FY2019_June_State_IT_Modernization

Start Date: Sunday, January 26, 2020

End Date: Friday, December 31, 9999

Download File

Agency Priority Goal Action Plan IT Modernization Goal Leaders: Stuart McGuigan, Chief Information Officer, Bureau of Information Resource Management Fiscal Year 2019, Quarter 1&2 Overview Goal Statement o Enhance user and mission efficiency by increasing the productivity, usability, security, and relevance of IT solutions supporting the Department. By September 30, 2019, the Department will establish a secure cloud-based platform to improve Information Technology (IT) service delivery by: implementing an Identity Management System (IDMS) solution for all Department systems, transitioning users to cloud collaboration platforms, closing redundant data centers, modernizing target architecture, and continuing to deploy wireless (Wi-Fi) Department wide. Challenge o Legacy systems pose investment and security risks and rely on increasingly costly and obsolete technologies; o Some IT investments do not benefit from full governance rigor, which may result in duplication, lack of strategic business and technical alignment, and investment risk. Opportunity o Provide single sign on for all users to access cloud-based and legacy systems/services; o Design systems to target architecture to mitigate security risks posed by legacy systems and enhance overall IT security performance; o Accelerate modernization of the Department’s technology services, closure of data centers, and offer improved access to business data through commercial cloud services, cloud-ready digital identities, and cloud provided foundational services (i.e. email, Wi-Fi and productivity tools); and o Restructure governance processes and IT portfolio (shifting an increased percentage to the budget from operations and maintenance (O&M) to development and modernization and enhancements (DM&E)). 2 Leadership Core Team: This IT Agency Priority Goal (APG) is a result of the Department’s IT Modernization initiative. Below is a high level organization representing the leadership support structure in place. Secretary Under Secretary of Management Chief Information Officer (CIO) Principal Deputy Chief Information Officer (PDCIO) Deputy CIO for Information Deputy CIO for Foreign Deputy CIO for Business Assurance Deputy CIO for Operations Operations Management & Planning Chief Information Security Officer (CISO) Modernizing IT Systems & Improve Enterprise Wide Real Time Collaboration / Service Delivery Improve Enterprise Wide Data Accessibility, MDM, Work Anytime, Anywhere Data Accessibility & Security EMD, & & & Governance Initiatives & IT & O/S & Domestic Wi-Fi, & Service Delivery Standard Security Controls Cloud Collaboration Platform Sourcing Strategy Modernization for Cloud Platform 3 Key Milestones 1. 2. 3. 4. Improve Enterprise- Real Time Collaboration Modernize IT Systems Improve Enterprise- Wide Data Accessibility / Work Anytime, and Service Delivery Wide Data Accessibility Anywhere & Security Right Data to the Right People Ecosystem to Support Mobility Ecosystem to Adapt to a Cybersecurity and Standard Identify a certified project Identify a certified project Changing Workforce Security Controls for Cloud manager and submit a manager and submit a complete Identify a certified project Platform complete IDMS business case business case to the eGov PMO manager and submit a Complete the Enterprise to the eGovPMO - Q3 FY 2018 for each of the projects below – complete business case to Information Security Program Q3 FY 2018 the eGov PMO for each of the Plan – Q4 FY 2018 projects below – Q3 FY 2018 IDMS for Cloud and for Cloud Collaboration Platform Governance Initiatives & IT Cybersecurity On-Premise Applications • Ensure all core functionality is Services Delivery • Increase the Domain-based available domestically and • Use governance to identify • Build IT Modernization focused Message Authentication, and procure an appropriate begin providing targeted EA roadmap – Q1 FY 2019 Reporting, and IDMS solution – Q3 FY 2018 services