cdc system portfolio new imperatives · 03/02/2011 · – portfolio composition • new...
TRANSCRIPT
State of CDC’s Systems Portfolio State of CDC’s Systems Portfolio State of CDC’s Systems Portfolio State of CDC’s Systems Portfolio and New Imperativesand New Imperatives
Jim Seligman
Chief Information Officer
CDC Information Systems
• Historical & Current Systems Profile
– Investment Trends
– Portfolio Composition– Portfolio Composition
• New Imperatives and Influences
– HSPD-12 Smart Card enablement
– Portfolio Review & OMB Tech Stat
– Shared Software and Data Services
$0
$50
$100
$150
$200
$ M
illio
ns
CDC IT Expenditures
IT Intramural IT ExtramuralIT Intramural IT Extramural
CDC FY 2012 IT Investment Composition
Investment Level Total Value Average Cost
Major (6) $137.6M $22.9M
Tactical (12) $64.9 M $5.4MTactical (12) $64.9 M $5.4M
Supporting (109) $101.7M $0.9M
Extramural (7) $161.2M $23.0M
Total FY 2012 (134) $465.4M $3.5M
CDC FY 2012 Investment Jurisdiction
$250
$300
$350
Intramural
$304 MExtramural
$161M
$0
$50
$100
$150
$200
66%
34%
Number of Systems Trending
500
600
700
140
160
180
200
Portfolio Size
New or Retired Systems
Systems Portfolio
0
100
200
300
400
0
20
40
60
80
100
120
FY 2005 FY 2006 FY 2007 FY 2008 FY 2009 FY 2010
Portfolio Size
New or Retired Systems
Fiscal Year
New Systems Retired Systems Portfolio
6
IT Systems by Organization
Center/Office # Systems
FY 2012
Planned
Budget ($M)
Cost per System
($M)
CGH 7 $0.8 $0.1
NIOSH 8 $0.9 $0.1
OD 153 $45.4 $0.3 OD 153 $45.4 $0.3
OID 174 $71.1 $0.4
ONDIEH 135 $23.3 $0.2
OPHPR 26 $13.0 $0.5
OSELS 55 $65.9 $1.2
OSTLTS 2 $0.1 $0.1
Total 560 $220.5 $0.4 Inclusion/Exclusion Criteria
Include intramural spending only
Exclude IT infrastructure
Exclude "Not Updated," "Planning," or "Planned Retirement" systems
CDC Systems by Mission Criticality
191 Low Criticality
8
132
299
High Criticality Systems
Medium Criticality
FY 2012 Systems by Lifecycle Phase
$218
47%$247
47%$247
53%Development &
Modernization
Operations &
Maintenance
$ in Millions
Federal IT Dashboard - HHS
Federal IT Dashboard - CDC
New ImperativesNew Imperatives
Identity & Access Management Program
• OMB Requirements and Deadlines
• CDC Milestones
Application Assessment• Application Assessment
• Application Smart Card Enablement
Draft - For Discussion Purposes Only 13
OMB Requirements and Deadlines
OMB Feb 3, 2011 Directive
• Fund HSPD-12 credential issuance using existing resources
• FY 10 - all new systems must be enabled to accept HSPD-12 credentials for authenticating Federal employees and contractorsauthenticating Federal employees and contractors
• FY 11 - agencies must use system technology refreshment funding (DME or O&M) to upgrade existing systems to use HSPD-12 credentials
– CDC policy to be issued in March 2011
• FY 12 - agencies shall not spend DME or O&M technology refreshment funding on systems unless they use HSPD-12 credentials to authenticate Federal employees and contractors
14
FY 11 Timeline for Logical Access Controls
Documentation
Complete ITSO
Middleware /
Card Reader Pilot
and
Documentation
Smart Card
access via CITGO
available
WS-3
Develop IWA PKI
Enablement
Application
Guides (.NET,
JAVA)
WS-5
Complete Testing
Smart Card
Access for
Webmail
Test and
Standardize
Blackberry and
Bluetooth
Equipment
WS-4
WS-3
Smart Card
Maintenance
WS-15
WS-3
E-Auth Go Live
Phase 2 (Level 2
WS-14
Start SDN
Migration
WS-14
E-Auth Go Live
Phase 1 (Level 1)
WS-14
Start PKI
Enablement Pilot
WS-5
Logical Access Plan Milestone
Establish Unified
Helpdesk Plan
OCT 2010 – DEC 2010
Q1
JAN 2011 – MAR 2011
Q2
JUL 2011 – SEP 2011
Q4
APR 2011 – JUN 2011
Q3
Distribute
Desktop Readers
& Middleware to
GOE Users
WS-3WS-15
Maintenance
Deployment Plan
Phase 2 (Level 2
& 3)
Start PKI
Enablement Pilot
2
WS-5
15
Enablement Pilot
1
Application Assessment Survey
