1 / 193

Federal Student Aid

This conference provides updates on business and technology views, outcomes, and progress to date in improving systems, data management, security, and processes for Federal Student Aid. The conference agenda includes sessions on security, integrated partner management, NSLDS update, common origination disbursement update, central processing system update, federal update, and round table discussions.

jstec
Download Presentation

Federal Student Aid

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Federal Student Aid Software Developers Conference August 16, 2007

  2. WELCOME Katie Blot

  3. Target State Vision

  4. TSV Update: Business View

  5. TSV Update: Technology View

  6. Outcomes • Improved alignment of systems with Federal Student Aid business processes, and reduced redundancy and complexity of interfaces among systems • Improved consistency and quality of Person and Organization data through implementation of master data management • Reduced redundancy and duplication of effort through use of shared assets (e.g., Security Architecture, Enterprise Portal, etc.) • Improved security and streamlined processes for gaining access to Federal Student Aid systems and services • Improved timeliness and accuracy of data through reengineered process flows and implementation of data standards

  7. Progress to Date • Three Key Areas • Infrastructure • Application Development • Supporting Processes

  8. Infrastructure • Enterprise Portal • Technical Proof of Concept Complete • Infrastructure Deployment in Process • Will Support Integrated Partner Management User Interface • Next Step: Internal “Employee View” • Enterprise Services Bus • Evolution of EAI • Technical Proof of Concept Complete • Infrastructure Deployment in Process • Will Support Integrated Partner Management Data Interfaces • Security Architecture • Deployed, Currently Supporting Nine Applications • Will Support New Participation Management Process • On the Horizon • Gateway

  9. Application Development • Integrated Partner Management (IPM) • Requirements underway (near completion) • Infrastructure deployment in process • Operations and Maintenance contract awarded • On the Horizon • Person Data Management, Integrated Student View, Aid History Management, Application Processing, Collections

  10. Key Supporting Processes • Requirements Standards • Development Standards • Technical Standards • Enterprise Data Management

  11. Federal Student Aid Enterprise Development Support Services

  12. Need for Change in How We Deliver Development Services Federal Student Aid has: • Grown its technical and process knowledge • Made significant progress in establishing integrated processes for development projects • Recognized a need for changes in the management of development projects that help achieve better results

  13. Enterprise Development Support Services (EDSS) Model

  14. Agenda Welcome 08:30 am – 09:00 am Security 09:00 am – 10:00 am Break 10:00 am – 10:15 am Integrated Partner Management 10:15am – 11:15 am NSLDS Update 11:15 am – 11:45 am Lunch on your own 11:45 am – 01:30 pm Common Origination Disbursement Update 01:30 pm – 02:30 pm Central Processing System Update 02:30 pm – 03:30 pm Break 03:30 pm – 03:45 pm Federal Update 03:45 pm – 04:45 pm Round Table 04:45 pm – 05:00 pm Closing 05:00 pm – 05:15 pm

  15. Contact Information Katie Blot Chief Information Officer Phone: 202-377-3528 Email: Katie.Blot@ed.gov

  16. SECURITY Bob Ingwalson

  17. We Implement Security Based on Cost vs. Risk

  18. Defense in Depth • Policy • Personnel Security • Physical Security • Network Security • Host based Security • Application Security

  19. Application Development Security • The Bad • The Ugly • The Good

  20. The Bad -- Malicious Threat Application Development Security • Know the Threat • OWASP (http://www.owasp.org) • SANS Top 20 (www.sans.org/top20) • National Vulnerability Database (http://nvd.nist.gov) • cgisecurity (http//www.cgisecurity.com)

  21. The Bad -- Malicious Threat Application Development Security Know the Threat – Hmmm?

  22. The Bad -- Malicious Threat Application Development Security • Cross Site Scripting • What is Cross Site Scripting and how is it used? • Prevention

  23. The Bad -- Malicious Threat Application Development Security • SQL Injection • What is SQL Injection and how is it used? • Prevention

  24. The Bad -- Malicious Threat Application Development Security • Cookie Poisoning • What is Cookie Poisoning and how is it used? • Prevention

