OPENING
AND ANNOUNCEMENTS
Dan Matthew, CIO Council Vice Chair opened the meeting at
1:10pm.
Dan welcomed Linda
Springer, Vice Chair, Chief Financial Officers Council (CFOC).
Linda stated that
Karen Evans has visited with the CFOC to build and promote
a partnership between the CIOC’s and CFOC’s, and
Linda would like to do the same with the CIOC. This relationship
would foster a way to achieve goals and timely reporting in
both programs. It is requested that the CIO’s and CFO’s
take a look at the 6 Lines of Business projects:
- Financial Management
- Data and Statistics
- Human Resources
- Monetary Benefits
- Criminal Investigations
- Public Health
Monitoring
The Councils need
to define requirements and standardize the 6 core functions.
There is a commonality among the functions and preparing to
do joint efforts may get servicing and buying power with vendors.
The CFOC will stay engaged.
M-04-05 clarification
of pass back language to grant-making agencies
M-04-05 memo: “Clarification
of Pass back Language to Grant-Making Agencies” was
discussed. Agencies have requested clarification on what direction
to take on current development of grants management systems
and the impact on Grants.gov in developing a government-wide
solution.
The pass back language
directed agencies to use the APPLY and FIND solution. Agencies
are to use APPLY function for grants programs; the back office
piece needs to be taken out. All agencies are to use the FIND
application for Grants.gov. It would be great for vendors/citizens
to FIND grants and then APPLY for them.
Funds are to be
designated for migrating grants management systems and/or
applications to the common solution developed by Grants.gov
under OMB direction.
For Fiscal Year
04 agencies should complete the accountability and auditing
by November 15, 2004. In the pass this was due by January
15th and only 8 agencies met the timeframe. The bottom line
is that agencies should put in their new financial system
if they are to go on line before September 15th. CFO’s
to work as counterparts on these initiatives.
Continue to work
with JFMIP as it reviews the vendors.
Question:
Agencies are struggling
with payroll, HR, financial and budgeting. How are agencies
going to integrate these initiatives? It appears that enterprise
architecture is not integrated.
Answer
The two should
be in harmony. Financial systems should be a part of the enterprise
architecture and it needs to be identified up front.
Statement
E-Gov and E-Pay
are looking at solutions and at the providers. If we look
at standards it may allow more flexibility.
Answer
Look at preferred
providers that can meet the need. Standardization will open
the door and drive the market to meet our needs.
Karen thanked Linda
for attending the CIOC meeting
OMB AND
E-GOV UPDATE
Next week there
will be a meeting with the budget officers on the pass-back.
Discussions will focus on multiple areas including E-Gov.
OMB has been working closely with the budget officers and
will continue to work budget issues. OMB will be calling agencies
to combine meetings.
With respect to
the FISMA reports, there will be a focus on agencies that
are furthest away from the 80% certification metric. There
has been significant attention on the PIAs this year particularly
with new systems that are collecting information on individuals.
Many of the 300s are missing PIAs. The E-Gov Act Report, due
on December 15, will be signed by Karen Evans in the next
few days. The final scorecards will be released with the budget
and will include the status scores, which have been held,
as they were considered pre-decisional. Review will begin
in the 2nd week of December.
The E-Authentication
Guidance for Federal Agencies was issued December 16, 2003.
The memo from Joshua B. Bolten, Director, and Executive Office
of the President, Office of Management and Budget memo can
be found at http://cio.gov/eauthentication/news.htm. See e-mail
dated December 19th sent from the CIO Council Support. Changes
terminology from policy to guidance.
Small Business
Paperwork Relief Act 2002, e-mail went out concerning an Interagency
Task Force. A meeting is scheduled for January 20th. There
are three purposes which are 1) make recommendations to improve
electronic dissemination of information that’s collected
under federal requirements; 2) recommend a plan for development
of interactive government-wide systems through the internet
(now called the Small Business Gateway); and 3) consider opportunities
for coordination with federal and state reporting requirements
among small businesses.
Privacy Impact
Assessment – we are working to reconcile those received.
There are discrepancies.
UPDATE
ON CHIEF INFORMATION SECURITY OFFICER’S FORUM AND LIVEWIRE
DEBRIEF
Lawrence Hale,
Deputy Director, US-CERT offered a presentation on Livewire
Debrief/Teleminder Testing. US-CERT would like to continue
the relationship that FEDCIRC had with the CIOC. Livewire
is a national security exercise involved with governments,
academia and private sector players. It test current preparedness,
business processes and communications paths by imitating a
variety of cyber activities and the government’s ability
to interact at various levels. The Department of Homeland
Security (DHS) and National Strategy to Secure Cyberspace
(NCSD) coordinate responses to cyber threats at a national
level. Everything that has been achieved was done with the
help of DHS, DOD, North Com, and NCSD. A test was performed
with a target list with contact information for 45 people
comprised of Cabinet Level CIO’s and selected agencies
involved in the telecommunications, finance and energy sectors.