overseas – Q1 FY • Develop new Service Delivery Conformance (DMARC) set 2019 governance model – Q4 FY to default ‘reject’ to 100% Pilot cloud application • Overseas and Domestic Wi-Fi – 2018 – Q1 FY 2019 access through IDMS – Q4 FY 2018 A Foundational Enterprise • Develop a modernized • Increase high and medium Service Enterprise Architecture (EA) impact systems that have • First production, on- • Develop and launch a program – Q4 FY 2018 authorization to operate premise application access consolidated rollout strategy • Upgrade service delivery (ATO) – Q4 FY 2019 via IDMS – Q1 FY 2019 – Q1 FY 2019 governance processes and risk • Launch additional legacy Mobile Device Management management framework – Q2 Standard Security Controls and cloud integration with and Conversion Strategy – A FY 2019 for Cloud Platforms IDMS – Q2 FY 2019 Foundational Enterprise • Upgrade IT portfolio • Complete the Amazon Service investments and systems Web Services Information • Use governance to modernize modernization using new EA Security Program Plan – Q4 mobile device management – and service delivery model – FY 2019 Q4 FY 2018 Q3 FY 2019 See pages 5-11 for detailed milestones for each subproject. 4 Summary of Progress – FY 2019 Q1 and Q2 Improve Enterprise-Wide Data Accessibility Milestones Milestone Milestone Change from Key Milestones Due Date Status Last Quarter Comments IDMS – IRM/VMO Implement requirements gathering Q1 FY 2018 Completed N/A and analysis Identify a PM and submit IDMS Q3 FY 2018 Completed N/A business case to the eGov PMO Design IDMS solution and develop Q3 FY 2018 Completed N/A acquisition plan Pilot cloud application/integration Q4 FY 2018 In Process Yes All assessment and authorization access through IDMS Solution artifacts submitted, Integrated Project Team review in process by Information Assurance, and expected authorization to operate in Q3 FY 2019. First production, on premise Q1 FY 2019 In Process Yes Parallel efforts in progress for application access via IDMS ServiceNow and AirWatch implementations. Expand legacy system integration Q2 FY 2019 Planned N/A with IDMS 5 Summary of Progress – FY 2019 Q1 and Q2 Real Time Collaboration / Work Anytime, Anywhere Milestones Milestone Milestone Change from Key Milestones Due Date Status Last Quarter Comments Cloud Collaboration – IRM/OPS Implement requirements gathering Q1 FY 2018 Completed N/A and analysis Identify a PM and submit business Q3 FY 2018 Completed N/A case to the eGov PMO Deploy collaboration capabilities to Q3 FY 2018 Completed Yes Collaboration capabilities have targeted domestic and overseas been deployed to targeted locations, including Outlook Online, domestic and overseas locations. Skype, SharePoint Online, OneDrive Web, OneDrive Sync, InTune, and Office Online Expand domestic and overseas cloud Q1 FY 2019 In Process Yes MS Office online is available to collaboration capabilities 100% of users, 76% have been migrated to MS O365 cloud-based mail and 90% is planned through Q4 FY 2019. 6 Summary of Progress – FY 2019 Q1 and Q2 Real Time Collaboration / Work Anytime, Anywhere Milestones Milestone Milestone Change from Key Milestones Due Date Status Last Quarter Comments Overseas and Domestic Wi-Fi – IRM/FO Finalize pilot and develop plan Q1 FY 2018 Completed N/A Identify a PM and submit Wi-Fi Q3 FY 2018 Completed N/A business case to the eGov PMO Identify target domestic and overseas Q3 FY 2018 Completed N/A locations for Wi-Fi install / upgrades Deploy Wi-Fi to planned FY 2018 Q4 FY 2018 Completed N/A locations Expand domestic and overseas Wi-Fi Q1 FY 2019 In Process Yes This represents a multi-year plan Deployment to expand Wi-Fi deployments to domestic and overseas locations is now in effect. Thirty location are planned by Q4 FY 2019. The Interagency ICASS Executive Board agreed to share funding for overseas WiFi operations, maintenance and refresh costs on a local level "opt-out" basis, starting in FY 2021. 