Agency Priority Goal Action Plan IT Modernization Goal Leaders: Karen Mummaw, Acting Chief Information Officer, Bureau of Information Resource Management Fiscal Year 2018, Quarter 4 Overview Goal Statement o Enhance user and mission efficiency by increasing the productivity, usability, security, and relevance of IT solutions supporting the Department. By September 30, 2019, the Department will establish a secure cloud-based platform to improve Information Technology (IT) service delivery by: implementing an Identity Management System (IDMS) solution for all Department systems, transitioning users to cloud collaboration platforms, closing redundant data centers, modernizing target architecture, and continuing to deploy wireless (Wi-Fi) Department wide. Challenge o Legacy systems pose investment and security risks and rely on increasingly costly and obsolete technologies; o Some IT investments do not benefit from full governance rigor, which may result in duplication, lack of strategic business and technical alignment, and investment risk. Opportunity o Provide single sign on for all users to access cloud-based and legacy systems/services; o Design systems to target architecture to mitigate security risks posed by legacy systems and enhance overall IT security performance; o Accelerate modernization of the Department’s technology services, closure of data centers, and offer improved access to business data through commercial cloud services, cloud-ready digital identities, and cloud provided foundational services (i.e. email, Wi-Fi and productivity tools); and o Restructure governance processes and IT portfolio (shifting an increased percentage to the budget from operations and maintenance (O&M) to development and modernization and enhancements (DM&E)). 2 Leadership Core Team: This IT Agency Priority Goal (APG) is a result of the Department’s IT Modernization initiative. Below is a high level organization representing the leadership support structure in place. Secretary Under Secretary of Management Chief Information Officer (CIO) Principal Deputy Chief Information Officer (PDCIO) Deputy CIO for Information Deputy CIO for Operations Deputy CIO for Foreign Operations Deputy CIO for Business Assurance Management & Planning Chief Information Security Officer (CISO) Real Time Collaboration / Work Modernizing IT Systems & Service Improve Enterprise Wide Data Improve Enterprise Wide Data Anytime, Anywhere Delivery Accessibility, MDM, EMD, Accessibility & Security & & & & O/S & Domestic Wi-Fi, & Sourcing Governance Initiatives & IT Service Cloud Collaboration Platform Standard Security Controls for Strategy Delivery Modernization Cloud Platform 3 Key Milestones 1. 2. 3. 4. Real Time Modernize IT Systems Improve Enterprise- Collaboration / Work Improve Enterprise-Wide Data and Service Delivery Wide Data Accessibility Anytime, Anywhere Accessibility & Security Right Data to the Right People Ecosystem to Support Mobility Ecosystem to Adapt to a Changing Cybersecurity and Standard Identify a certified project Identify a certified project manager Workforce Security Controls for Cloud manager and submit a complete and submit a complete business Identify a certified project manager Platform IDMS business case to case to the eGov PMO for each of and submit a complete business Complete the Enterprise the eGovPMO - Q3 FY 2018 the projects below – Q3 FY 2018 case to the eGov PMO for each of Information Security Program the projects below – Q3 FY 2018 Plan – Q4 FY 2018 IDMS for Cloud and for Cloud Collaboration Platform Governance Initiatives & IT Cybersecurity On-Premise Applications • Ensure all core functionality is Services Delivery • Increase the Domain-based • Use governance to identify available domestically and • Build IT Modernization focused Message Authentication, and procure an appropriate begin providing targeted EA roadmap – Q1 FY 2019 Reporting, and Conformance IDMS solution – Q3 FY 2018 services overseas – Q1 FY 2019 • Develop new Service Delivery (DMARC) set to default ‘reject’ Overseas and Domestic Wi-Fi – A governance model – Q4 FY 2018 to 100% – Q1 FY 2019 • Pilot cloud application access through IDMS – Q4 Foundational Enterprise Service • Develop a modernized Enterprise • Increase high and medium FY 2018 • Develop and launch a Architecture (EA) program – Q4 impact systems that have consolidated rollout strategy – FY 2018 authorization to operate (ATO) • First production, on- Q1 FY 2019 • Upgrade service delivery – Q4 FY 2019 premise application access via IDMS – Q1 FY 2019 Mobile Device Management and governance processes and risk Conversion Strategy – A management framework – Q2 FY Standard Security Controls • Launch additional legacy Foundational Enterprise Service 2019 for Cloud Platforms and cloud integration with • Use governance to modernize • Upgrade IT portfolio investments • Complete the Amazon Web IDMS – Q2 FY 2019 mobile device management – and systems modernization using Services Information Security Q4 FY 2018 new EA and service delivery Program Plan – Q4 FY 2019 model – Q3 FY 2019 See pages 5-11 for detailed milestones for each subproject. 4 Summary of Progress – Q4 FY 2018 Improve Enterprise-Wide Data Accessibility Milestones Milestone Milestone Change from Key Milestones Due Date Status Last Quarter Comments IDMS – IRM/VMO Implement requirements gathering Q1 FY 2018 Completed N/A and analysis Identify a PM and submit IDMS Q3 FY 2018 Completed N/A business case to the eGov PMO Design IDMS solution and develop Q3 FY 2018 Completed N/A acquisition plan Pilot cloud application/integration Q4 FY 2018 In Process Yes Due to delays in the release of access through IDMS Solution designated IT Modernization funding streams, acquisition of all required software was not completed until the end of Q4 FY 2018. Milestone expected to be achieved Q1 FY 2019. First production, on premise Q1 FY 2019 Planned N/A application access via IDMS Expand legacy system integration with Q2 FY 2019 Planned N/A IDMS 5 Summary of Progress – Q4 FY 2018 Real Time Collaboration / Work Anytime, Anywhere Milestones Milestone Milestone Change from Key Milestones Due Date Status Last Quarter Comments Cloud Collaboration – IRM/CPMO Implement requirements gathering Q1 FY 2018 Completed N/A and analysis Identify a PM and submit business Q3 FY 2018 Completed Yes A Cloud Program Management case to the eGov PMO Office (CPMO) has been identified and the Real Time Collaboration business case has been updated. Deploy collaboration capabilities to Q3 FY 2018 In Process N/A MS Office Online and Skype is targeted domestic and overseas available to 100% of Department locations, including Outlook Online, users, while 52% are using cloud- Skype, SharePoint Online, OneDrive based mail capabilities. Other Web, OneDrive Sync, InTune, and collaboration capabilities are still Office Online being deployed. Expand domestic and overseas cloud Q1 FY 2019 Planned N/A collaboration capabilities 6 Summary of Progress – Q4 FY 2018 Real Time Collaboration / Work Anytime, Anywhere Milestones Milestone Milestone Change from Key Milestones Due Date Status Last Quarter Comments Overseas and Domestic Wi-Fi – IRM/FO Finalize pilot and develop plan Q1 FY 2018 Completed N/A Identify a PM and submit Wi-Fi Q3 FY 2018 Completed Yes A PM has been identified and a business case to the eGov PMO business case was submitted on August 31 to eGov PMO. Identify target domestic and overseas Q3 FY 2018 Completed N/A locations for Wi-Fi install / upgrades Deploy Wi-Fi to planned FY 2018 Q4 FY 2018 Completed Yes All identified FY 2018 locations locations are complete. Expand domestic and overseas Wi-Fi Q1 FY 2019 Planned N/A Deployment 7 Summary of Progress – Q4 FY 2018 Real Time Collaboration / Work Anytime, Anywhere Milestones (Cont.) Milestone Milestone Change from Last Key Milestones Due Date Status Quarter Comments Mobile Device Management (MDM) and Conversion Strategy – IRM/OPS/MSO/MRA Implement requirements gathering Q1 FY 2018 Completed N/A and analysis Initiate pilot and develop plan Q2 FY 2018 Completed N/A Identify a PM and submit MDM Q3 FY 2018 Completed