Federal Enterprise Architecture Framework
Rob Carlson, June 15, 2023
Representative Stephen Horn of California introduced the morning session of a congressional hearing in 1997 by describing the major factors which had influenced the U.S. Congress to pass the Clinger-Cohen Act of 1996: the federal government was spending $27 billion per year on information technology without being able to articulate successes, so "efficient private sector techniques" coupled with accountability to the Office of Management and Budget would be used to create "results-oriented information technology practice" throughout the federal government (Oversight of the Implementation of the Clinger-Cohen Act, 1997).
While the act spelled out the necessities of practice, it did not dictate methods of accomplishing the objectives, leading to the creation and release of the Federal Enterprise Architecture ("FEA") framework by the Chief Information Officers three years later (Centers for Medicare & Medicaid Services, 2021a).
The Federal Enterprise Architecture in its simplest form provides "agencies with a common language and framework to describe and analyze investments" (OMB, 2013). This is the key value because it is the enhancement of tech-related communication and analysis that Congress hoped to achieve with the passage of the Clinger-Cohen Act. As individual artifacts are identified and consolidated using decomposition models of the FEA, the outputs of that process should at the end include "standardization, analysis and reporting tools, an enterprise roadmap, and a repeatable architecture project method" if created in alignment with methodologies defined in the Consolidated Reference Model (OMB, 2013).
The five models used by the FEA are based on business, performance, service components infrastructure, data and information, and technical features of an organization's architecture (CMS, 2021b). When these models are used to de-compose individual aspects of the architecture into consistent and standardized data structures, architecture domains, and transition plans, they collectively contribute to the primary outcomes which the Office of Management and Budget defines as Service Delivery, Functional Integration, Resource Optimization, and an Authoritative Reference (OMB, 2012).
When the OMB talks about service delivery, they are talking about using the FEA as a tool to identify alignment in architecture so that the mission of the agency can be accomplished. For resource optimization they hope that with a holistic view on resources, they can be optimized to deliver services more effectively and efficiency. The Authoritative Reference produced by inventory and analysis of the EA is used to improve trust in the architecture and manage "risk-adjusted security and privacy controls through approved process designs (OMB, 2012).
The greatest weakness of the FEA is that is based on an external mandate imposed on federal agency heads and system implementers. The most salient criticisms come from a paper by Stanley Gaver where he highlights how work on the EA can often be interrupted in favor of projects with more specific or short-term value if it fails to show immediate positive results (Gaver, 2010). Because the FEA is created out of a need to confirm to an external mandate, agency and department heads may feel inclined to do the minimum required to satisfy their reporting mandate to the Office of Management and Budget and justify compliance with the Federal Information Security Management Act. Gaver also highlights six different attempts to create a centralized repository from 2004 to 2010 including the Federal Enterprise Architecture Management System and Component Organization and Registration Environment which were all abandoned (Gaver, 2010, p. 26).
The strength of the framework is demonstrated by the fact that it has helped provide a fertile ground for individual agency frameworks which are directed by and aligned to FEA but do not necessarily take or require every aspect it has specified. The original purpose of the FEA was to bridge the gap between when federal government agencies had no consistent method of designing, evaluating, and transforming large-scale information architectures, and after legislation mandated that they must have all these things in place. In this respect, the framework has created a structure that made space for government-wide initiatives such as the OMB identifying collaborative projects for de-duplication of common tasks, and a common set of external Internet connections to reduce the attack surface across multiple agencies (Congressional Research Services, 2008).
The Social Security Administration in 2014 used the Federal Enterprise Architecture to create an EA which would "ensure that IT investments align with the Agency Strategic Plan" and satisfy OMB review on a structural and functional level (Social Security Administration ("SSA"), 2014). In their SSA Enterprise Roadmap report the five reference models were drawn perpendicular to twelve operational components of the SSA organization in a cube diagram to show how intersections of layers and programs would be decomposed throughout the remainder of the Enterprise Architecture assessment. In addition to using the five layers to inform high-level stakeholders in this way, SSA took the specific FEA reference models which were added in 2013 to satisfy Federal Information Security Management Act inventory requirements and align business services to the Business Reference Model of the FEA v2 (SSA, 2014).