7 Summary of Progress – FY 2019 Q1 and Q2 Real Time Collaboration / Work Anytime, Anywhere Milestones (Cont.) Milestone Milestone Change from Key Milestones Due Date Status Last Quarter Comments Mobile Device Management (MDM) and Conversion Strategy – IRM/OPS/MSO/MRA Implement requirements gathering Q1 FY 2018 Completed N/A and analysis Initiate pilot and develop plan Q2 FY 2018 Completed N/A Identify a PM and submit MDM Q3 FY 2018 Completed N/A business case to the eGov PMO Begin upgrade/modernization of Q4 FY 2018 Completed Yes MDM Solution Expand upgrade/modernize MDM Q2 FY 2019 In Process Yes Currently expanded to 3,000 users. Solution Retire Legacy MDMs Q4 FY 2019 Planned N/A 8 Summary of Progress – FY 2019 Q1 and Q2 Modernize IT Systems and Service Delivery Milestones Change Milestone Milestone from Last Key Milestones Due Date Status Quarter Comments Governance Initiatives & IT Services Delivery – Enterprise Architecture Governance – IRM/BMP/OCA Implement requirements gathering Q1 FY 2018 Completed N/A and analysis Identify a PM and submit EA business Q3 FY 2018 Completed Yes A PM has been identified and the case to the eGov PMO business case is complete. Develop a modernized EA Program Q4 FY 2018 In Process Yes A project plan plus associated program focused on services budget and resources are being executed iteratively to generate the appropriate EA staff and services to be completed Q3 FY 2019. Build IT Modernization focused EA Q1 FY 2019 In Process Yes All EA roadmap components are being roadmap(s) developed within a phased approach. Deliverables to be matured on an iterative schedule and utilized on an as needed basis. Update IT portfolio investments and Q3 FY 2019 Planned N/A All applicable investments and systems modernization using associated systems are being realigned modernized EA within a phased approach. Deliverables to be iteratively matured starting in Q4 FY 2019. 9 Summary of Progress – FY 2019 Q1 and Q2 Modernize IT Systems and Service Delivery Milestones Change from Milestone Milestone Last Key Milestones Due Date Status Quarter Comments Governance Initiatives & IT Services Delivery – Service Delivery Governance – IRM/BMP/SPO/PM Implement Q1 FY Completed N/A requirements 2018 gathering and analysis Identify a PM and Q3 FY Completed Yes An IT Concept Questionnaire for the creation of an automated and submit service delivery 2018 optimized IT Governance Service, to include streamlined automated business case to the workflows, was submitted through the iMatrix CPIC tool. eGov PMO Develop new Service Q4 FY In Process Yes IRM continues to participate in government-wide, OMB-sponsored working Delivery Model 2018 groups to mature Technology Business Management (TBM) implementation guidance and finalize the framework’s service layer. The finalization of this service layer is a key dependency for IRM’s ability to execute its Service Optimization initiative. The TBM service layer taxonomy will supply the lexicon to apply the data tagging necessary to create full mission alignment across our IT asset inventory, our information systems inventory, our customer facing service catalog, and a suite of meaningful performance metrics that measure the cost and effective provision of our services. A project baseline will be established in Q4 FY 2019. Upgrade IT portfolio Q4 FY In Process Yes In concert with the process improvement activities, IRM is working to investments and 2019 leverage ServiceNow in aiding with its service delivery maturity. By systems modernization leveraging a modern, robust platform to manage the new framework, IRM using new service will have opportunities to gain valuable insights through enhanced analytical delivery model capabilities. Reconfiguring the Department’s IT Portfolio within the new TBM framework will be an activity captured within project plan referenced above, which will be established in Q4 FY 2019. 