N/A business case to the eGov PMO Begin upgrade/modernization of MDM Q4 FY 2018 In Process Yes 75% of infrastructure complete to Solution support 50,000 users. Expand upgrade/modernize MDM Q2 FY 2019 Planned N/A Solution Retire Legacy MDMs Q4 FY 2019 Planned N/A 8 Summary of Progress – Q4 FY 2018 Modernize IT Systems and Service Delivery Milestones Milestone Milestone Change from Last Key Milestones Due Date Status Quarter Comments Governance Initiatives & IT Services Delivery – Enterprise Architecture Governance – IRM/BMP/OCA Implement requirements gathering Q1 FY 2018 Completed N/A and analysis Identify a PM and submit EA business Q3 FY 2018 In Process Yes A PM has been identified and the case to the eGov PMO business case is being developed and will be completed in Q1 FY 2019. Develop a modernized EA Program Q4 FY 2018 In Process Yes A project plan plus associated focused on services program budget and resources are being executed iteratively to generate the appropriate EA staff and services to be completed Q1 FY 2019. Build IT Modernization focused EA Q1 FY 2019 Planned N/A roadmap(s) Update IT portfolio investments and Q3 FY 2019 Planned N/A systems modernization using modernized EA 9 Summary of Progress – Q4 FY 2018 Modernize IT Systems and Service Delivery Milestones Milestone Milestone Change from Key Milestones Due Date Status Last Quarter Comments Governance Initiatives & IT Services Delivery – Service Delivery Governance – IRM/BMP/SPO/PM Implement requirements gathering and Q1 FY 2018 Completed N/A analysis Identify a PM and submit service delivery Q3 FY 2018 In Process N/A business case to the eGov PMO Develop new Service Delivery Model Q4 FY 2018 In Process N/A Upgrade IT portfolio investments and Q3 FY 2019 Planned N/A systems modernization using new service delivery model 10 Summary of Progress – Q4 FY 2018 Improve Enterprise-Wide Data Accessibility & Security & Standard Security Controls for Cloud Platform Milestones Milestone Milestone Change from Key Milestones Due Date Status Last Quarter Comments Cybersecurity and Standard Security Controls for Cloud Platform – IRM/IA Complete the Enterprise Information Q4 FY 2018 Completed Yes This Plan was completed in Security Program Plan September. [For intrusion detection and prevention] Q1 FY 2019 In Process Yes Q4 FY 2018 DMARC rate is at 55.5%. Increase the DMARC set to default ‘reject’ to 100% In support of the standard security Q4 FY 2019 Planned N/A controls for the cloud platform, complete the Amazon Web Services Information Security Program Plan Increase High Impact Systems that have Q4 FY 2019 In Process Yes Q4 FISMA data not yet available. authorization to operate (ATO) to 75% Increase Moderate Impact Systems that Q4 FY 2019 In Process Yes Q4 FISMA data not yet available. have ATO to 60% 11 Key Indicators Forecast FY Forecast FY Indicator Baseline Target 2018 2019 Improve Enterprise-Wide Data Accessibility Percentage of users that are leveraging the enterprise IDMS 0 116,000 0% 90% solution thus increasing efficiencies Real Time Collaboration / Work Anytime, Anywhere Percentage of employees transitioned to primary cloud 0 116,000 50% 90% collaboration platform. Percentage of domestic data centers that are closed due to 0 126 15% 30% efficiencies of the cloud. Percentage of Department domestic buildings and overseas posts 18 TBD 10% 30% that support Wi-Fi. Modernize IT Systems and Service Delivery Percentage of systems designed to the target architecture. 