The majority of the calls were successful within 30 minutes.
Of the 45 contacted, 32 agencies were successfully contacted,
9 agencies did not provide after hour contact information
and 4 agencies had after hour contact information that was
no longer valid. Web site: http://www.us-cert.gov
The Livewire Teleminder
is to let OMB have a rapid reliable way of reaching CIO’s
after hours with a consistent and specific message of urgency.
The Livewire Teleminder test was done to familiarize CIO’s
with the process and expectations from OMB.
Collaboration Groups
are:
- The Federal
Chief Information Security Officer (CISO) that will meet
quarterly to share experiences of positive and negative
program effectiveness, applications, management techniques,
challenges and to encourage the use of interoperable technologies.
FEDCIRC will provide ongoing support to ensure group viability.
- Cyber Interagency
Incident Management Group (C-IIMG) coordinates incident
responses and crisis operations in support of homeland security.
- GFIRST is a
technical forum for government and trusted incident handlers,
forensic examiners and operators to share tools, techniques,
security knowledge and incident information.
WORKFORCE
GAP ANALYSIS REPORT
It will take a
few more weeks to consolidate the survey results. The skills
assessment survey is from the Federal Government’s viewpoint.
- The average
Federal employee is a GS-13, with no private sector experience,
mobile and will retire in 10 years.
- Less than 8%
of IT project managers have security training.
E-Payroll has moved
forward with their providers and Janet Barnes is pleased.
E-Training – OPM/OMB governance structure. How is this
really going to work for the CIOC, working with the CHCO?
OPM, HUD, NRC,
and DOI are working on analytical capabilities for HR licensing.
ENTERPRISE
ARCHITECTURE MANAGEMENT MATURITY FRAMEWORK
Bob Haycock presented
Enterprise Architecture Management Maturity Framework status.
The General Accounting Office has reported that no progress
has been made. Recommends that OMB take a more active role,
and assess progress in implementing Enterprise Architecture.
Bob stated that
recommendations would be accepted and that the AIC will establish
a task force Thursday, January 15, 2004, draft a letter to
OMB, point out Enterprise Architecture, and develop a plan
that will be due back Thursday, January 22, 2004.
MEMBER
TIME
Karen Evans will
redistribute the Cyber Security Report.
Karen Evans –
Layout a process of subset A-11 and come up with a draft schedule.
ADJOURNMENT
Mr. Matthews closed the meeting at 3:00 pm.
HANDOUTS
- CIOC Meeting
Agenda January 14, 2003
- M-04-05 Memorandum
– Clarification of Passback Language to Grant-Making
Agencies
- Federal CIO
Council Architecture and Infrastructure Committee –
Enterprise Architecture Maturity Responding to GAO
- A Framework
for Assessing and Improving Enterprise Architecture Management
(Version1.1)
- Livewire Debrief/Teleminder
Testing Chief Information Security Officer’s Forum.
ACTION ITEMS:
1. Karen
Evans (OMB): Redistribute FISMA information on “DRAFT
FY03 Guidance on Annual IT Security Reports” to Council.
2. Karen
Evans (OMB): Send methodology for Cyber Security
that OMB uses in advance of reports.
3. Karen
Evans (OMB): Layout a process of subset A-11 and
come up with a draft schedule.
CIOC BUSINESS MEETING ATTENDEES
David
Ames State
Tad Anderson OMB
Janet Barnes OPM
Brett Bobley NEH
Richard Brozen OMB
Michael Carleton GSA
Bill Dates US ARMY
Martin Costellic CFOC Liaison
Gordon Errington DOE
Karen Evans OMB
Stephen Fletcher Educ.
Christopher Fornecker GSA
Stephen Galvan SBA
Lawrence Hale DHS
John Hopkins State
Bob Haycock OMB
Kathleen Heuer HHS
Randolph Hite GAO
Ira Hobbs USDA
Karen Hogan DOC
Kim Johnson OMB
Mark Kneidinger USAID
Paul Kurtz White House
William Leidinger Educ.
Craig Luigart VA
Daniel Matthews DOT
Edward Meagher VA
Dean Mesterharm SSA
David J. Molchany Fairfax County, VA
Margaret Myers DOD
Andrea Norris NSF
Kim Nelson EPA
Rose Parkes DOE
Glenn Perry FAC
Patrick Pizzella DOL
Tom Pyke DOC
Liz Sampson Intelligence Community
Scott Santiago NASA
Jacqueline Silber NRC
Linda Springer OMB
Roy Standing State
Shay Stantz NASCIO
Fred Steckler HUD
John Teeter HHS
W. Hord Tipton DOI
Michael Turk OMB
Hollace Twining DOT
G. Martin Wagner GSA
Stephen Warren FTC
David Wennergren Navy
Thomas Wiesner DOL
Jerry Williams SBA
Gary Winters GSA
|