10 Summary of Progress – FY 2019 Q1 and Q2 Improve Enterprise-Wide Data Accessibility & Security & Standard Security Controls for Cloud Platform Milestones Milestone Milestone Change from Key Milestones Due Date Status Last Quarter Comments Cybersecurity and Standard Security Controls for Cloud Platform – IRM/IA Complete the Enterprise Information Q4 FY 2018 Completed N/A Security Program Plan [For intrusion detection and prevention] Q1 FY 2019 Completed Yes As of October 16, 2018, DMARC Increase the DMARC set to default level is at 100%. ‘reject’ to 100% In support of the standard security Q4 FY 2019 Planned N/A controls for the cloud platform, complete the Amazon Web Services Information Security Program Plan Increase High Impact Systems that have Q4 FY 2019 In Process Yes Q4 FY 2018 is 70%. authorization to operate (ATO) to 75% Q1 FY 2019 Cybersecurity Risk Management Assessment canceled due to shutdown. Increase Moderate Impact Systems that Q4 FY 2019 In Process Yes Q4 FY 2018 is 53%. have ATO to 60% Q1 FY 2019 Cybersecurity Risk Management Assessment canceled due to shutdown. 11 Key Indicators Forecast FY Forecast FY Indicator Baseline Target 2018 2019 Improve Enterprise-Wide Data Accessibility Percentage of users that are leveraging the enterprise IDMS 0 116,000 0% 90% solution thus increasing efficiencies Real Time Collaboration / Work Anytime, Anywhere Percentage of employees transitioned to primary cloud 0 116,000 50% 90% collaboration platform. Percentage of domestic data centers that are closed due to 0 126 15% 30% efficiencies of the cloud. Percentage of Department domestic buildings and overseas posts 18 100 10% 30% that support Wi-Fi. Modernize IT Systems and Service Delivery Percentage of systems designed to the target architecture. 0 TBD 0% 20% Improve Enterprise-Wide Data Accessibility & Security Q3 FY 2018 Percentage of High Impact Systems that have ATO 75% 65% 75% 65% Q3 FY 2018 Percentage of Moderate Impact Systems that have ATO 60% 46% 60% 46% [Intrusion and Detection Prevention] Percentage of DMARC set to Q3 FY 2018 100% 55% 100% default ‘reject’ 25% 12 Data Accuracy and Reliability Data Source Accuracy & Reliability Project: IDMS Central digital ID Store The data source is highly reliable and current. Enterprise GAL There are three core data sources that are required for this effort. First, is the Enterprise Project: Global Address List (GAL) data source is highly reliable and current that will support user Anywhere/Anytime metrics. Second, the Data Center Optimization Initiative (DCOI) report is an annual report Enterprise GAL, DCOI providing status about data center consolidation. Lastly, the Bureau of Administration (A) Report, A & OBO & Bureau of Overseas Building Operations (OBO) provide data regarding building and facilities domestically and overseas. Each system is an accurate data source. Project: Optimized IT Governance & Service iMatrix provides an accurate representation of the approved enterprise systems within Delivery the Department. iMatrix Project: Improve Enterprise-Wide Data The data source is the Department of Homeland Security’s quarterly Cybersecurity Risk Accessibility & Security Management Assessment report. These reports are considered reliable. FISMA 13 Additional Information Contributing Programs Organizations: o Bureau of Information Resource Management (IRM) Program Activities: o (1) Improve Enterprise-Wide Data Accessibility, (2) Real Time Collaboration / Work Anytime, Anywhere, (3) Modernize IT Systems and Service Delivery, and (4) Improve Enterprise-Wide Data Accessibility & Security Regulations: o E-Government Act (eGov), Federal IT Acquisition Reform Act (FITARA), Clinger-Cohen Act (CCA), Modernizing Government Technology Act (MGT), Federal Information Security Management Act (FISMA), President’s Management Agenda (PMA), Executive Order (EO) 13800: Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, Report to the President on Federal IT Modernization Policies: o 1 FAM 270, 5 FAM, 12 FAM 600 Other Federal Activities: o Foreign Affairs Cloud Environment Technology (FACET), Foreign Affairs Network (FAN), Strategic Sourcing, Enterprise Mobile Management (EMM) Modernization Stakeholder / Congressional Consultations IRM regularly meets with OMB’s eGov office reporting on these and other IT modernization initiatives and upon request briefs Senate and House committees. 14