0 TBD 0% 20% Improve Enterprise-Wide Data Accessibility & Security Percentage of High Impact Systems that have ATO Q3 FY 2018 65% 75% 65% 75% Percentage of Moderate Impact Systems that have ATO Q3 FY 2018 46% 60% 46% 60% [Intrusion and Detection Prevention] Percentage of DMARC set to Q3 FY 2018 25% 100% 55% 100% default ‘reject’ 12 Data Accuracy and Reliability Data Source Accuracy & Reliability Project: IDMS Central digital ID Store The data source is highly reliable and current. Enterprise GAL There are three core data sources that are required for this effort. First, is the Enterprise Project: Anywhere/Anytime Global Address List (GAL) data source is highly reliable and current that will support user metrics. Second, the Data Center Optimization Initiative (DCOI) report is an annual report Enterprise GAL, DCOI providing status about data center consolidation. Lastly, the Bureau of Administration (A) & Report, A & OBO Bureau of Overseas Building Operations (OBO) provide data regarding building and facilities domestically and overseas. Each system is an accurate data source. Project: Optimized IT Governance & Service iMatrix provides an accurate representation of the approved enterprise systems within the Delivery Department. iMatrix Project: Improve Enterprise-Wide Data The data source is the Department of Homeland Security’s quarterly Cybersecurity Risk Accessibility & Security Management Assessment report. These reports are considered reliable. FISMA 13 Additional Information Contributing Programs Organizations: o Bureau of Information Resource Management (IRM) Program Activities: o (1) Improve Enterprise-Wide Data Accessibility, (2) Real Time Collaboration / Work Anytime, Anywhere, (3) Modernize IT Systems and Service Delivery, and (4) Improve Enterprise-Wide Data Accessibility & Security Regulations: o E-Government Act (eGov), Federal IT Acquisition Reform Act (FITARA), Clinger-Cohen Act (CCA), Modernizing Government Technology Act (MGT), Federal Information Security Management Act (FISMA), President’s Management Agenda (PMA), Executive Order (EO) 13800: Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, Report to the President on Federal IT Modernization Policies: o 1 FAM 270, 5 FAM, 12 FAM 600 Other Federal Activities: o Foreign Affairs Cloud Environment Technology (FACET), Foreign Affairs Network (FAN), Strategic Sourcing, Enterprise Mobile Management (EMM) Modernization Stakeholder / Congressional Consultations IRM regularly meets with OMB’s eGov office reporting on these and other IT modernization initiatives and upon request briefs Senate and House committees. 14

Agency Priority Goal Action Plan IT Modernization Goal Leaders: Karen Mummaw, Acting Chief Information Officer, Bureau of Information Resource Management Fiscal Year 2018, Quarter 4 Overview Goal Statement o Enhance user and mission efficiency by increasing the productivity, usability, security, and relevance of IT solutions supporting the Department. By September 30, 2019, the Department will establish a secure cloud-based platform to improve Information Technology (IT) service delivery by: implementing an Identity Management System (IDMS) solution for all Department systems, transitioning users to cloud collaboration platforms, closing redundant data centers, modernizing target architecture, and continuing to deploy wireless (Wi-Fi) Department wide. Challenge o Legacy systems pose investment and security risks and rely on increasingly costly and obsolete technologies; o Some IT investments do not benefit from full governance rigor, which may result in duplication, lack of strategic business and technical alignment, and investment risk. Opportunity o Provide single sign on for all users to access cloud-based and legacy systems/services; o Design systems to target architecture to mitigate security risks posed by legacy systems and enhance overall IT security performance; o Accelerate modernization of the Department’s technology services, closure of data centers, and offer improved access to business data through commercial cloud services, cloud-ready digital identities, and cloud provided foundational services (i.e. email, Wi-Fi and productivity tools); and o Restructure governance processes and IT portfolio (shifting an increased percentage to the budget from operations and maintenance (O&M) to development and modernization and enhancements (DM&E)). 