January 24, 2011

Identity, Credential, and

Access Management Office (ICAMO)

GSA Access Management System

(GAMS)

TechStat to ITEC | EA Evaluation

- 2 -

GAMS Architectural Overview

GAMS Portfolio Snapshot

GAMS Programmatic Overview

Current Status and Next Steps

Agenda

GAMS Architectural Overview

- 4 -

GSA CIOTechStat Process

3 GSA CIOTechStat 2 IE Analysis 1 Real-time Data

Determine relevant data

Evaluate performance

Suggest improvements

Past performance

Performance objectives

Performance strategy

Systems

Investments

Business operations

GOALS

Adopt a data-driven management approach to IT management with continuous performance reviews of IT systems and investment

Address performance or other situations that merit discussion and analysis

Ask probing questions to address root causes, isolate issues, and generate decisions

Focus on problem solving to improve performance

- 5 -

Focus of EA Review

Alignment

– How and where does the investment fit within the GSA Architecture?

• How does the investment help realize strategic business capabilities?

• How does the investment align to GSA’s core EA values?

• How does the investment align to the target GSA IT architecture?

Synchronization

– What are the interdependencies with the investment?

• What are the dependencies and constraints on its

implementation?

• What risks need to be addressed and minimized?

• What opportunities could the investment help

realize?

- 6 -

EA Alignment: Strategic Business Capabilities Strategic Capabilities | Contributing Capabilities

