedical devices and laboratory equipment, asking them to verify the compliance of their products. On June 29, the FDA sent a follow-up letter to 1,935 manufacturers whose products were likely to contain electronic components. To date, only a little over 10 percent of manufacturers have responded to the initial inquiry and to follow-up inquiries.

This information has been made publicly available to health care providers, facilities, and consumers on a web site located at http://www.fda.gov/cdrh/yr2000/html. The web site contains information about products that still need to be made year 2000 compliant, as well as solutions that the manufacturer will offer to mitigate the problem (e.g., software updates), and the date on which a compliant product will be available.

Ultimately, the responsibility for informing the public about the compliance of products lies with manufacturers. It is critical that manufacturers provide information about the compliance of their products in order to prevent year 2000 date problems in biomedical equipment from endangering the nation's patient care and health research activities. Accordingly, the Federal Government is considering taking action to prohibit the acquisition of biomedical equipment from any manufacturer if the manufacturer has not informed the Federal Government of the year 2000 compliance for all of its products.

State Issues

Federal agencies exchange data with each other; with foreign, State, and local governments; and with private entities. Because States operate many vital Federal programs, such as unemployment insurance and Medicaid, these exchanges are extremely important. (Although the Federal Government exchanges very little data with local governments, it remains concerned about progress there.) The Subcommittee on State Issues of the CIO Council's Year 2000 Committee is working with the National Association of State Information Resource Executives to focus on the exchanges between the Federal Government and State governments. All Federal agencies have inventoried their data exchanges and have discussed both the format of the exchanges and the timing of making fixes to them with their data exchange partners.

On behalf of the CIO Council, GSA has established a secure web site for use by the Federal agencies and the States, and in July, all parties began to post the status of their data exchanges on the web. ^8/ The status of each data exchange is shown as one of five categories: (1) compliant and successfully tested by both parties; (2) successfully bridged with both parties concurring in the format; (3) Federal side ready but not yet tested; (4) State ready but not yet tested; and (5) not yet compliant or testing still in progress. This information is being updated by both parties on a monthly basis.

At this point, the database is being set up and both sides are making sure that data are accurate. Most Federal agencies have posted the status of their data exchanges. Some agencies have requested that their data exchanges not be posted for security reasons. In these cases, the information has been sent to NASIRE for distribution to State CIOs. Over half of the States have verified the data posted by the Federal agencies. As more status information is posted, standard reports will be distributed to Federal agencies and States which will provide an up-to-date view of data exchanges.

^8/ Access to the site is limited to authorized personnel from the Federal agencies and State governments.

Other Information Sharing Initiatives

Year 2000 Information Directory

GSA also manages and maintains the Governmentwide Year 2000 Information Directory web site on behalf of the CIO Council. The directory provides one-stop access to information, solutions, and Internet sites dealing with the year 2000 problem. It acts as a clearinghouse for information for Federal, State and local governments, as well as for private industry and the public. This web site [http://www.itpolicy.gsa.gov/mks/yr2000/y2khome.htm] was selected for inclusion in The Dow Jones Business Directory. The web site includes articles and information on year 2000 product compliance, contingency planning, and health care and industry concerns, as well as a guide on the legal issues surrounding procurement and contracts. The site also includes links to sites with information on telecommunications, commercial-off-the-shelf (COTS) products, facilities, and biomedical equipment.

Database of Compliant COTS Products

On behalf of the CIO Council, the Office of Governmentwide Policy at GSA also maintains a directory of compliant, COTS Products that are used by Federal agencies. This information is also available to the public. [http://y2k.policyworks.gov] Information contained in the database is based on vendor assertions about their products and agency statements about their experiences with particular COTS products.

IV. AGENCY SPECIFIC PROGRESS

PROCESS OF AGENCY EVALUATION

Virtually all of the agencies have made progress in the last quarter, although in many cases there are serious concerns about the rate of that progress. To evaluate agency progress, OMB used four criteria:

Measurable improvement -- Is there measurable and adequate progress on renovation, validation, and implementation of computer systems, including data exchanges? Is there progress on addressing other systems, including buildings, telecommunications, and systems and products containing embedded chips?
Schedule for completion of best practices phases and overall prognosis -- Has the agency adopted a realistic schedule that is consistent with the government-wide goals? Has there been a change in the number of mission-critical systems that are expected to miss the March 1999 implementation date? Does the agency have a strong management team and a credible strategy in place?
Risk management -- Is the agency preparing a workable continuity of business plan for its core business functions? Does the agency have a deadline for when plans must be complete? Does the agency have an effective and independent validation and verification program in place? Is there adequate oversight of efforts to replace non-compliant systems? Are systems previously reported behind being brought back on schedule?
Dramatic changes in previously reported information or other indications of concern -- Have there been dramatic changes in cost, schedule, changes to the number of systems, or changes to the number of systems behind schedule? Are there any concerns with the availability of key personnel?