• CDC Application Assessment for Smart
Card Enablement Survey
• Total Number of Responses: 424 (~75%
responded)
Draft - For Discussion Purposes Only 16
Application Assessment Survey
26
Integrated Windows Authentication
Draft - For Discussion Purposes Only 17
218180
Yes
No
Unsure
Application Assessment Survey
25 41
Application Type
Standard Commercial
Package
Draft - For Discussion Purposes Only 18
25 41
356
Package
Highly Customized
Commercial Package
Custom Developed
Application
Application Assessment Survey
15
6
6 3
Application Language
Draft - For Discussion Purposes Only 19
126
13
15.Net
Java
Access/SQL
SAS
PowerBuilder
Foxpro
Application Assessment Survey
80
100
120
140
102
7569
128
Total User Population
Draft - For Discussion Purposes Only 20
0
20
40
60
80
1 to 10 10 to 100 100 to
1000
1000 to
5000
Greater
than 5000
7569
24
HSPD-12 Logical Access Approach
• HHS Enterprise Applications (e.g. CapHR, EWITS, LMS)– Plan to use Sun Identity and Access Manager-based solution
• CDC Capabilities currently using Integrated Windows Authentication (IWA)
– Built-in, requires no additional investment
– Leverages existing investment and infrastructure
– Ties in with CDC Active Directory that is already PKI enabled for Smart Card authentication
• Authentication upgrades will require focused investment over time
– Microsoft .NET applications can easily upgrade to Integrated Windows Authentication
– JAVA/J2EE provides available, mature, bolt-on modules
– Develop a set of generic authentication modules shared across systems
Draft - For Discussion Purposes Only 21
PKI-Enabling Technology CategoriesCategory A – IWA-type applications or with built-in PKI support
Category B – Applications that will use Sun Identity Suite
Category C – Applications that will use PKI-enablement libraries
Category D – Applications/Systems where access is limited by “PKI-enabled Vault” i.e. need a credential to login to the server
Category E – Applications where the vendor provides upgrades to PKI-enable
Category F – Applications that will be replaced (Not PKI-enabled in favor of new application)
Category G – Applications that will not be upgraded (requires justification)
Draft - For Discussion Purposes Only 22
Logical Access Next Steps
• Integrated Windows Authentication Guides developed for .Net and Java applications, posted on IRGC SharePoint site
• HSPD-12 PMO meeting with major CDC application groups
• Develop additional guidance documents to leverage • Develop additional guidance documents to leverage Integrated Windows Authentication
• Develop tests to verify HSPD-12 compliance
• Establish user groups to identify impacts and requirements
• Conduct pilots and develop prototypes
Draft - For Discussion Purposes Only 23
CDC Systems Review• Number of systems?
• Spending on systems?
• Redundancy/duplication?
• System development success: on-time, on-scope, on-budget?
• System performance success measures– meeting original intent– achieving performance measures– scale of usage and content– customer satisfaction
Shared Software and Data Services
• Developing a registry of shared software and data services
– Service name
– Service description
– Contact
– Lifecycle stage
– Information location (URL)
– Authentication required
– Standards supported
• Compliment to Enterprise Systems Catalog & EA Reference Guide
• Resource for developers - shared code, objects, APIs, data resources
Some Candidate Shared Services at CDC
• WONDER – 11 Databases of Population, Vital Statistics, and Morbidity
– XML-based API
• Security Services (SDN and IAM.Net Services)• Security Services (SDN and IAM.Net Services)– Identification, Access, and Credentialing Services
• PHIN Services– PHIN-MS (Messaging), PHINDIR (Directory), PHIN-VADS
(Vocabulary)
• GIS Mapping/Geospatial Services
• People Repository (other HR Services)
Questions?Questions?