Introduction to IT Governance Support System (ITGSS)

2

Agenda

Introduction to EPA Portal Introduction to ITGSS Portal ITGSS Modules READ – Registry of EPA Applications and Databases ITGSS Security Module ITGSS Investment Module Current ITGSS Architecture Conceptual ITGSS Architecture Operational ITGSS Architecture

3

Introduction to ITGSS

ITGSS (IT Governance Support System)• Enables efficient collection, management and reporting of IT system

information

• Enhance compliance with regulatory requirements by simplifying document creation for system owners

• Ensure more accurate, timely, and complete responses to compliance audits

4

Introduction to EPA Portal

Provides single sign-on (SSO) to all applications Provides an easy-to-use interface across all applications Each user community can develop a portal presence to post information

and create applications for data submissions User communities can simplify business communication and consolidate

information using workspaces, web conferencing, discussions, and messaging.

The EPA Portal (http://portal.epa.gov) is the Agency’s central framework. The Portal provides the technical standard to integrate all of EPA’s cores services and provides a user-friendly, Web-based interface that allows users to access and view EPA’s integrated data holdings.

The Portal provides the following benefits to the Agency Program Offices and Regions:

5

EPA Portal

6

Introduction to ITGSS Portal Community

ITGSS consists of 3 modules • READ (Registry of EPA Applications and Databases)

• Security Module

• Investment Module

The ITGSS (IT Governance Support System) enables the efficient collection, management, and reporting of information technology (IT) system information. The goals of this initiative are to increase compliance with regulatory requirements by simplifying document creation for system owners and to enable more accurate, timely, and complete responses to compliance audits.

7

ITGSS Portal

8

READ - Registry of EPA Applications and Databases

READ (Registry of EPA Applications and Databases) • Serves as authoritative inventory for Environmental Protection

Agency (EPA) information resources (applications/systems, models, datasets)

• Provides a single point of entry to discover, identify, and locate the Agency’s information holdings

• Integrates the information resource inventory with investment and security information

• Collects Enterprise Architecture information, including Federal Enterprise Architecture categories for Architecture Repository and Tool

• Identifies interfaces between information resources

• Identifies subsystems to information resources

• Generates data standards report card

9

ITGSS Security Module

C&A Documents Currently Available• System Security Plan

• Assignment of Security Responsibility

• Rules of Behavior

• Certification Memo

• Authorizing Official Memo

ITGSS Security Module automates the certification and accreditation (C&A) process, which will help ensure that critical systems and security data managed by the EPA is ultimately secured, and that the systems that process that data are in compliance with Federal and Agency requirements for securing IT systems.

10

ITGSS Security Module

Planned Enhancements• Automate the Security Alerts, Security Awareness Training, and

Monitoring Reports

• Improve Data Sensitivity Analysis and Security Planning

• Develop Contingency Planning, Disaster Recovery Planning ,and Security Test and Evaluation Process (may depend on future direction of COTS tools evaluation)

• Develop Privacy Module – will both integrate with READ and link appropriately to Security Module

11

ITGSS Investment Module

Investment Forms Currently Available• Investment Review of EPA Information Resources

• System Life Cycle (SLC) Checklist

• Enterprise Architecture

Planned Enhancements • Integrate with ECMS (Enterprise Content Management System) for

workflows that solidify the investment process.

• Dashboard reports to manage investments

ITGSS Investment Module allows System Owners and IMOs the ability to manage their CPIC Lite investments using electronic forms.

12

Current ITGSS Architecture

ITGSS User

Oracle Internet Directory (OID)

READ

Database

Single Sign-On Server

Single Sign-On Server

ASSERTASSERT

PatchLinkPatchLink

ITGSS Database

Public READPublic READ

SSO

ASSERT User

PatchLink User

BindView User

Single Sign-On (SSO)

BindView Login ID/Password

PatchLink Login ID/Password

ASSERT Login ID/Password

ASSERT Database

ColdFusion

Active Directory

.NET/SQL Server

.NET/SQL Server

Active Directory

LDAP

ITGSS/READ Portal

BindView

Public READ User

13

Current ITGSS Architecture

There is no single sign-on across the ITGSS, ASSERT, PatchLink and BindView systems

There is redundancy and duplication of content across ITGSS, ASSERT, PatchLink, and BindView systems

There is no information sharing/exchange mechanism among ITGSS, ASSERT, PatchLink and BindView systems

There is no unified web interface across the systems.

This is a very heterogeneous system with various technologies and platforms. The following is a summary of the drawbacks of the current architecture.

14

Conceptual ITGSS Architecture

Internet / Intranet

Aggregation | Dashboard | Personalization | SSO

READ

IdentityManagement

BusinessIntelligence

E-FormEngine

ContentManagement

ITGSS Portal InfrastructureITGSS Portal Infrastructure

EPA PortalEPA Portal

ITGSS PortletsITGSS Portlets

ITGSS Tool KitITGSS Tool Kit

IT Assets & ComplianceIT Assets & Compliance

FISMAFIPS OMBNIST800

IMOISO

SystemOwner General

Users

BindView PatchLinkSysCat

eCPICASSERT

Web ServicesWeb Services

Monitor and ReportMonitor and Report

ConnectConnect

READ ASSERT BindView PatchLink SysCat eCPIC

Hardware Software

IntegrationIntegration

C&A

C&A ART

FEA BRM

15

Operational ITGSS Architecture

ITGSS User

ITGSS Portal ServerITGSS Portal ServerSingle Sign-On Server

Single Sign-On Server

UDDI RegistryUDDI Registry

ASSERTASSERT BindViewBindViewPatchLinkPatchLink

READ/C&A/Investments Applications

READ/C&A/Investments Applications

Data Synchronization

SSO

ASSERT User

PatchLink User

BindView User

Single Sign-On (SSO)

Web Services

SysCatSysCat eCPICeCPIC

Web Services

BO ServerBO Server

Deep Integration

Web Services

ITGSS E-Form Server

ITGSS E-Form Server

Content Server

Content Server

ITGSS/READ/C&A

Database

Public READ User

READ

(Public Access)

READ

(Public Access)READ

Database

16

Operational ITGSS Architecture

Information exchange and synchronization via Web Services among ITGSS, ASSERT, BindView, SysCat, eCPIC, and PatchLink Systems

Single Sign-On (SSO) capability for all ITGSS systems Enterprise Content Management System (ECMS) for workflow

capabilities and electronic document management.

The following describes the advantages of the target operational architecture.

17

Contact Information

ITGSS• Laurie Ford

202-566-1320 ford.laurie@epa.gov

• James Maas

202-566-2778 maas.james@epa.gov

READ Module• Cindy Dickinson

202-566-1078 dickinson.cynthia@epamail.epa.gov

• John Harman

202-566-0745 harman.john@epa.gov

Thank You!