Agency Priority Goal Action Plan IT Modernization Goal Leaders: Stuart McGuigan, Chief Information Officer, Bureau of Information Resource Management Fiscal Year 2019, Quarter 1&2 Overview Goal Statement o Enhance user and mission efficiency by increasing the productivity, usability, security, and relevance of IT solutions supporting the Department. By September 30, 2019, the Department will establish a secure cloud-based platform to improve Information Technology (IT) service delivery by: implementing an Identity Management System (IDMS) solution for all Department systems, transitioning users to cloud collaboration platforms, closing redundant data centers, modernizing target architecture, and continuing to deploy wireless (Wi-Fi) Department wide. Challenge o Legacy systems pose investment and security risks and rely on increasingly costly and obsolete technologies; o Some IT investments do not benefit from full governance rigor, which may result in duplication, lack of strategic business and technical alignment, and investment risk. Opportunity o Provide single sign on for all users to access cloud-based and legacy systems/services; o Design systems to target architecture to mitigate security risks posed by legacy systems and enhance overall IT security performance; o Accelerate modernization of the Department’s technology services, closure of data centers, and offer improved access to business data through commercial cloud services, cloud-ready digital identities, and cloud provided foundational services (i.e. email, Wi-Fi and productivity tools); and o Restructure governance processes and IT portfolio (shifting an increased percentage to the budget from operations and maintenance (O&M) to development and modernization and enhancements (DM&E)). 2 Leadership Core Team: This IT Agency Priority Goal (APG) is a result of the Department’s IT Modernization initiative. Below is a high level organization representing the leadership support structure in place. Secretary Under Secretary of Management Chief Information Officer (CIO) Principal Deputy Chief Information Officer (PDCIO) Deputy CIO for Information Deputy CIO for Foreign Deputy CIO for Business Assurance Deputy CIO for Operations Operations Management & Planning Chief Information Security Officer (CISO) Modernizing IT Systems & Improve Enterprise Wide Real Time Collaboration / Service Delivery Improve Enterprise Wide Data Accessibility, MDM, Work Anytime, Anywhere Data Accessibility & Security EMD, & & & Governance Initiatives & IT & O/S & Domestic Wi-Fi, & Service Delivery Standard Security Controls Cloud Collaboration Platform Sourcing Strategy Modernization for Cloud Platform 3 Key Milestones 1. 2. 3. 4. Improve Enterprise- Real Time Collaboration Modernize IT Systems Improve Enterprise- Wide Data Accessibility / Work Anytime, and Service Delivery Wide Data Accessibility Anywhere & Security Right Data to the Right People Ecosystem to Support Mobility Ecosystem to Adapt to a Cybersecurity and Standard Identify a certified project Identify a certified project Changing Workforce Security Controls for Cloud manager and submit a manager and submit a complete Identify a certified project Platform complete IDMS business case business case to the eGov PMO manager and submit a Complete the Enterprise to the eGovPMO - Q3 FY 2018 for each of the projects below – complete business case to Information Security Program Q3 FY 2018 the eGov PMO for each of the Plan – Q4 FY 2018 projects below – Q3 FY 2018 IDMS for Cloud and for Cloud Collaboration Platform Governance Initiatives & IT Cybersecurity On-Premise Applications • Ensure all core functionality is Services Delivery • Increase the Domain-based available domestically and • Use governance to identify • Build IT Modernization focused Message Authentication, and procure an appropriate begin providing targeted EA roadmap – Q1 FY 2019 Reporting, and IDMS solution – Q3 FY 2018 services overseas – Q1 FY • Develop new Service Delivery Conformance (DMARC) set 2019 