The Internal Revenue Service references the Federal Enterprise Architecture in the Enterprise Architecture section of its 2021 Information Technology Internal Revenue manual to establish a link to its own As-Built-Architecture (ABA) system. The ABA creates a representation of the entirety of the production environment of all internal and external IRS systems which is then applied over the IRS Enterprise Life Cycle six domains of change, defined as "organization, location, business process, data, applications and/or technology" (Internal Revenue Service ("IRS"), 2021). While the FEA is not mentioned again in any detail, the broad strokes of the framework are used to align these internal frameworks. In this manner the IRS has incorporated a structured approach for collecting information about systems and stakeholders which fulfills the requirements of the FEA for annual reporting to the Office of Management and Budget while allowing for IRS-specific records such as "Privacy and Civil Liberties Assessments" (IRS, 2021).
From 2006 to 2012 the Department of Health and Human Services ("HHS") worked to create subsidiary frameworks such as the Medicaid IT Architecture ("MITA") which while inspired by and marginally aligned with the Federal Enterprise Architecture framework, did not use it specifically (Centers for Medicare & Medicaid Services, 2012). Specifically, HHS used standards from Office of the National Coordinator for Health IT, Federal Health Architecture, the Federal Enterprise Architecture, and Standards Development Organizations so that it could take those federal-level standards and apply in a policy framework for the State Medicaid Agencies who are ultimately responsible for the administration, tracking, and disbursement of funds and maintaining their own Medicaid Management Information Systems (CMS, 2012). By aligning with FEA, HHS was able to use the MITA to fulfill their obligations to the OMB while creating a more streamlined internal standard for individual state agencies.
We can consider the creation and use of the Federal Enterprise Architecture like any other product of aspirational legislation. When government mandates more efficient light bulbs, car engines, or washing machines, legislators do not provide the blueprints or engineering specifications with which to accomplish the task. Instead, they provide goals, milestones, and oversight which encourages product improvement and delivery. The FEA arose as a response to the Clinger-Cohen Act and has provided a set of tools necessary to guide agency purchases and progress in information technology successfully over the last twenty-four years.
Centers for Medicare & Medicaid Services. (2021a). Federal Enterprise Architecture Framework. CMS.gov. Retrieved June 25, 2023, from https://www.cms.gov/research-statistics-data-and-systems/cms-information-technology/enterprisearchitecture/feaf
Centers for Medicare & Medicaid Services. (2021b, December). Federal Reference Models. Retrieved June 26, 2023, from https://www.cms.gov/Research-Statistics-Data-and-Systems/CMS-Information-Technology/EnterpriseArchitecture/FederalRefModel
Centers for Medicare & Medicaid Services. (2012, February). Medicaid Information Technology Architecture (MITA) 3.0. https://www.medicaid.gov/medicaid/data-systems/medicaid-information-technology-architecture/medicaid-information-technology-architecture-framework/index.html
Congressional Research Services. (2008, April 18). Federal Enterprise Architecture and EGovernment: Issues for Information Technology Management. (CRS Report No. RL33417). https://www.everycrsreport.com/reports/RL33417.html .
Graver, S. B. (2010). Why doesn’t the Federal Enterprise Architecture work? Retrieved June 27, 2023, from https://web.archive.org/web/20160611170127/http://www.ech-bpm.ch/sites/default/files/articles/why_doesnt_the_federal_enterprise_architecture_work.pdf
Internal Revenue Service. (2021). 2.15.1 Enterprise Architecture (EA) overview. Retrieved June 27, 2023, from https://www.irs.gov/irm/part2/irm_02-015-001
Office of Management and Budget. (2012, May 2). The common approach to Federal Enterprise Architecture. https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/egov_docs/common_approach_to_federal_ea.pdf
Office of Management and Budget. (2013, January 29). Federal Enterprise Architecture Framework Version 2. https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/egov_docs/fea_v2.pdf
Oversight of the Implementation of the Clinger-Cohen Act: Hearing Before the Subcommittee on Government Management, Information, and Technology of the Committee on Government Reform and Oversight, House of Representatives, One Hundred Fifth Congress. (1997, October 27)
Social Security Administration. (2014). SSA Enterprise Roadmap V3. Retrieved June 27, 2023, from https://www.ssa.gov/pgm/SSA%20Enterprise%20Roadmap-FY2014.pdf