1 / 9

EFCOG Annual Meeting

EFCOG Annual Meeting. Fred Catoe (IM-32) U.S. Department of Energy. Project Objectives. Achieve control and security objectives of HSPD 12 and FIPS 201 Meet HSPD 12 deadlines June 27, 2005 – Implementation Plan August 27, 2005 – Additional system recommendations for HSPD 12

odele
Download Presentation

EFCOG Annual Meeting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EFCOG Annual Meeting Fred Catoe (IM-32) U.S. Department of Energy

  2. Project Objectives • Achieve control and security objectives of HSPD 12 and FIPS 201 • Meet HSPD 12 deadlines • June 27, 2005 – Implementation Plan • August 27, 2005 – Additional system recommendations for HSPD 12 • October 27, 2005 – Compliance with PIV I • October 2006 – Compliance with PIV II • September 30, 2007 – Background checks for current employees & contractors • Successfully integrate into DOE environment at selected sites for logical and physical security • Engineer compliant solution • ACTD approach - limited deployment (10% of DOE population) • Full deployment (based on validated cost & technical models) • Ensure compliance with HSPD 12 and FIPS 201 privacy requirements

  3. Provides standard infrastructure access across the corporation Provides a corporate solution for Identity Management (IdM) and credentialing Provides a cost savings and cost avoidance over time based on results from other agencies Consolidates physical access control systems (PACS) Improves security in disk-less computing environment Reduces PKI costs by moving from 40+ PKIs to an SSP PKI per OMB M-05-05 Reduces Help Desk costs Improves compliance with Federal mandates Enables future functionality: E-Signature E-Authentication Automated digital forms Single Sign-On (SSO) Project Benefits Not just an unfunded mandate – project is based on demonstrated business benefits

  4. Coordinated Effort

  5. DOE Methodology • Acquisition Lifecycle Management complimented by a systems engineering approach • Staff Project Office with government and contractor Subject Matter Experts (SMEs) possessing technical and deployment experience with identified technologies • Use ACTD type approach based on 10% of DOE population • Adjust as required based on lessons learned • Use this approach to validate cost and technical models • Leverage other agencies lessons learned and best practices • Implementation of functionally equivalent card systems has been completed and is under way at several Federal agencies • Memorandum of Understanding (MOU) between agencies for information and infrastructure sharing as appropriate • System procurement experiences, including Analysis of Alternatives (AoA) (government and department wide) We have a running head-start and HSPD-12 milestones are achievable

  6. Systems Engineering • System engineering allows you to identify requirements and test them against the identified alternatives • Meets OMB requirement for Requirements Traceability Matrix • This type of approach is iterative, allowing management of each life cycle phase • You can always tell where you are in the process, and what still has to be done • Approach successfully completed GAO audit & Congressional review • Controls costs – minimizes rework by getting right 1st time • Enterprise Architecture – identifies components and dependencies • Best practice – viewed across government as most effective approach • Proven repeatable for full deployment Based on validated Department requirements resulting in integrated repeatable process capable of refinement as required

  7. Integrated Project Plan • Organizational • Resource • Scope • Requirements • Quality • Schedule • Cost • Communications • Acquisition • Risk • Configuration • Training • Security Framework for project management of the following functions: Structured & detailed approach to management of project in line with industry and Government best practices

  8. What do we need to do? • Submit Implementation Plan 6/27/05 • Provide list of other potential uses of FIPS Standard within DOE 8/27/05 • Comply with FIPS 201, Part 1 10/27/05 • Satisfy control objectives of the standard • Adopt and accredit a registration process • Include language implementing the standard in applicable contracts • Complete the privacy requirements • Comply with FIPS 201, Part 2 10/27/06 • Technical requirements • Credential issuance • Credential authentication • Identity verification – Sep 30, 2007 identity proofing on record for all current employees and contractors • System access

  9. Summary • Integrate solution across the Department to achieve key goals: • Meet Secretary’s objective and be recognized leader in HSPD-12 compliance and technology integration • Meet the control and security objectives of HSPD-12 • Integrated solution: • Improves the security and business process • Provides Return on Investment (ROI) • Timelines are challenging and require immediate attention to meet both near term and long term goals and objectives • Leveraging other Department/Agency experiences and lessons learned will be beneficial to DOE Cannot afford to do this more than once

More Related