2 Leadership Core Team: This IT Agency Priority Goal (APG) is a result of the Department’s IT Modernization initiative. Below is a high level organization representing the leadership support structure in place. Secretary Under Secretary of Management Chief Information Officer (CIO) Principal Deputy Chief Information Officer (PDCIO) Deputy CIO for Information Deputy CIO for Operations Deputy CIO for Foreign Operations Deputy CIO for Business Assurance Management & Planning Chief Information Security Officer (CISO) Real Time Collaboration / Work Modernizing IT Systems & Service Improve Enterprise Wide Data Improve Enterprise Wide Data Anytime, Anywhere Delivery Accessibility, MDM, EMD, Accessibility & Security & & & & O/S & Domestic Wi-Fi, & Sourcing Governance Initiatives & IT Service Cloud Collaboration Platform Standard Security Controls for Strategy Delivery Modernization Cloud Platform 3 Key Milestones 1. 2. 3. 4. Real Time Modernize IT Systems Improve Enterprise- Collaboration / Work Improve Enterprise-Wide Data and Service Delivery Wide Data Accessibility Anytime, Anywhere Accessibility & Security Right Data to the Right People Ecosystem to Support Mobility Ecosystem to Adapt to a Changing Cybersecurity and Standard Identify a certified project Identify a certified project manager Workforce Security Controls for Cloud manager and submit a complete and submit a complete business Identify a certified project manager Platform IDMS business case to case to the eGov PMO for each of and submit a complete business Complete the Enterprise the eGovPMO - Q3 FY 2018 the projects below – Q3 FY 2018 case to the eGov PMO for each of Information Security Program the projects below – Q3 FY 2018 Plan – Q4 FY 2018 IDMS for Cloud and for Cloud Collaboration Platform Governance Initiatives & IT Cybersecurity On-Premise Applications • Ensure all core functionality is Services Delivery • Increase the Domain-based • Use governance to identify available domestically and • Build IT Modernization focused Message Authentication, and procure an appropriate begin providing targeted EA roadmap – Q1 FY 2019 Reporting, and Conformance IDMS solution – Q3 FY 2018 services overseas – Q1 FY 2019 • Develop new Service Delivery (DMARC) set to default ‘reject’ Overseas and Domestic Wi-Fi – A governance model – Q4 FY 2018 to 100% – Q1 FY 2019 • Pilot cloud application access through IDMS – Q4 Foundational Enterprise Service • Develop a modernized Enterprise • Increase high and medium FY 2018 • Develop and launch a Architecture (EA) program – Q4 impact systems that have consolidated rollout strategy – FY 2018 authorization to operate (ATO) • First production, on- Q1 FY 2019 • Upgrade service delivery – Q4 FY 2019 premise application access via IDMS – Q1 FY 2019 Mobile Device Management and governance processes and risk Conversion Strategy – A management framework – Q2 FY Standard Security Controls • Launch additional legacy Foundational Enterprise Service 2019 for Cloud Platforms and cloud integration with • Use governance to modernize • Upgrade IT portfolio investments • Complete the Amazon Web IDMS – Q2 FY 2019 mobile device management – and systems modernization using Services Information Security Q4 FY 2018 new EA and service delivery Program Plan – Q4 FY 2019 model – Q3 FY 2019 See pages 5-11 for detailed milestones for each subproject. 4 Summary of Progress – Q4 FY 2018 Improve Enterprise-Wide Data Accessibility Milestones Milestone Milestone Change from Key Milestones Due Date Status Last Quarter Comments IDMS – IRM/VMO Implement requirements gathering Q1 FY 2018 Completed N/A and analysis Identify a PM and submit IDMS Q3 FY 2018 Completed N/A business case to the eGov PMO Design IDMS solution and develop Q3 FY 2018 Completed N/A acquisition plan Pilot cloud application/integration Q4 FY 2018 In Process Yes Due to delays in the release of access through IDMS Solution designated IT Modernization funding streams, acquisition of all required software was not completed until the end of Q4 FY 2018. Milestone expected to be achieved Q1 FY 2019. First production, on premise Q1 FY 2019 Planned N/A application access via IDMS Expand legacy system integration with Q2 FY 2019 Planned N/A IDMS 5 Summary of Progress – Q4 FY 2018 Real Time Collaboration / Work Anytime, Anywhere Milestones