State of CDC’s Systems Portfolio and New Imperatives
description
Transcript of State of CDC’s Systems Portfolio and New Imperatives
State of CDC’s Systems Portfolio and New Imperatives
Jim SeligmanChief Information Officer
CDC Information Systems• Historical & Current Systems Profile
– Investment Trends– Portfolio Composition
• New Imperatives and Influences– HSPD-12 Smart Card enablement– Portfolio Review & OMB Tech Stat– Shared Software and Data Services
FY 8
2FY
83
FY 8
4FY
85
FY 8
6FY
87
FY 8
8FY
89
FY 9
0FY
91
FY 9
2FY
93
FY 9
4FY
95
FY 9
6FY
97
FY 9
8FY
99
FY 0
0FY
01
FY 0
2FY
03
FY 0
4FY
05
FY 0
6FY
07
FY 0
8FY
09
FY 1
0FY
11
FY 1
2
$0
$50
$100
$150
$200
$250
$300
$350
CDC IT Expenditures
IT Intramural IT Extramural
$ M
illion
s
CDC FY 2012 IT Investment CompositionInvestment Level Total Value Average Cost
Major (6) $137.6M $22.9M
Tactical (12) $64.9 M $5.4M
Supporting (109) $101.7M $0.9M
Extramural (7) $161.2M $23.0M
Total FY 2012 (134) $465.4M $3.5M
CDC FY 2012 Investment Jurisdiction
Series1$0
$50
$100
$150
$200
$250
$300
$350
Intramural$304 M
Extramural$161M
66%
34%
6
Number of Systems Trending
FY 2005 FY 2006 FY 2007 FY 2008 FY 2009 FY 20100
20406080
100120140160180200
0
100
200
300
400
500
600
700Systems Portfolio
New Systems Retired Systems Portfolio
Fiscal Year
New
or
Retir
ed S
yste
ms
Port
folio
Siz
e
IT Systems by OrganizationCenter/Office # Systems
FY 2012 Planned
Budget ($M) Cost per System
($M) CGH 7 $0.8 $0.1 NIOSH 8 $0.9 $0.1 OD 153 $45.4 $0.3 OID 174 $71.1 $0.4 ONDIEH 135 $23.3 $0.2 OPHPR 26 $13.0 $0.5 OSELS 55 $65.9 $1.2 OSTLTS 2 $0.1 $0.1 Total 560 $220.5 $0.4 Inclusion/Exclusion Criteria Include intramural spending only Exclude IT infrastructure Exclude "Not Updated," "Planning," or "Planned Retirement" systems
8
CDC Systems by Mission Criticality
High Criticality Systems
Medium Criticality
Low Criticality
132
299
191
FY 2012 Systems by Lifecycle Phase
21847%247
53%Development & Modern-izationOperations & Main-tenance
$ in Millions
Federal IT Dashboard - HHS
Federal IT Dashboard - CDC
New Imperatives
Identity & Access Management Program
• OMB Requirements and Deadlines• CDC Milestones• Application Assessment• Application Smart Card Enablement
Draft - For Discussion Purposes Only 13
OMB Requirements and DeadlinesOMB Feb 3, 2011 Directive • Fund HSPD-12 credential issuance using existing resources
• FY 10 - all new systems must be enabled to accept HSPD-12 credentials for authenticating Federal employees and contractors
• FY 11 - agencies must use system technology refreshment funding (DME or O&M) to upgrade existing systems to use HSPD-12 credentials
– CDC policy to be issued in March 2011
• FY 12 - agencies shall not spend DME or O&M technology refreshment funding on systems unless they use HSPD-12 credentials to authenticate Federal employees and contractors
14
FY 11 Timeline for Logical Access Controls
Logical Access Plan Milestone
Establish Unified Helpdesk Plan
OCT 2010 – DEC 2010Q1
JAN 2011 – MAR 2011Q2
JUL 2011 – SEP 2011Q4
APR 2011 – JUN 2011Q3
Complete ITSO Middleware /
Card Reader Pilot and
Documentation
Smart Card access via CITGO
available
WS-3
Develop IWA PKI Enablement Application
Guides (.NET, JAVA)
WS-5
Distribute Desktop Readers & Middleware to
GOE Users
WS-3
Complete Testing Smart Card Access for Webmail
Test and Standardize
Blackberry and Bluetooth Equipment
WS-4
WS-3
WS-15
Smart Card Maintenance
Deployment Plan
WS-15
WS-3
E-Auth Go Live Phase 2 (Level 2
& 3)
WS-14
Start SDN Migration
WS-14
Start PKI Enablement Pilot
2
WS-5
E-Auth Go Live Phase 1 (Level 1)
WS-14
15
Start PKI Enablement Pilot
1
WS-5
Application Assessment Survey