TIER ONE AGENCIES

Tier One comprises agencies where there is insufficient evidence of adequate progress. The six agencies in the first tier are:

Department of Defense

The Department of Defense has a massive year 2000 challenge which must be accomplished on a tight schedule. The Department has improved its rate of progress in addressing the challenge, but the pace must be increased to meet government-wide milestones. The percentage of mission critical systems that are now compliant has risen to 42 percent, up from 29 percent in May. Additionally, the percentage of mission-critical systems being repaired that have completed renovation stands at 70 percent, up from 58 percent, and the percentage of those systems that have been implemented has risen to 27 percent from 17 percent. On August 7, the Secretary ordered greater effort by the Unified Commanders-in-Chief, inaugurated operational evaluations of the affects of the year 2000, and created an expanded management team to address this critical national defense issue.

Department of Education

The Department of Education has made significant progress in the past quarter. Of the Department's eight mission-critical systems, renovation went from zero to four. However, rate of repair on the remaining systems is cause for concern. Renovation of the Pell Recipients Financial Management System is expected in December 1998, five months later than scheduled. Renovation of ED's Local Area Network is expected in November 1998, two months late. Two other systems are scheduled to be renovated by September 1998, but will require close monitoring to meet their tight deadline. In addition, four of the six systems that are in the validation stage have completed testing for year 2000 compliance, but will be re-tested -- prior to certification as compliant -- once recent programmatic changes have been incorporated.

The Department has made significant progress the systems it calls "mission-important" and "mission-supportive." Of the 168 systems in these categories, Education has completed all work on 130 systems, (84 of which were completed during the most recent quarter). The Department is aggressively validating data exchanges and it continues to communicate year 2000 information to the entire education community through its outreach efforts.

Department of Energy

Compliance has increased from 36 percent to 40 percent in the last quarter, and modest progress has been made in the other phases. However, the Department has not identified all mission-critical systems at its Government and contractor sites, and assessment of the Department's embedded chips and lab equipment continues. Although DOE has defined 411 systems as mission critical, explicit departmental prioritization and allocation of resources among those systems has not occurred. The Department's independent Office of Oversight Review has recommended that DOE "focus management attention on complex, critical systems that face moderate to significant risk."

All State and local government data exchanges with the Department are reported compliant. Intra-departmental data exchanges are 63 percent compliant, data exchanges with other Federal agencies are 56 percent compliant, and data exchanges with private organizations are 43 percent compliant. The Department's Acting CIO is conducting site compliance reviews in cooperation with the Office of the Inspector General and Office of Oversight, but no independent verification and validation contractors are being used for compliance reviews.

Department of Health and Human Services

The Department's Health Care Financing Administration (HCFA) remains a serious concern as a result of its internal and external systems remediation schedule and escalating cost estimates. As of this report, only 56 percent of HCFA's internal systems and 14 percent of external contractor systems have been renovated. While HCFA's remediation schedule indicates that most systems will be renovated and implemented by the HHS deadline of December 31, 1998, it is likely that some internal and many external systems will fail to meet that date. Furthermore, OMB is concerned that at least some Medicare contractors may fail to meet the March 1999 government-wide deadline for completing implementation. Achievement of the HHS and government-wide milestones will require an extraordinary acceleration of the remediation process in the last three months of 1998, leaving very little margin for error to deal with unforeseen and unanticipated problems. Finally, HCFA's cost estimates for Y2K remediation have increased dramatically since the last quarterly report.

HCFA is attempting to address these concerns. It has delayed non-Y2K systems work, such as standard system transitions and implementation of certain statutory provisions, to increase the resources available for Y2K. HCFA has also negotiated a contract amendment with its fiscal intermediaries and carriers that makes Y2K compliance a performance measure. In addition, HCFA has increased its Y2K staff by hiring retired Federal employees with Medicare systems experience, and is informing physicians and other health care providers of the importance of ensuring their systems are Y2K compliant.