Milestone Milestone Change from Key Milestones Due Date Status Last Quarter Comments Cloud Collaboration – IRM/CPMO Implement requirements gathering Q1 FY 2018 Completed N/A and analysis Identify a PM and submit business Q3 FY 2018 Completed Yes A Cloud Program Management case to the eGov PMO Office (CPMO) has been identified and the Real Time Collaboration business case has been updated. Deploy collaboration capabilities to Q3 FY 2018 In Process N/A MS Office Online and Skype is targeted domestic and overseas available to 100% of Department locations, including Outlook Online, users, while 52% are using cloud- Skype, SharePoint Online, OneDrive based mail capabilities. Other Web, OneDrive Sync, InTune, and collaboration capabilities are still Office Online being deployed. Expand domestic and overseas cloud Q1 FY 2019 Planned N/A collaboration capabilities 6 Summary of Progress – Q4 FY 2018 Real Time Collaboration / Work Anytime, Anywhere Milestones Milestone Milestone Change from Key Milestones Due Date Status Last Quarter Comments Overseas and Domestic Wi-Fi – IRM/FO Finalize pilot and develop plan Q1 FY 2018 Completed N/A Identify a PM and submit Wi-Fi Q3 FY 2018 Completed Yes A PM has been identified and a business case to the eGov PMO business case was submitted on August 31 to eGov PMO. Identify target domestic and overseas Q3 FY 2018 Completed N/A locations for Wi-Fi install / upgrades Deploy Wi-Fi to planned FY 2018 Q4 FY 2018 Completed Yes All identified FY 2018 locations locations are complete. Expand domestic and overseas Wi-Fi Q1 FY 2019 Planned N/A Deployment 7 Summary of Progress – Q4 FY 2018 Real Time Collaboration / Work Anytime, Anywhere Milestones (Cont.) Milestone Milestone Change from Last Key Milestones Due Date Status Quarter Comments Mobile Device Management (MDM) and Conversion Strategy – IRM/OPS/MSO/MRA Implement requirements gathering Q1 FY 2018 Completed N/A and analysis Initiate pilot and develop plan Q2 FY 2018 Completed N/A Identify a PM and submit MDM Q3 FY 2018 Completed N/A business case to the eGov PMO Begin upgrade/modernization of MDM Q4 FY 2018 In Process Yes 75% of infrastructure complete to Solution support 50,000 users. Expand upgrade/modernize MDM Q2 FY 2019 Planned N/A Solution Retire Legacy MDMs Q4 FY 2019 Planned N/A 8 Summary of Progress – Q4 FY 2018 Modernize IT Systems and Service Delivery Milestones Milestone Milestone Change from Last Key Milestones Due Date Status Quarter Comments Governance Initiatives & IT Services Delivery – Enterprise Architecture Governance – IRM/BMP/OCA Implement requirements gathering Q1 FY 2018 Completed N/A and analysis Identify a PM and submit EA business Q3 FY 2018 In Process Yes A PM has been identified and the case to the eGov PMO business case is being developed and will be completed in Q1 FY 2019. Develop a modernized EA Program Q4 FY 2018 In Process Yes A project plan plus associated focused on services program budget and resources are being executed iteratively to generate the appropriate EA staff and services to be completed Q1 FY 2019. Build IT Modernization focused EA Q1 FY 2019 Planned N/A roadmap(s) Update IT portfolio investments and Q3 FY 2019 Planned N/A systems modernization using modernized EA 9 Summary of Progress – Q4 FY 2018 Modernize IT Systems and Service Delivery Milestones Milestone Milestone Change from Key Milestones Due Date Status Last Quarter Comments Governance Initiatives & IT Services Delivery – Service Delivery Governance – IRM/BMP/SPO/PM Implement requirements gathering and Q1 FY 2018 Completed N/A analysis Identify a PM and submit service delivery Q3 FY 2018 In Process N/A business case to the eGov PMO Develop new Service Delivery Model Q4 FY 2018 In Process N/A Upgrade IT portfolio investments and Q3 FY 2019 Planned N/A systems modernization using new service delivery model 10 Summary of Progress – Q4 FY 2018 Improve Enterprise-Wide Data Accessibility & Security & Standard Security Controls for Cloud Platform Milestones Milestone Milestone Change from Key Milestones Due Date Status Last