The Office of Management and Budget (OMB) is seeking comment on a proposal that would order Federal agencies to develop additional IPv6 (Internet Protocol Version 6) implementation plans by the end of Fiscal Year 2021, and sharply boost requirements for agencies to increase the amount of IPv6-only assets on their networks through FY2025.
The proposal contains numerous milestones for Federal agencies to hit beginning this year and continuing through FY2025, when at least 80 percent of IP-enabled assets on Federal networks should be IPv6-only.
The March 2 proposal, first made public through a Federal Register notice, is signed by Federal CIO Suzette Kent, and was prepared by OMB in collaboration with the Federal CIO Council and Federal CISO Council. The proposal follows a 2010 directive from OMB that required Federal agencies to deploy native IPv6 for public internet servers and internal applications that communicate with public servers.
IPv6 is the most recent version of the Internet Protocol that provides address and location systems for internet-connected networks, with development beginning in the late 1990s to deal with exhaustion of all available addresses under the previous IPv4 protocol. The supply of IPv4 addresses was exhausted in 2015, but the addresses are still widely in use.
However, running “dual-stack” systems to accommodate both IPv6 and IPv4 addresses adds “costs and complexity to network infrastructure” and raises “significant technical and economic barriers to innovation,” said Russell Vought, OMB’s Acting Director, in a memo to Federal agency heads that accompanies the Federal Register notice.
“It is widely recognized that full transition to IPv6 is the only viable option to ensure future growth and innovation in internet technology and services,” Vought said. “It is essential for the Federal government to expand and enhance its strategic commitment to the transition to IPv6 in order to keep pace with and capitalize on industry trends. Building on previous initiatives, the Federal government remains committed to completing its transition to IPv6.”
The new proposal sets out “requirements for completing the operational deployment of IPv6 across all Federal information systems and services,” and aims to “help agencies overcome barriers that prevent them from migrating to IPv6 only systems.”
“Going forward, the Federal government plans to deliver its information services, operate its networks, and access the services of others using only IPv6,” Vought said.
Here are the high points of the proposal’s to-do list for Federal agencies:
- Within 45 days of the new policy being issued, agencies must designate an organization-wide IPv6 team in support of Enterprise Risk Management capabilities to govern and enforce IPv6 efforts;
- Within 180 days, issue agency-wide IPv6 policies requiring that no later than FY2023 “all new networked Federal information systems are IPv6-enabled prior to being made operational,” with a plan to phase out IPv4 systems through retirements or conversion to IPv6-only;
- Identify opportunities for IPv6 pilots, complete at least one of them by the end of FY2021, and report results upon OMB’s request;
- Develop plans by the end of FY2021 to improve all networked Federal information systems to fully enable native IPv6 operation, in order to have at least 20 percent of IP-enabled Federal assets IPv6-only by the end of FY2023, 50 percent of assets IPv6-only by the end of FY2024, and at least 80 percent of assets IPv6-only by the end of FY2025;
- Identify by the end of FY2021 Federal systems that can’t be converted to use IPv6 and provide a schedule for replacing or retiring those systems; and
- “As soon as possible” complete the upgrade of external-facing servers and services (web, email, DNS, ISP services, etc.) and internal client applications that communicate with public internet services and supporting enterprise networks to operationally use native IPv6.
“In the last five years, IPv6 momentum in industry has dramatically increased, with large IPv6 commercial deployments in many business sectors now driven by reducing cost, decreasing complexity, improving security and eliminating barriers to innovation in networked information systems,” CIO Kent said in the Federal Register notice. “Mobile networks, data centers, and leading-edge enterprise networks, for example, have been evolving to IPv6-only networks. It is essential for the Federal government to expand and enhance its strategic commitment to the transition to IPv6 in order to keep pace with and capitalize on industry trends.”
The proposal also features instructions for agencies to use the National Institute of Standards and Technology’s USGv6 Test Program, and enhanced security guidelines that will be coming from the Department of Homeland Security for IPv6 adoption. Those guidelines will cover enhancements to relevant security and resilience programs including Trusted Internet Connections, Continuous Diagnostics and Mitigation, and EINSTEIN.
The General Services Administration (GSA) will be on the hook to ensure that relevant GSA programs and services require full IPv6 support with feature and performance parity with existing IPv4 services, ensure that governmentwide contract vehicles include IPv6 requirements for acquisitions using internet protocol, and work with agencies and Enterprise Infrastructure Solutions (EIS) vendors to ensure that all EIS network services are IPv6-enabled at the time of deployment.
OMB will accept comments on the proposal for 30 days after Federal Register publication, at OFCIO@omb.eop.gov.