HCFA has also begun developing contingency plans in case some mission-critical systems fail in 2000. HCFA's lack of contracting flexibility, which limits its ability to competitively contract for claims processing activities, may negatively affect contingency planning. The Administration urges Congress to pass contracting reform legislation, transmitted to Congress on May 19, 1998, as soon as possible to ensure that HCFA is able to contract with any qualified entity to ensure the continued operation of the Medicare program in the case of a claims processing system failure.

Other HHS operating divisions have made some progress this quarter. However, although all but one mission-critical system are projected to be implemented by the government-wide deadline of March 1999, only 62 percent of non-HCFA mission-critical systems are compliant. With respect to embedded chips, facilities, and telecommunications, the relatively late start in assessing costs in this area has produced a significant increase in estimated costs. Increased emphasis on verification has also added to costs -- but generally all operating divisions are doing a good job of incorporating independent validation and verification into their schedules appropriately. Virtually all critical systems will be subject to independent verification. Non-HCFA operating divisions have also begun serious programs for contingency and continuity of business planning and for outreach.

Department of State

The Department of State faces a significant challenge in managing its extensive Y2K project while, at the same time, completely replacing information systems installed at over 230 locations around the world as part of the ALMA (A Logical Modernization Approach) program. Additionally, State is the major provider of telecommunications services to U.S. Government agencies operating overseas. State has done an impressive assessment of its Y2K situation, particularly its embedded systems, and is asserting a leadership role in providing Y2K support to U.S. operations overseas. The Department has assembled a strong program management capability and successfully raised awareness of the problem among the Foreign Service and U.S. Diplomatic communities.

Although State is making progress in replacing and modernizing its information and telecommunications infrastructure, progress on renovation, verification and implementation of mission-critical systems is of increasing concern. In the last quarter, State did not report adequate progress on completion of systems it is renovating, nor did it report adequate progress on final validation of systems. The Department also must accelerate progress on replacing 26 mission-critical applications if it is to meet the March 1999 government-wide milestone for completing implementation.

It should be noted that State's ALMA deployment includes several mission-critical applications that the Department will not take credit for having completed implementation until ALMA installation is completed worldwide in April 1999. Deployment of ALMA is proceeding at about 90 percent of State's deployment plan, which could further affect the ability of several smaller posts to operate in 2000. State has begun contingency planning to ensure that operations at these locations are not adversely affected.

Department of Transportation

The Department of Transportation's improved management oversight, combined with an accelerating rate at which the Federal Aviation Administration (FAA) is remediating air traffic control system components, is significantly mitigating risk. At the end of July 1998, the Department-wide percentage of mission-critical systems renovated stood at 65 percent, a significant improvement over the 25 percent reported in the previous quarter. However, with only 23 percent of its mission-critical systems validated and 11 percent implemented, the Department continues to lag well behind the government-wide schedule.

The FAA reflects this improved trend with 59 percent of mission-critical systems renovated, up from 11 percent reported in May. However, with 10 percent of its systems validated and 3 percent implemented, it remains significantly behind schedule. The FAA has taken decisive action concerning the HOST computer system and other critical air traffic control systems. It has initiated procurement of new HOST computers while simultaneously verifying, to a reasonable degree of certainty, that the existing HOST microcode is free of year 2000 vulnerabilities which would affect the operational processing of flight and radar data. In addition, an ongoing date roll-back test has been very promising and serves as a contingency plan should replacement efforts be delayed and should HOST experience unexpected year 2000 problems.

Notwithstanding this improvement, more needs to be done in three areas. First, more work is needed concerning system interfaces. A number of systems that were reported as fully renovated have not had their system interfaces completely evaluated. At a minimum, individual system interfaces need to be tested and validated before end-to-end system testing can be successfully completed. Second, the year 2000 compliance status of a number of systems that are under development is uncertain. The FAA needs to work with the contractors and modify contracts, if necessary, to have a reasonable assurance of compliance prior to the testing phase. Finally, the FAA needs to reevaluate its master schedule and make a concerted effort to accelerate its implementation schedule for all systems to March 1999, or as soon thereafter as possible.

The U.S. Coast Guard's improved management and operational attention to year 2000 issues has also minimized risk. While still facing challenges associated with antiquated hardware and software on some critical systems, the Coast Guard is presently well positioned to ensure continuity of its safety-related systems. The Department's other operating administrations seem to be on track to a smooth millennial transition.