Construct sustainable, LEED-certified buildings

Provide green, energy-efficient fleet

Provide real-time inventory and order tracking

Provide delivery solution

Develop one-point access to GSA offerings

Develop flexible acquisition solution

Develop smart workplace solutions

Enable global project management

Reform and streamline leasing

Enable citizen-centric government services

Provide government-wide technology platforms

Provide self-service to customers

Provide single point for integrated customer information

Enable succession planning and professional development

Enable automated records management

Enable data-driven, knowledge-based decision making

Modernize financial system

Enable strategic pricing and rate setting

Automate Performance Management Process

Enable mobile work experience

Enhance IT management services

Deliver unified communications

Optimize and consolidate IT infrastructure

Provide on-demand infrastructure

GAMS promotes anytime, anywhere access

by providing unified authentication

GAMS helps eliminate information system

silos by consolidating disparate logins

GAMS helps consolidate IT infrastructure

by providing a reusable service

- 7 -

EA Findings and Recommendations*

Conclusions

– GAMS is tightly aligned with the GAMS EA

– Significant interdependencies exist with GSA network upgrades and the A3

initiative

Recommendations

– Continue regular meetings among IO, A3, and IT Security

– Explore solutions to constraints on GSA’s “any device” vision imposed by

federal HSPD-12 regulations

– Clearly articulate – and commit to – network upgrade roadmap to improve

certainty of GAMS timetables

*Remaining slides provide additional details

GAMS Portfolio Snapshot

- 9 -

CPIC Performance Earned Value Management Results*

-6.00%

-5.00%

-4.00%

-3.00%

-2.00%

-1.00%

0.00%

1.00%

May-10 Jun-10 Jul-10 Aug-10 Sep-10 Oct-10 Nov-10

Cost Variance%

ScheduleVariance %

$5,000

$5,500

$6,000

$6,500

$7,000

$7,500

$8,000

May-10 Jun-10 Jul-10 Aug-10 Sep-10 Oct-10 Nov-10

Actual Costs

BAC

*$ in thousands

- 10 -

CPIC Performance and ICAM Points of Interest

Accelerated Logical Access Implementation Schedule

– SMT approved 3/2010

– Additional FY2010 DME funding applied

Consolidated ICAM and HSPD-12 Investments

– Reflects shared resources and inter-related activities

– Effective with GSA Passback submission

2010 Performance Goals

1. Develop detailed ICAM Implementation Plan – Achieved

2. ICAM implementation support and acquisition services – Achieved

3. At least one application integrated to ICAM infrastructure – Results Pending

4. Successful completion of C&A that results in ATO – Results Pending

5. Existence of ICAM infrastructure and application integration protocols that are

highly available for applications to consistently authenticate, authorize, and

audit – Results Pending

- 11 -

Current Cost and Scheduled Milestones* LACS SW/HW Acquisition

Planned Start: 4/1/2010 Planned Cost: $5,250 Planned End: 4/30/2010

Actual Start: 4/1/2010 Actual Cost: $5,406 Actual End: 4/30/2010

% Complete: 100%

LACS Implementation: Prepare Development & Production

Planned Start: 4/30/2010 Planned Cost: $711 Planned End: 9/27/2010

Actual Start: 4/30/2010 Actual Cost: $633 Actual End: Incomplete

% Complete: 89%

LACS Implementation: Pilot Integration

Planned Start: 7/28/2010 Planned Cost: $100 Planned End: 9/28/2010

Actual Start: 7/28/2010 Actual Cost: $35 Actual End: Incomplete

% Complete: 35%

Application Integration Support

Planned Start: 9/5/2010 Planned Cost: $1,259 Planned End: 9/4/2011

Actual Start: Actual Cost: $315 Actual End: Incomplete

% Complete: 25%

Upgrade Application Integration Support SW/HW

Planned Start: 9/1/2010 Planned Cost: $517 Planned End: 9/30/2010

Actual Start: 9/1/2010 Actual Cost: $517 Actual End: 9/30/2010

% Complete: 100%

*$ in thousands

GAMS Programmatic Overview

- 13 -

IAM is an industry-standard security and control platform that

empowers application administrators and users in managing digital

IDs and access to applications and resources

Infrastructure services include

Identity Management and Role Management

Authentication Support including GSA Access Card and GSA

Network Username and Password

Single Sign-On for GSA Applications

ICAM adds Credential Management to IAM in the Federal workspace

GAMS is GSA’s implementation of a COTS IAM system

Identity and Access Management (IAM)

- 14 -

GAMS History

Planning

Procurement

Infrastructure Buildout

Agency-wide Integrations

Before GAMS

Before GAMS

– 2006: GCIMS created to support HSPD-12

– 2007: GCIMS web enabled to support agency-wide

deployment

– 2007: Pilot IAM using Sun Access Manager and IdM

– 2008: Developed IAM roadmap based on needs and IAM

pilot

Planning

– January 2009: Business Case Published

– September 2009: GSA IT Strategic Plan for FY2010-2012

Published

– October 2009: Acquire ICAM Office Support Staff

Procurement

– December 2009: GAMS Software Requirements Completed

– February 2010: Selected the Oracle IAM Platform

– April 2010: Completed acquisition of hardware and software

– May 2010: Received hardware and software

Infrastructure Buildout

– May 2010: Began deploying

– July 2010: GSA Access Card Workstation

Enablement Roll Out Planned for Completion

– August 2010: Completed GAMS Application Tool Kit

– September 2010: GAMS Release 1 complete

– September 2010: Began GAMS C&A Activities and

completed integration build for GCIMS

– November 2010: Delivered the Application

Integration Schedule

– December 2010: GAMS Release 2 complete

Agency-wide Integrations

– December 2010: Three apps integrated into

Integration & Test

We are Here

- 15 -

GAMS Deployment Strategy

Rel Capability Rel Date Status

1 Centralized GSA Access Card Authentication,

Web Single Sign On (SSO), User Self Service,

Delegated User Administration, Enforcement

of Segregation of Duties

Q1 – FY10 Done

2 Desktop SSO Q1 – FY11 Done

3 Accessing Non-GSA apps using SAML 2.0,

GSA Access Card support for cloud apps

Q2 – FY11 In Progress

4 Identity Analytics, User Recertification, Role

Mining, Role Engineering

Q3 – FY11 Pending

5 Accepting Non-GSA Credentials using SAML

2.0

Q4 – FY11 Pending

6 Automated Employee In/Out Processing Q1 – FY12 Pending

- 16 -

GAMS FY2011 Scheduled Releases*

Q1: Simpler Sign-On & Legacy Desktop Sign-On

Q2: Strong authentication for Cloud-based Apps

Q3: Identity Analytics for enhanced role management, user certification, and security

Q4: Authenticate Non-GSA credentials Pilot Automatic User In/Out Processing

*May change based on actual completion date of network security redesign

- 17 -

GAMS FY2011 Activity Roadmap*

*May change following GSA Security Team’s recommendations

Current Status and Next Steps

- 19 -

GAMS Release 1 and 2 are ready for Go-Live, awaiting ATO

Network environment changed forcing redesign of network security

architecture (multi-tier security), articulating network upgrade roadmap

Expected date for ATO is May 2011

Application integrations to follow ATO, beginning with PBS Portal

Continue regular meetings among IO, A3, and IT Security

– Discuss A3 issues: devices supporting GSA Access Card logon, being FIPS 140-2 and

OMB 06-16 compliant, and storing government data on non-GFE

Development continuing on GAMS releases

– Would Go-Live at Release 3 in May

Options to accelerate move to multi-tier security for ATO:

– Accept “flat” network security architecture for now

• Increases time and cost to move to multi-tier

• Increases risk

– Accelerate network security implementation

GAMS Current Status and Next Steps