1 / 20

UI INTEGRITY PROFESSIONAL DEVELOPMENT CONFERENCE

UI INTEGRITY PROFESSIONAL DEVELOPMENT CONFERENCE. Contingency Plans A Federal Perspective. Contingency Plans A Federal Perspective. Paul Bankes IT Specialist U.S. Department of Labor bankes.paul@dol.gov. Contingency Plans A Federal Perspective. Synopsis History Lesson

egerton
Download Presentation

UI INTEGRITY PROFESSIONAL DEVELOPMENT CONFERENCE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UI INTEGRITY PROFESSIONALDEVELOPMENT CONFERENCE Contingency Plans A Federal Perspective

  2. Contingency PlansA Federal Perspective Paul Bankes IT Specialist U.S. Department of Labor bankes.paul@dol.gov

  3. Contingency PlansA Federal Perspective • Synopsis • History Lesson • DOL OIG Report • Risk vs Maturity Table • Request for Annual Update – status. • State Quality Service Plan • Appendix IV • Assurance Signature Page • UIPL 19-10 • Supplemental Budget Request.

  4. Contingency PlansA Federal Perspective • Pre-Y2K • Automation Grants ($20M) • Supplemental Budget Requests ($3+M) UI Program Funding • 2000 - Government Information Security Reform Act (GISRA), Public Law 106-398 • 2002 - Federal Information Security Management Act (FISMA), 44 U.S.C. § 3541 • 2002 – OIG IT Security Audit

  5. Contingency PlansA Federal Perspective • IT / IS SBRs • SBRs (2004 – 2005) • 2004 – IT $5,553,448 (72) • 2005s – IT $11,385,494; IS $738,392 (106) Total: $17,677,334 • OIG Audits (2003 – 2004)

  6. Contingency PlansA Federal Perspective

  7. Contingency PlansA Federal Perspective • 2008: OIG Report (23-08-004-03-315) on SWA IT Contingency Plans • FINDING: While ETA required state workforce agencies (SWAs) to develop and implement IT contingency plans as a condition of their grant agreements, it did not verify that the plans were developed or tested. • Enact a monitoring and review process to verify SWAs develop and test IT Contingency Plans necessary to sustain the UI program; and identify and address any weaknesses found in IT contingency plans.

  8. Contingency PlansA Federal Perspective • Grant Agreement? • State Quality Service Plan • Assurance signature for Disaster Recovery Plan

  9. Contingency PlansA Federal Perspective • 2009: OIG Report (23-09-002-03-315) on SWA IT Contingency Plans • FINDING: ETA did not ensure SWAs’ UI Tax and Benefit Systems’ IT Contingency Plans were reliable. • Conduct annual verification of SWAs’ IT contingency plans for existence and reliability using risk-based approaches that consider the SWAs’ contingency planning maturity and likelihood of disasters.

  10. Contingency PlansA Federal Perspective • NIST SP 800-34; “Contingency Planning Guide for Information Technology Systems”; http://csrc.nist.gov/publications/nistpubs/800-34/sp800-34.pdf • IT Security CD and Manager’s Paper • Supplied by USDOL.

  11. Contingency PlansA Federal Perspective • OIG Report (NIST1 CP Data Elements) 1National Institute of Standards and Technology

  12. Contingency PlansA Federal Perspective • NIST SP 800-34; “Contingency Planning Guide for Information Technology Systems”; http://csrc.nist.gov/publications/nistpubs/800-34/sp800-34.pdf • CD – supplied by USDOL. • State Quality Service Plan (SQSP) • 2009 Changes (Appendix IV) • 2009 IT Security SBR • IT CP added

  13. Contingency PlansA Federal Perspective Low Maturity High Maturity 1st High Risk SBR 2nd Low Risk

  14. Contingency PlansA Federal Perspective • State Quality Service Plan (SQSP) • (APPENDIX IV) – “INFORMATION TECHNOLOGY SECURITY GUIDELINES” • IT Contingency Plan, • System Security Plan, and • Risk Assessment • Templates (NIST Guidance)

  15. Contingency PlansA Federal Perspective • State Quality Service Plan (2011) • By signing the SQSP Signature Page, a state certifies that it will comply with the assurance listed in ET Handbook 336, 18th Edition, Change 2, and that the state will institute plans or measures to comply with the requirements.

  16. Contingency PlansA Federal Perspective • UIPL 19-10 • Unemployment Insurance (UI) Fiscal Year (FY) 2010 Supplemental Funding Opportunities to Improve UI Information Technology (IT) Contingency Plans and UI IT Security • $150,000 (CP and IV&V) • Due May 14, 2010

  17. Contingency PlansA Federal Perspective • UI IT Contingency Plan • SWAs must address all the missing key elements in their UI IT Contingency Plan as reported by the OIG • SWAs must utilize the guidelines provided in NIST SP 800-34 to develop the UI IT Contingency Plan; • The UI IT Contingency Plan IV&V must use the guidelines provided in the NIST SP 800-34 to evaluate and certify the UI IT Contingency Plan; and • SWAs must submit a copy of the IV&V certification report to their respective RO upon completion.

  18. Contingency PlansA Federal Perspective • Florida IT Dir. paraphrase • “The SBR process has built a security fortress for UI in the State of Florida” • IT / IS / CP SBRs • SBRs (2004 – 2009) • 2004 – IT $5,553,448 (72) • 2005s – IT $11,385,494; • IS $738,392 (106) • 2006s – IT $8,797,185 (112) • 2007 – IT $6,008,840 (79) • 2009 – IT/CP $9,378,904 (96) Total: $41,862,263 (465)

  19. Contingency PlansA Federal Perspective • “Preventing, detecting and recovering overpayments are top priorities for Unemployment Insurance (UI) Program administrators”

  20. Contingency PlansA Federal Perspective • The year 2010 marks the 75th Anniversary of the UI Program. • UI has advanced • 1935 “Paper and pencil” • 2010 “High Speed Automation” • If your current UI system suffers a catastrophic failure; is your response: • 1935 or • 2010 or • 1934?

More Related