U.S. Agency for International Development

AID again reported no progress in terms of the total number of systems renovated, validated, or implemented. While AID has made a number of management improvements, including plans to increase independent validation and verification of contractor deliverables and increasing agency-wide Y2K awareness, they are not expected to make measurable progress in renovating or replacing any of their mission-critical systems until the end of August 1998. Renovation of AID's most important system, the New Management System, has begun. With contractor assistance, AID is evaluating options to reprogram resources to accelerate progress.

AID has selected three vendors to replace desktop hardware and software and intends to award a contract for Independent Verification and Validation services for all mission-critical applications this September. AID has begun continuity of business planning in August, identifying critical functions that must be supported and assessing the need for related contingency plans. The agency has assumed a leadership role in performing year 2000 outreach and awareness training in the over 80 nations in which it operates, providing management assistance to host nations and other international aid organizations operating in these countries.

TIER TWO AGENCIES

For agencies in Tier 2 the second tier, OMB sees evidence of progress, but also has concerns. Some of these agencies have strong Y2K programs and OMB expects them to continue to improve. The eight agencies in Tier 2 are: the Departments of Agriculture and Commerce, Housing and Urban Development, Interior, Justice, Labor, and Treasury, and the Office of Personnel Management. A summary of progress and concerns for these agencies appears below.

Table 2

Tier 2 Agencies -- Progress, But Concerns

Agency	Progress	Concerns
USDA	Management team active. Guidance on business continuity and contingency planning and independent validation and verification has been finalized.	Pace of work must increase if government-wide goals are to be met, particularly with the Forest Service. Embedded systems, facilities, and telecommunications issues are not yet resolved.
DOC	Overall, making progress. The new CIO is providing leadership on the Y2K issue; undertaking IV&V and contingency planning; anticipates completing renovation phase for all but one mission-critical system by September and implementation by March, 1999. PTO has prepared a contingency plan for the Classified Search and Image Retrieval System.	Lags behind government-wide goals. NOAA must accelerate implementation of IV&V for mission-critical systems.
HUD	Good progress in renovating mission-critical systems and non-mission critical systems. Inspector General is auditing Year 2000 Program and HUD has retained an independent validation and verification contractor. Completed continuity of business plan and is preparing contingency plans.	HUD must increase and sustain its rate of progress if it is to meet the March 1999 goals. HUD has 84,000 data exchange partners using 34 systems that must be resolved. Reported a $12.2 million (26 percent) increase in total year 2000-related costs.
DOI	Project management continues to be refined. Good progress on embedded chip, telecommunications, and data exchange issues. Independent validation and verification efforts have been formally established.	Pace of renovation, validation, and implementation must improve if Department and government-wide goals are to be met.
DOJ	Good renovation progress. Justice has assessed most of its embedded systems, and is making good progress in assessing and upgrading its non-wireless telecommuni-cations systems. Office of the Inspector General actively reviewing bureau status. Independent verification and validation contractor is reviewing test plans and improving compliance verification. Continuity of business and continency plans are being developed.	Pace must improve if Department and government-wide goals are to be met. DOJ has also identified $27 million in new costs, almost doubling its previous estimate. An extensive number of data exchanges must be verified as year 2000 compliant.
DOL	Good progress on data exchanges, especially with State unemployment systems; good progress against internal schedule; anticipates completing the renovation phase for all but one system by September and implementation for all systems by March 1999. The Department has completed the assessment of embedded chips.	Despite some progress, still well behind government-wide goals for agency mission-critical systems. Two large, critical systems at the Bureau of Labor Statistics and the Pension and Welfare Benefits Administration will miss the September renovation goal.
Treasury	Strong project team in place. Good progress on embedded chip, telecommunications, contingency planning, and data exchange issues.	Rate of renovation, validation, and implementation must improve if the Department and government wide goals are to be met -- particularly for IRS, Customs, and FMS.
OPM	Continued senior management involvement is resulting in progress according to OPM's schedule. Expect significant accomplishments in next quarter. Contingency planning underway.	Rate of renovation, validation and implementation of mission critical systems repairs must increase to meet government-wide goals.

TIER THREE AGENCIES

The remaining agencies are in Tier 3 and appear to be making satisfactory progress. These nine agencies are the Environmental Protection Agency, the Federal Emergency Management Administration, the National Aeronautics and Space Administration, the Social Security Administration, the General Services Administration, the National Science Foundation, the Nuclear Regulatory Commission, the Small Business Administration, and the Department of Veterans Affairs.