• CDC Application Assessment for Smart Card Enablement Survey
• Total Number of Responses: 424 (~75% responded)
Draft - For Discussion Purposes Only 16
Application Assessment Survey
Draft - For Discussion Purposes Only 17
218180
26
Integrated Windows Authentication
Yes
No
Unsure
Application Assessment Survey
Draft - For Discussion Purposes Only 18
25 41
356
Application Type
Standard Commercial Package
Highly Customized Commercial Package
Custom Developed Application
Application Assessment Survey
Draft - For Discussion Purposes Only 19
126
1315
66 3
Application Language
.NetJavaAccess/SQLSASPowerBuilderFoxpro
Application Assessment Survey
Draft - For Discussion Purposes Only 20
0
20
40
60
80
100
120
140
1 to 10 10 to 100 100 to 1000
1000 to 5000
Greater than 5000
102
75 69
24
128
Total User Population
HSPD-12 Logical Access Approach• HHS Enterprise Applications (e.g. CapHR, EWITS, LMS)
– Plan to use Sun Identity and Access Manager-based solution
• CDC Capabilities currently using Integrated Windows Authentication (IWA)
– Built-in, requires no additional investment
– Leverages existing investment and infrastructure
– Ties in with CDC Active Directory that is already PKI enabled for Smart Card authentication
• Authentication upgrades will require focused investment over time
– Microsoft .NET applications can easily upgrade to Integrated Windows Authentication
– JAVA/J2EE provides available, mature, bolt-on modules
– Develop a set of generic authentication modules shared across systems
Draft - For Discussion Purposes Only 21
PKI-Enabling Technology CategoriesCategory A – IWA-type applications or with built-in PKI support
Category B – Applications that will use Sun Identity Suite
Category C – Applications that will use PKI-enablement libraries
Category D – Applications/Systems where access is limited by “PKI-enabled Vault” i.e. need a credential to login to the server
Category E – Applications where the vendor provides upgrades to PKI-enable
Category F – Applications that will be replaced (Not PKI-enabled in favor of new application)
Category G – Applications that will not be upgraded (requires justification)
Draft - For Discussion Purposes Only 22
Logical Access Next Steps• Integrated Windows Authentication Guides developed
for .Net and Java applications, posted on IRGC SharePoint site
• HSPD-12 PMO meeting with major CDC application groups
• Develop additional guidance documents to leverage Integrated Windows Authentication
• Develop tests to verify HSPD-12 compliance
• Establish user groups to identify impacts and requirements
• Conduct pilots and develop prototypes
Draft - For Discussion Purposes Only 23
CDC Systems Review• Number of systems?
• Spending on systems?
• Redundancy/duplication?
• System development success: on-time, on-scope, on-budget?
• System performance success measures– meeting original intent– achieving performance measures– scale of usage and content– customer satisfaction
Shared Software and Data Services• Developing a registry of shared software and data services
– Service name– Service description– Contact– Lifecycle stage– Information location (URL)– Authentication required– Standards supported
• Compliment to Enterprise Systems Catalog & EA Reference Guide
• Resource for developers - shared code, objects, APIs, data resources
Some Candidate Shared Services at CDC• WONDER
– 11 Databases of Population, Vital Statistics, and Morbidity– XML-based API
• Security Services (SDN and IAM.Net Services)– Identification, Access, and Credentialing Services
• PHIN Services– PHIN-MS (Messaging), PHINDIR (Directory), PHIN-VADS (Vocabulary)
• GIS Mapping/Geospatial Services• People Repository (other HR Services)
Questions?