Quarter Comments Cybersecurity and Standard Security Controls for Cloud Platform – IRM/IA Complete the Enterprise Information Q4 FY 2018 Completed Yes This Plan was completed in Security Program Plan September. [For intrusion detection and prevention] Q1 FY 2019 In Process Yes Q4 FY 2018 DMARC rate is at 55.5%. Increase the DMARC set to default ‘reject’ to 100% In support of the standard security Q4 FY 2019 Planned N/A controls for the cloud platform, complete the Amazon Web Services Information Security Program Plan Increase High Impact Systems that have Q4 FY 2019 In Process Yes Q4 FISMA data not yet available. authorization to operate (ATO) to 75% Increase Moderate Impact Systems that Q4 FY 2019 In Process Yes Q4 FISMA data not yet available. have ATO to 60% 11 Key Indicators Forecast FY Forecast FY Indicator Baseline Target 2018 2019 Improve Enterprise-Wide Data Accessibility Percentage of users that are leveraging the enterprise IDMS 0 116,000 0% 90% solution thus increasing efficiencies Real Time Collaboration / Work Anytime, Anywhere Percentage of employees transitioned to primary cloud 0 116,000 50% 90% collaboration platform. Percentage of domestic data centers that are closed due to 0 126 15% 30% efficiencies of the cloud. Percentage of Department domestic buildings and overseas posts 18 TBD 10% 30% that support Wi-Fi. Modernize IT Systems and Service Delivery Percentage of systems designed to the target architecture. 0 TBD 0% 20% Improve Enterprise-Wide Data Accessibility & Security Percentage of High Impact Systems that have ATO Q3 FY 2018 65% 75% 65% 75% Percentage of Moderate Impact Systems that have ATO Q3 FY 2018 46% 60% 46% 60% [Intrusion and Detection Prevention] Percentage of DMARC set to Q3 FY 2018 25% 100% 55% 100% default ‘reject’ 12 Data Accuracy and Reliability Data Source Accuracy & Reliability Project: IDMS Central digital ID Store The data source is highly reliable and current. Enterprise GAL There are three core data sources that are required for this effort. First, is the Enterprise Project: Anywhere/Anytime Global Address List (GAL) data source is highly reliable and current that will support user metrics. Second, the Data Center Optimization Initiative (DCOI) report is an annual report Enterprise GAL, DCOI providing status about data center consolidation. Lastly, the Bureau of Administration (A) & Report, A & OBO Bureau of Overseas Building Operations (OBO) provide data regarding building and facilities domestically and overseas. Each system is an accurate data source. Project: Optimized IT Governance & Service iMatrix provides an accurate representation of the approved enterprise systems within the Delivery Department. iMatrix Project: Improve Enterprise-Wide Data The data source is the Department of Homeland Security’s quarterly Cybersecurity Risk Accessibility & Security Management Assessment report. These reports are considered reliable. FISMA 13 Additional Information Contributing Programs Organizations: o Bureau of Information Resource Management (IRM) Program Activities: o (1) Improve Enterprise-Wide Data Accessibility, (2) Real Time Collaboration / Work Anytime, Anywhere, (3) Modernize IT Systems and Service Delivery, and (4) Improve Enterprise-Wide Data Accessibility & Security Regulations: o E-Government Act (eGov), Federal IT Acquisition Reform Act (FITARA), Clinger-Cohen Act (CCA), Modernizing Government Technology Act (MGT), Federal Information Security Management Act (FISMA), President’s Management Agenda (PMA), Executive Order (EO) 13800: Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, Report to the President on Federal IT Modernization Policies: o 1 FAM 270, 5 FAM, 12 FAM 600 Other Federal Activities: o Foreign Affairs Cloud Environment Technology (FACET), Foreign Affairs Network (FAN), Strategic Sourcing, Enterprise Mobile Management (EMM) Modernization Stakeholder / Congressional Consultations IRM regularly meets with OMB’s eGov office reporting on these and other IT modernization initiatives and upon request briefs Senate and House committees. 14