SMALL AND INDEPENDENT AGENCIES

Based on the results of a request for reports from 41 small and independent agencies, OMB asked nine agencies to report again on their progress, because of the importance of these agencies' missions, because of concerns about the rate of progress, or because their initial reports did not provide sufficient detail. Those agencies are: the Federal Communications Commission, the Federal Housing Finance Board, the National Archives and Records Administration, the National Labor Relations Board, the Office of Administration in the Executive Office of the resident, the Peace Corps, the Tennessee Valley Authority, the U.S. Postal Service, and the Office of the U.S. Trade Representative. John Koskinen will meet with selected small and independent agencies in the next quarter. OMB will continue to work with all small and independent agencies, as appropriate, to ensure that they are prepared for the year 2000. OMB is asking all small and independent agencies to report again on May 15, 1999.

Table 3

Summary of Small and Independent Agency Reports

Agency	No. MC Systems	No. MC Systems Compliant	Total Cost (in millions)	Progress	Concerns
Federal Communications Commission	30	13	15.2	Major licensing systems compliant. Work started on 16 mission-critical systems. Will obtain IV&V contractor. IG involved. Leading outreach efforts to telecommunications industry.	Rate of progress must be accelerated, particularly in replacement systems. Move to new headquarters building addresses embedded systems, but complicates year 2000 work.
Federal Housing Finance Board	6	1	0.34	Key staff are on board. Progress continues on renovation, validation, and implementation.	IV&V process has not been formalized. Contingency planning needs strengthening.
National Archives and Records Administration	22	10	5.7	Assessment will be complete by September 30, 1998. Ten of its 22 mission-critical systems are now compliant.	Seven of 22 mission critical systems will miss the March 1999 implementation goal. Contingency planning has not begun. Security and environmental control systems at Presidential Libraries are a significant challenge.
National Labor Relations Board	29	11	7.5 ^9/	Two systems have been implemented. When it became clear the Case Tracking System (CATS) designed to replace seven existing systems would not be implemented in time, a contingency plan was adopted to renovate existing systems.	Two mission-critical systems will miss the March 1999 goal, including one which is a contingent system for CATS. No plans for independent verification. No continuity of business plan.
Office of Administration, EOP	86	1	16.4	Assessment completed, strategy established, and critical projects to upgrade information technology infrastructure are underway.	Behind government-wide goals due to limited FY 1998 funds; virtually all work is to be accomplished in FY 1999.
Peace Corps	17	5	9.0	Payroll is shifting to USDA by June 1999. Renovation of all mission-critical systems should complete by September 1998. Good contingency and continuity planning process.	Needs to accelerate validation and implementation. Renovated financial management system will not be ready for testing until May 1999. Dependent on foreign banks for disbursement. Need a formal and independent verification capability.
Tennessee Valley Authority	347	104	37.0	Good overall management. Completed assessment of embedded chip problem.	A number of mission critical applications will miss March 1999 deadline. Need continuity of business plan.
U.S. Postal Service	166	56	504	Comprehensive program addresses all known areas where year 2000 can have a significant impact on the Postal Service. The USPS year 2000 initiative is receiving considerable executive management attention.	USPS has a massive challenge, given its size and potential role in the contingency plans of many other organizations, including Federal agencies.
U.S. Trade Representative, EOP	6	0	1.2	Funding includes replacement of LAN/desktop infrastructure. Mission-critical systems are standard COTS office support packages or simple databases that have been renovated and are being tested. Systems in Geneva will be compliant in September.	Need to complete inventory, repair and verification of data exchanges. Embedded systems, while minimal, should be identified and assessed. Impending award of task order for IV&V services should be accelerated if possible.

^9/ Represents only FY1998 and 1999 costs.

