“The Secretary of Defense shall issue guidance for major automated information systems acquisition programs to promote the use of best acquisition, contracting, requirement development, systems engineering, program management, and sustainment practices, including—
“(1)
ensuring that an acquisition program baseline has been established within two years after program initiation;
“(2)
ensuring that program requirements have not changed in a manner that increases acquisition costs or delays the schedule, without sufficient cause and only after maximum efforts to reengineer business processes prior to changing requirements;
“(3)
policies to evaluate commercial off-the-shelf business systems for security, resilience, reliability, interoperability, and integration with existing interrelated systems where such system integration and interoperability are essential to Department of Defense operations;
“(4)
policies to work with commercial off-the-shelf business system developers and owners in adapting systems for Department of Defense use;
“(5)
policies to perform Department of Defense legacy system audits to determine which systems are related to or rely upon the system to be replaced or integrated with commercial off-the-shelf business systems;
“(6)
policies to perform full backup of systems that will be changed or replaced by the installation of commercial off-the-shelf business systems prior to installation and deployment to ensure reconstitution of the system to a functioning state should it become necessary;
“(7)
policies to engage the research and development activities and laboratories of the Department of Defense to improve acquisition outcomes; and
“(8)
policies to refine and improve developmental and operational testing of business processes that are supported by the major automated information systems.”