  25. The Ugly – The Innocent User Application Development Security • Code Mistakes • Federal Student Aid has had them • Results • Prevention

  26. The Ugly – The Innocent User Application Development Security • Untrained Users • Examples and outcomes • Provide the training • Rules of Behavior • Annual refresher training

  27. The Ugly – The Innocent User Application Development Security • Keyloggers • What is it and how does it exploit a Web Application? • It doesn’t affect you right? – think again! • Some things to do about Keylogger activity

  28. The Good – Good Development Application Development Security • Implement Prevention in Code • Train Users • Thorough Testing • Use of Tools

  29. The Good – Good Development Application Development Security

  30. Contact Information Name: Robert Ingwalson Chief Security Officer Chief Information Office Phone: 202-377-3563 Email: Robert.Ingwalson@ed.gov

  31. BREAK

  32. INTEGRATED PARTNER MANAGEMENT (IPM) Susan Stallard Joseph Policella, Perot Systems

  33. Agenda • IPM Overview • Implementation Schedule • Where We Are: Requirements • What This Means to Our Partners • Workbench Demonstration

  34. IPM: Overview • New system that consolidates business functions currently being provided by multiple systems: • Lender Application Process (LAP) • Electronic Application (eAPP) • eZ-Audit • Participation Management portion of SAIG • Post Secondary Education Participant System (PEPS) • Electronic Records Management (ERM) • Technology modernization with associated benefits: • Single sign-on • Consistent user experience • Ease of use and navigation • Increased Security • Implemented in three releases with increasing functionality to reduce and/or eliminate risks

  35. Implementation Timeline Release 1:April – June 2008 • Implement Partner Eligibility & Enrollment • Legacy systems retired: • eAPP • Participation Management • Lender Application (LAP) • Electronic Records Management (ERM) Release 2:July – September 2008 • Implement Financial Statements and Compliance Audits submission • Legacy system retired: • eZ-Audit Release 3: January – March 2009 • Implement Partner Oversight functions • Legacy system retired: • Post Secondary Education Participant System (PEPS)

  36. Where We Are: Requirements Requirements Conducted (January – July 2007) • Series of three Joint Application Design (JAD) sessions held with Federal Student Aid staff to gather requirements (January to April 2007) • Extensive use of prototypes to assist in identifying and capturing requirements • Additional breakout JAD sessions and meetings held with Federal Student Aid Subject Matter Experts to capture requirements for specialized areas such as foreign schools and financial partners • Data Requirements (Data Management & Migration) • Technical Requirements

  37. What This Means to Our Partners • Provides a single entry point to sign up for services and maintain eligibility for the Title IV program • Streamlines and simplifies through automation the process for communicating required notifications (paperless environment) to/from Federal Student Aid • Provides Partners with on-line access to school status and eligibility information and proactive notifications • Provides the capability for e-Signature on required applications and forms to establish enrollment and maintain eligibility • Increases usage of the paperless environment in the processing of compliance audit and financial statement submissions

  38. Key Workbench Concepts • IPM Workbench will provide the foundation for single sign-on to Federal Student Aid systems • Participation Management Services are consolidated with User Management • Complex structures allow corporate entities to manage their subsidiaries with a single user experience • Affiliations provide a mechanism to manage the data and features granted to servicing partners

  39. Partner Workbench Demonstration

  40. Partner Workbench Homepage Header Right Navigation Left Navigation Footer

  41. IPM User/Partner Management User Profile Management – for user contact information

  42. IPM User/Partner Management Security Architecture – debarment check, default loan check, password management and system access. • Participation Management – allocation of services • Concept of Affiliation: • Partner Users added via Partner Management • Schools and Lenders add Servicer affiliations • Servicers gain IPM identity and access • Servicers’ DPA manages their own pool of users

  43. Contact Information

  44. NSLDS UPDATE Pam Eliadis

  45. NSLDS Access • Status of NSLDS user reinstatement • Future process for enrollment • Potential tools for oversight

  46. Data Security and Data Exchange • Dear Colleague Letter GEN 05-06 • NSLDS may not be used for marketing purposes • Student/Borrower’s permission is required • Reminds users of Federal Student Aid’s enforcement obligation

More Related