governance model – Q4 FY to default ‘reject’ to 100% Pilot cloud application • Overseas and Domestic Wi-Fi – 2018 – Q1 FY 2019 access through IDMS – Q4 FY 2018 A Foundational Enterprise • Develop a modernized • Increase high and medium Service Enterprise Architecture (EA) impact systems that have • First production, on- • Develop and launch a program – Q4 FY 2018 authorization to operate premise application access consolidated rollout strategy • Upgrade service delivery (ATO) – Q4 FY 2019 via IDMS – Q1 FY 2019 – Q1 FY 2019 governance processes and risk • Launch additional legacy Mobile Device Management management framework – Q2 Standard Security Controls and cloud integration with and Conversion Strategy – A FY 2019 for Cloud Platforms IDMS – Q2 FY 2019 Foundational Enterprise • Upgrade IT portfolio • Complete the Amazon Service investments and systems Web Services Information • Use governance to modernize modernization using new EA Security Program Plan – Q4 mobile device management – and service delivery model – FY 2019 Q4 FY 2018 Q3 FY 2019 See pages 5-11 for detailed milestones for each subproject. 4 Summary of Progress – FY 2019 Q1 and Q2 Improve Enterprise-Wide Data Accessibility Milestones Milestone Milestone Change from Key Milestones Due Date Status Last Quarter Comments IDMS – IRM/VMO Implement requirements gathering Q1 FY 2018 Completed N/A and analysis Identify a PM and submit IDMS Q3 FY 2018 Completed N/A business case to the eGov PMO Design IDMS solution and develop Q3 FY 2018 Completed N/A acquisition plan Pilot cloud application/integration Q4 FY 2018 In Process Yes All assessment and authorization access through IDMS Solution artifacts submitted, Integrated Project Team review in process by Information Assurance, and expected authorization to operate in Q3 FY 2019. First production, on premise Q1 FY 2019 In Process Yes Parallel efforts in progress for application access via IDMS ServiceNow and AirWatch implementations. Expand legacy system integration Q2 FY 2019 Planned N/A with IDMS 5 Summary of Progress – FY 2019 Q1 and Q2 Real Time Collaboration / Work Anytime, Anywhere Milestones Milestone Milestone Change from Key Milestones Due Date Status Last Quarter Comments Cloud Collaboration – IRM/OPS Implement requirements gathering Q1 FY 2018 Completed N/A and analysis Identify a PM and submit business Q3 FY 2018 Completed N/A case to the eGov PMO Deploy collaboration capabilities to Q3 FY 2018 Completed Yes Collaboration capabilities have targeted domestic and overseas been deployed to targeted locations, including Outlook Online, domestic and overseas locations. Skype, SharePoint Online, OneDrive Web, OneDrive Sync, InTune, and Office Online Expand domestic and overseas cloud Q1 FY 2019 In Process Yes MS Office online is available to collaboration capabilities 100% of users, 76% have been migrated to MS O365 cloud-based mail and 90% is planned through Q4 FY 2019. 6 Summary of Progress – FY 2019 Q1 and Q2 Real Time Collaboration / Work Anytime, Anywhere Milestones Milestone Milestone Change from Key Milestones Due Date Status Last Quarter Comments Overseas and Domestic Wi-Fi – IRM/FO Finalize pilot and develop plan Q1 FY 2018 Completed N/A Identify a PM and submit Wi-Fi Q3 FY 2018 Completed N/A business case to the eGov PMO Identify target domestic and overseas Q3 FY 2018 Completed N/A locations for Wi-Fi install / upgrades Deploy Wi-Fi to planned FY 2018 Q4 FY 2018 Completed N/A locations Expand domestic and overseas Wi-Fi Q1 FY 2019 In Process Yes This represents a multi-year plan Deployment to expand Wi-Fi deployments to domestic and overseas locations is now in effect. Thirty location are planned by Q4 FY 2019. The Interagency ICASS Executive Board agreed to share funding for overseas WiFi operations, maintenance and refresh costs on a local level "opt-out" basis, starting in FY 2021. 