1 / 166

Federal Student Aid

Federal Student Aid. Software Developers Conference August 16, 2007. WELCOME. Katie Blot. Target State Vision. TSV Update: Business View. TSV Update: Technology View. Outcomes.

clarer
Download Presentation

Federal Student Aid

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Federal Student Aid Software Developers Conference August 16, 2007

  2. WELCOME Katie Blot

  3. Target State Vision

  4. TSV Update: Business View

  5. TSV Update: Technology View

  6. Outcomes • Improved alignment of systems with Federal Student Aid business processes, and reduced redundancy and complexity of interfaces among systems • Improved consistency and quality of Person and Organization data through implementation of master data management • Reduced redundancy and duplication of effort through use of shared assets (e.g., Security Architecture, Enterprise Portal, etc.) • Improved security and streamlined processes for gaining access to Federal Student Aid systems and services • Improved timeliness and accuracy of data through reengineered process flows and implementation of data standards

  7. Progress to Date • Three Key Areas • Infrastructure • Application Development • Supporting Processes

  8. Infrastructure • Enterprise Portal • Technical Proof of Concept Complete • Infrastructure Deployment in Process • Will Support Integrated Partner Management User Interface • Next Step: Internal “Employee View” • Enterprise Services Bus • Evolution of EAI • Technical Proof of Concept Complete • Infrastructure Deployment in Process • Will Support Integrated Partner Management Data Interfaces • Security Architecture • Deployed, Currently Supporting Nine Applications • Will Support New Participation Management Process • On the Horizon • Gateway

  9. Application Development • Integrated Partner Management (IPM) • Requirements underway (near completion) • Infrastructure deployment in process • Operations and Maintenance contract awarded • On the Horizon • Person Data Management, Integrated Student View, Aid History Management, Application Processing, Collections

  10. Key Supporting Processes • Requirements Standards • Development Standards • Technical Standards • Enterprise Data Management

  11. Federal Student Aid Enterprise Development Support Services

  12. Need for Change in How We Deliver Development Services Federal Student Aid has: • Grown its technical and process knowledge • Made significant progress in establishing integrated processes for development projects • Recognized a need for changes in the management of development projects that help achieve better results

  13. What is the Enterprise Development Support Services (EDSS) Model? • EDSS represents a significant change in the way Federal Student Aid delivers its development services • EDSS development projects will rely on and augment the components of the Federal Student Aid’s Target State Vision • The EDSS promotes, enables and facilitates technical and business integration • EDSS will result in higher quality and greater flexibility for Federal Student Aid in achieving its Target State Vision

  14. Objective of the EDSS • Increase Product Quality • Facilitates Enterprise Standardization and Integration • Increase Competitive Environment • Will spur innovation • Induce greater price competition • Result in better products • Increases Development Options for Federal Student Aid • Greater flexibility to use multiple vendors • Greater capacity to mitigate “single vendor” environment • Increased ability to transition • Provide for redundancy in service providers

  15. Enterprise Development Support Services (EDSS) Model

  16. Agenda Welcome 08:30 am – 09:00 am Security 09:00 am – 10:00 am Break 10:00 am – 10:15 am Integrated Partner Management 10:15am – 11:15 am NSLDS Update 11:15 am – 11:45 am Lunch on your own 11:45 am – 01:30 pm Common Origination Disbursement Update 01:30 pm – 02:30 pm Central Processing System Update 02:30 pm – 03:30 pm Break 03:30 pm – 03:45 pm Federal Update 03:45 pm – 04:45 pm Round Table 04:45 pm – 05:00 pm Closing 05:00 pm – 05:15 pm

  17. Contact Information Katie Blot Chief Information Officer Phone: 202-377-3528 Email: Katie.Blot@ed.gov

  18. SECURITY Bob Ingwalson

  19. We Implement Security Based on Cost vs. Risk

  20. Defense in Depth • Policy • Personnel Security • Physical Security • Network Security • Host based Security • Application Security

  21. Application Development Security • The Bad • The Ugly • The Good

  22. The Bad -- Malicious Threat Application Development Security • Know the Threat • OWASP (http://www.owasp.org) • SANS Top 20 (www.sans.org/top20) • National Vulnerability Database (http://nvd.nist.gov) • cgisecurity (http//www.cgisecurity.com)