Appendix A

Table 1

Agency Goals for Compliance of Mission Critical Systems

	Assessment Date	Renovation Date	Validation Date	Implementation Date
Gov't-wide Goal	Jun-97	Sep-98	Jan-99	Mar-99
Agriculture	Oct-97	Sep-98	Jan-99	Mar-99
Commerce	Mar-97	Sep-98	Jan-99	Mar-99
Defense	Jun-97	Jun-98	Sep-98	Dec-98
Education	Nov-97	Sep-98	Jan-99	Mar-99
Energy	Jan-97	Sep-98	Feb-99	Mar-99
HHS	Jun-98	Dec-98	May-99	Jun-99
HUD	Jun-97	Sep-98	Jan-99	Mar-99
Interior	Mar-97	Sep-98	Jan-99	Mar-99
Justice	Jun-97	Jul-98	Oct-98	Jan-99
Labor	Jun-97	Sep-98	Jan-99	Mar-99
State	Jun-97	Sep-98	Jan-99	Mar-99
Transportation	Aug-97	Sep-98	Jan-99	Mar-99
Treasury	Jul-97	Oct-98	Dec-98	Dec-98
VA	Jan-98	Sep-98	Jan-99	Mar-99
AID	Nov-97	Mar-99	Jun-99	Sep-99
EPA	Jun-97	Sep-98	Jan-99	Mar-99
FEMA	Jun-97	Sep-98	Jan-99	Mar-99
GSA	Jun-97	Jul-98	Sep-98	Jan-99
NASA	Aug-97	Sep-98	Jan-99	Mar-99
NRC	Sep-97	Sep-98	Jan-99	Mar-99
NSF	Jun-97	Sep-98	Jan-99	Mar-99
OPM	Jun-97	Oct-98	Jan-99	Jan-99
SBA	May-97	Sep-98	Sep-98	Sep-98
SSA	May-96	Sep-98	Dec-98	Jan-99

Note: Bold dates are earlier than those reported previously.

Italicized dates are later than those reported previously.

Appendix A

Table 2

Progress on Status of Mission-critical Systems

Mission-critical Systems
	Total Number	Number Compliant	Percent of Total	Number Being Replaced	Number Still Being Repaired	Number Being Retired
Agriculture	647	406	63%	56	171	14
Commerce	455	348	76%	49	58	0
Defense	2965	1236	42%	184	1521	24
Education	14	4	29%	2	8	0
Energy	411	164	40%	110	109	28
HHS	298	122	41%	34	135	7
HUD	62	37	60%	7	17	1
Interior	91	29	32%	8	54	0
Justice	207	64	32%	16	127	0
Labor	61	24	39%	15	22	0
State	59	21	36%	26	12	0
Transportation	616	286	46%	60	264	6
Treasury	323	144	45%	44	132	3
VA ^10/	319	196	61%	0	123	0
AID	7	1	14%	2	4	0
EPA	58	46	79%	3	8	1
FEMA	49	34	69%	7	8	0
GSA	58	45	78%	8	5	0
NASA	158	99	63%	6	49	4
NRC	7	2	29%	2	3	0
NSF	17	14	82%	0	3	0
OPM	111	53	48%	10	46	2
SBA	42	31	74%	0	11	0
SSA	308	286	93%	1	20	1
TOTAL	7343	3692	50%	650	2910	91

^10/ In the last quarterly report VA identified 11 mission critical areas. For government-wide consistency in the tracking process, VA has disaggregated these areas into 319 separate applications that support these mission critical areas.

Appendix A

Table 3

Status of Mission Critical Systems Being Repaired

	Number of Systems	Assessment Percent Complete	Renovation Percent Complete	Validation Percent Complete	Implementation Percent Complete
Agriculture	334	100%	71%	51%	50%
Commerce	141	100%	71%	60%	59%
Defense	2075	99%	70%	34%	27%
Education	8	100%	50%	13%	13%
Energy	154	99%	50%	32%	29%
HHS	163	100%	31%	12%	14%
HUD	40	100%	80%	58%	40%
Interior	83	100%	73%	42%	33%
Justice	160	99%	83%	24%	18%
Labor	27	100%	52%	22%	19%
State	12	100%	50%	25%	0%
Transportation	297	100%	65%	23%	11%
Treasury	234	100%	72%	51%	44%
VA	319	100%	94%	84%	61%
AID	5	100%	20%	20%	20%
EPA	29	100%	86%	79%	72%
FEMA	15	100%	67%	53%	47%
GSA	20	100%	80%	80%	75%
NASA	101	100%	76%	54%	51%
NRC	4	100%	50%	25%	25%
NSF	9	100%	100%	78%	67%
OPM	79	100%	52%	42%	42%
SBA	42	100%	74%	74%	74%
SSA	289	100%	93%	90%	87%
TOTAL	4640	99%	71%	44%	37%

Appendix A

Table 4

Agency Year 2000 Cost Estimates ^11/ (in millions)

	1996	1997	1998	1999	2000	TOTAL
Agriculture	2.7	16.9	62.1	30.3	7.8	119.8
Commerce	2.6	12.4	35.6	32.1