1. No funds may be obligated for any information systems technology used in a data server farm or data center unless first approved by the DoD CIO or a component CIO.
2. No funds may be obligated to deploy any information systems technology unless it is in accordance with standards set by the DoD CIO.
3. Secretaries of the military departments and the heads of the Defense Agencies shall submit to the DoD CIO plans to reduce the square feet devoted to data centers, to increase in multi-organizational utilization of data centers, to reduce the number of applications running within data centers, to reduce the number of personnel, and to reduce labor costs in operating data centers.
4. The DoD CIO shall specify the performance standards and measures that will be used in the plans submitted to achieve stated cost reduction objectives. This will include: desktop, laptop, and mobile device virtualization; transitioning to cloud computing; migration of DoD data centers to cloud services at a lower cost with same or greater degree of security; utilization of private sector-managed security services for DoD data centers; transitioning to just-in-time delivery of Department-owned data center through infrastructure (space, power and cooling) services.
The NDAA is one of the most specific policy guidelines that have been ever stipulated by the Congress. It strengthens the role of the DoD CIO and defines the metrics for monitoring progress towards the objective of reducing the number of data centers for the purpose of realizing cost savings.
It remains to be seen how quickly can DoD extricate its processing from the existing proliferation of data centers. The ultimate performance indicator will not be the number of discrete data centers – a count that can be manipulated – but the net reductions in manpower and cost.