  23. The Bad -- Malicious Threat Application Development Security Know the Threat – Hmmm?

  24. The Bad -- Malicious Threat Application Development Security • Cross Site Scripting • What is Cross Site Scripting and how is it used? • Prevention

  25. The Bad -- Malicious Threat Application Development Security • SQL Injection • What is SQL Injection and how is it used? • Prevention

  26. The Bad -- Malicious Threat Application Development Security • Cookie Poisoning • What is Cookie Poisoning and how is it used? • Prevention

  27. The Ugly – The Innocent User Application Development Security • Code Mistakes • Federal Student Aid has had them • Results • Prevention

  28. The Ugly – The Innocent User Application Development Security • Untrained Users • Examples and outcomes • Provide the training • Rules of Behavior • Annual refresher training

  29. The Ugly – The Innocent User Application Development Security • Keyloggers • What is it and how does it exploit a Web Application? • It doesn’t affect you right? – think again! • Some things to do about Keylogger activity

  30. The Good – Good Development Application Development Security • Implement Prevention in Code • Train Users • Thorough Testing • Use of Tools

  31. The Good – Good Development Application Development Security

  32. Contact Information Name: Robert Ingwalson Chief Security Officer Chief Information Office Phone: 202-377-3563 Email: Robert.Ingwalson@ed.gov

  33. BREAK

  34. INTEGRATED PARTNER MANAGEMENT (IPM) Susan Stallard

  35. Agenda • IPM Overview • Implementation Schedule • Where We Are: Requirements • What This Means to Our Partners • Workbench Demonstration

  36. IPM: Overview • New system that consolidates business functions currently being provided by multiple systems: • Lender Application Process (LAP) • Electronic Application (eAPP) • eZ-Audit • Participation Management portion of SAIG • Post Secondary Education Participant System (PEPS) • Electronic Records Management (ERM) • Technology modernization with associated benefits: • Single sign-on • Consistent user experience • Ease of use and navigation • Increased Security • Implemented in three releases with increasing functionality to reduce and/or eliminate risks

  37. Implementation Timeline Release 1:April – June 2008 • Implement Partner Eligibility & Enrollment • Legacy systems retired: • eAPP • Participation Management • Lender Application (LAP) • Electronic Records Management (ERM) Release 2:July – September 2008 • Implement Financial Statements and Compliance Audits submission • Legacy system retired: • eZ-Audit Release 3: January – March 2009 • Implement Partner Oversight functions • Legacy system retired: • Post Secondary Education Participant System (PEPS)

  38. Where We Are: Requirements Requirements Conducted (January – July 2007) • Series of three Joint Application Design (JAD) sessions held with Federal Student Aid staff to gather requirements (January to April 2007) • Extensive use of prototypes to assist in identifying and capturing requirements • Additional breakout JAD sessions and meetings held with Federal Student Aid Subject Matter Experts to capture requirements for specialized areas such as foreign schools and financial partners • Data Requirements (Data Management & Migration) • Technical Requirements

  39. What This Means to Our Partners • Provides a single entry point to sign up for services and maintain eligibility for the Title IV program • Streamlines and simplifies through automation the process for communicating required notifications (paperless environment) to/from Federal Student Aid • Provides Partners with on-line access to school status and eligibility information and proactive notifications • Provides the capability for e-Signature on required applications and forms to establish enrollment and maintain eligibility • Increases usage of the paperless environment in the processing of compliance audit and financial statement submissions

  40. Key Workbench Concepts • IPM Workbench will provide the foundation for single sign-on to Federal Student Aid systems • Participation Management Services are consolidated with User Management • Complex structures allow corporate entities to manage their subsidiaries with a single user experience • Affiliations provide a mechanism to manage the data and features granted to servicing partners

  41. Partner Workbench Demonstration

  42. Partner Workbench Homepage Header Right Navigation Left Navigation Footer

  43. IPM User/Partner Management User Profile Management – for user contact information

  44. IPM User/Partner Management Security Architecture – debarment check, default loan check, password management and system access. • Participation Management – allocation of services • Concept of Affiliation: • Partner Users added via Partner Management • Schools and Lenders add Servicer affiliations • Servicers gain IPM identity and access • Servicers’ DPA manages their own pool of users

  45. Contact Information

  46. NSLDS UPDATE Pam Eliadis

  47. NSLDS Access • Status of NSLDS user reinstatement • Future process for enrollment • Potential tools for oversight

More Related