7 Summary of Progress – FY 2019 Q1 and Q2 Real Time Collaboration / Work Anytime, Anywhere Milestones (Cont.) Milestone Milestone Change from Key Milestones Due Date Status Last Quarter Comments Mobile Device Management (MDM) and Conversion Strategy – IRM/OPS/MSO/MRA Implement requirements gathering Q1 FY 2018 Completed N/A and analysis Initiate pilot and develop plan Q2 FY 2018 Completed N/A Identify a PM and submit MDM Q3 FY 2018 Completed N/A business case to the eGov PMO Begin upgrade/modernization of Q4 FY 2018 Completed Yes MDM Solution Expand upgrade/modernize MDM Q2 FY 2019 In Process Yes Currently expanded to 3,000 users. Solution Retire Legacy MDMs Q4 FY 2019 Planned N/A 8 Summary of Progress – FY 2019 Q1 and Q2 Modernize IT Systems and Service Delivery Milestones Change Milestone Milestone from Last Key Milestones Due Date Status Quarter Comments Governance Initiatives & IT Services Delivery – Enterprise Architecture Governance – IRM/BMP/OCA Implement requirements gathering Q1 FY 2018 Completed N/A and analysis Identify a PM and submit EA business Q3 FY 2018 Completed Yes A PM has been identified and the case to the eGov PMO business case is complete. Develop a modernized EA Program Q4 FY 2018 In Process Yes A project plan plus associated program focused on services budget and resources are being executed iteratively to generate the appropriate EA staff and services to be completed Q3 FY 2019. Build IT Modernization focused EA Q1 FY 2019 In Process Yes All EA roadmap components are being roadmap(s) developed within a phased approach. Deliverables to be matured on an iterative schedule and utilized on an as needed basis. Update IT portfolio investments and Q3 FY 2019 Planned N/A All applicable investments and systems modernization using associated systems are being realigned modernized EA within a phased approach. Deliverables to be iteratively matured starting in Q4 FY 2019. 9 Summary of Progress – FY 2019 Q1 and Q2 Modernize IT Systems and Service Delivery Milestones Change from Milestone Milestone Last Key Milestones Due Date Status Quarter Comments Governance Initiatives & IT Services Delivery – Service Delivery Governance – IRM/BMP/SPO/PM Implement Q1 FY Completed N/A requirements 2018 gathering and analysis Identify a PM and Q3 FY Completed Yes An IT Concept Questionnaire for the creation of an automated and submit service delivery 2018 optimized IT Governance Service, to include streamlined automated business case to the workflows, was submitted through the iMatrix CPIC tool. eGov PMO Develop new Service Q4 FY In Process Yes IRM continues to participate in government-wide, OMB-sponsored working Delivery Model 2018 groups to mature Technology Business Management (TBM) implementation guidance and finalize the framework’s service layer. The finalization of this service layer is a key dependency for IRM’s ability to execute its Service Optimization initiative. The TBM service layer taxonomy will supply the lexicon to apply the data tagging necessary to create full mission alignment across our IT asset inventory, our information systems inventory, our customer facing service catalog, and a suite of meaningful performance metrics that measure the cost and effective provision of our services. A project baseline will be established in Q4 FY 2019. Upgrade IT portfolio Q4 FY In Process Yes In concert with the process improvement activities, IRM is working to investments and 2019 leverage ServiceNow in aiding with its service delivery maturity. By systems modernization leveraging a modern, robust platform to manage the new framework, IRM using new service will have opportunities to gain valuable insights through enhanced analytical delivery model capabilities. Reconfiguring the Department’s IT Portfolio within the new TBM framework will be an activity captured within project plan referenced above, which will be established in Q4 FY 2019. 10 Summary of Progress – FY 2019 Q1 and Q2 Improve Enterprise-Wide Data Accessibility & Security & Standard Security Controls for Cloud Platform Milestones Milestone Milestone Change from Key Milestones Due Date Status Last Quarter Comments Cybersecurity and Standard Security Controls for Cloud Platform – IRM/IA Complete the Enterprise Information Q4 FY 2018 Completed N/A Security Program Plan [For intrusion detection and prevention] Q1 FY 2019 Completed Yes As of October 16, 2018, DMARC Increase the DMARC set to default level is at 100%. ‘reject’ to 100% In support of the standard security Q4 FY 2019 Planned N/A controls for the cloud platform, complete the Amazon Web Services Information Security Program Plan Increase High Impact Systems that have Q4 FY 2019 In Process Yes Q4 FY 2018 is 70%. authorization to operate (ATO) to 75% Q1 FY 2019 Cybersecurity Risk Management Assessment canceled due to shutdown. Increase Moderate Impact Systems that Q4 FY 2019 In Process Yes Q4 FY 2018 is 53%. have ATO to 60% Q1 FY 2019 Cybersecurity Risk Management Assessment canceled due to shutdown. 11 Key Indicators Forecast FY Forecast FY Indicator Baseline Target 2018 2019 Improve Enterprise-Wide Data Accessibility Percentage of users that are leveraging the enterprise IDMS 0 116,000 0% 90% solution thus increasing efficiencies Real Time Collaboration / Work Anytime, Anywhere Percentage of employees transitioned to primary cloud 0 116,000 50% 90% collaboration platform. Percentage of domestic data centers that are closed due to 0 126 15% 30% efficiencies of the cloud. Percentage of Department domestic buildings and overseas posts 18 100 10% 30% that support Wi-Fi. Modernize IT Systems and Service Delivery Percentage of systems designed to the target architecture. 0 TBD 0% 20% Improve Enterprise-Wide Data Accessibility & Security Q3 FY 2018 Percentage of High Impact Systems that have ATO 75% 65% 75% 65% Q3 FY 2018 Percentage of Moderate Impact Systems that have ATO 60% 46% 60% 46% [Intrusion and Detection Prevention] Percentage of DMARC set to Q3 FY 2018 100% 55% 100% default ‘reject’ 25% 12 Data Accuracy and Reliability Data Source Accuracy & Reliability Project: IDMS Central digital ID Store The data source is highly reliable and current. Enterprise GAL There are three core data sources that are required for this effort. First, is the Enterprise Project: Global Address List (GAL) data source is highly reliable and current that will support user Anywhere/Anytime metrics. Second, the Data Center Optimization Initiative (DCOI) report is an annual report Enterprise GAL, DCOI providing status about data center consolidation. Lastly, the Bureau of Administration (A) Report, A & OBO & Bureau of Overseas Building Operations (OBO) provide data regarding building and facilities domestically and overseas. Each system is an accurate data source. Project: Optimized IT Governance & Service iMatrix provides an accurate representation of the approved enterprise systems within Delivery the Department. iMatrix Project: Improve Enterprise-Wide Data The data source is the Department of Homeland Security’s quarterly Cybersecurity Risk Accessibility & Security Management Assessment report. These reports are considered reliable. FISMA 13 Additional Information Contributing Programs Organizations: o Bureau of Information Resource Management (IRM) Program Activities: o (1) Improve Enterprise-Wide Data Accessibility, (2) Real Time Collaboration / Work Anytime, Anywhere, (3) Modernize IT Systems and Service Delivery, and (4) Improve Enterprise-Wide Data Accessibility & Security Regulations: o E-Government Act (eGov), Federal IT Acquisition Reform Act (FITARA), Clinger-Cohen Act (CCA), Modernizing Government Technology Act (MGT), Federal Information Security Management Act (FISMA), President’s Management Agenda (PMA), Executive Order (EO) 13800: Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, Report to the President on Federal IT Modernization Policies: o 1 FAM 270, 5 FAM, 12 FAM 600 Other Federal Activities: o Foreign Affairs Cloud Environment Technology (FACET), Foreign Affairs Network (FAN), Strategic Sourcing, Enterprise Mobile Management (EMM) Modernization Stakeholder / Congressional Consultations IRM regularly meets with OMB’s eGov office reporting on these and other IT modernization initiatives and upon request briefs Senate and House committees. 14

Roles:

Everyone: All Users