OPENING
REMARKS
Karen
Evans, CIO Council Vice Chair, opened the meeting. Ms. Evans
provided the following announcements:
- Drew
Ladner was named the CIO of the Department of Treasury
- Dan
Matthews, Department of Transportation, has joined the CIO
Council
- Patricia
Dunnington is the new CIO of NASA
- Laura
Callahan is the co-chair of the Architecture Committee
- The
Council for Excellence in Government is hosting a program
called “Value Measuring Methodology: Evaluating IT
Investments”, on April 22, 2003, at the Willard Inter-Continental
Hotel. Registration for the program begins at 7:30AM and
the program runs from 8:00 to 11:00 AM.
- The
National Finance Center in New Orleans is recruiting for
a Director of Information Management.
- The
next CIO Council meeting will be a closed session with the
Quad Council at the Washington Convention Center, April
9, 2003.
Mark
Forman reminded CIOs to complete the skill gap assessment
so that the guidance can be updated.
OMB
AND E-GOV UPDATE
Mark Forman
stated that as mentioned in the Passback, CIOs haven’t
yet done the skills gap assessment and it needs to get done.
With regards to the E-gov initiatives’ financing strategy,
CIOs and CFOs will need to collaborate to support the joint,
inter-agency initiatives. With Clay Johnson assuming the OMB
Deputy Director for Management position, there will be written
commitments for results by next summer. In addition, each
Department will be asked to sign up to the performance metrics.
Mr. Forman
credited Randy Hite, GAO, with laying out the key elements
of an enterprise architecture, starting with a good corporate
strategy that drives a good IT strategy. Mr. Forman will be
meeting with agencies to determine how they will use the enterprise
architecture to drive priorities. Each Department has a modernization
story to tell.
Security
certification and accreditation progress is required. The
Report on Cyber
Security outlines progress to date. Funding is not an issue;
this is a priority.
Most of
the 24 E-Gov initiatives will be deployed and completed by
June 2004. The siloed initiatives must be turned off and migrated
to the joint E-gov initiatives by next summer. A few initiatives
without strong program management skills need some help implementing
the initiatives.
The Enterprise
Licensing “Smart Buy” initiative will likely save
significant amounts. Leverage can come from the CIOC and Architecture
and Integration Committees to realize further cost savings.
The Business
Cases for six cross-agency initiatives will be reviewed and
then a cross-agency team(s) will be established.
AUTHENTICATION
POLICY FOR FEDERAL PERSONNEL
Dr. John
Gauss introduced the Portfolio Manager for the E-Authentication
effort, Jeanette Thornton of OMB. Ms. Thornton presented an
overview and status of the E-authentication policy efforts.
There
are two related OMB policy activities driving this effort,
and the first one is E-Authentication Government-wide Guidance.
OMB will be releasing a document in the next few days in response
to agencies’ requests for more guidance on E-authentication.
The document outlines a risk-based approach to identity authentication
and presents a process to guide agencies through implementing
an E-authentication strategy. OMB policy has established four
authentication assurance levels, with Level 1 being no authentication
required, to Level 4 being the most stringent credentialing
required. NIST will provide technical guidance to agencies
to enable them to match their technology implementation to
one of the four levels.
The second
OMB policy discussed by Ms. Thornton was the Authentication
and Identity Policy Framework for Federal agencies. This policy
states that all Federal employees and contractors must have
an electronic credential for physical and logical access,
and details the requirements to receive a Federal credential.
The policy supports the Internal Efficiency and Effectiveness
(IEE) portfolio and employees can use their credentials to
access other E-gov applications.
Next
steps include:
- Gather
agency feedback on the policy framework
- Take
an inventory of the current status of all agencies
- Brief
the results to the CIOC, HR, physical access, and security
communities
- Finalize
the PKI common certificate policy
- Form
a team with AIC/Policy Authority and agency representatives.
There
was a question about the timeline for identifying a common
PKI source. Ms. Thornton is working with Norm Lorentz and
Bob Haycock over the next few months to develop a component
standard, and any interested parties may want to be involved
in those meetings. Dr. John Gauss stated that the key point
is to establish common definitions and processes for identity
so that trust levels are the same across the government. This
effort has progressed quickly and has targeted June 2003 for
final comment. Comments suggested that this timeframe was
amenable for capital investment review timeframes. Dr. Gauss
commented that if the government could jointly go to level
4, it could eliminate the need for level 3. The majority of
citizens’ access will be in Levels 1-3. A lower level
will always accept a higher level of authentication and credentialing.
FEDERAL
IT WORKFORCE ASSESSMENT, GAP ANALYSIS, AND CORRECTIVE ACTION
PLAN
Mark Forman
provided some background regarding the requirements for Federal
IT Workforce Assessments and the focus on human capital in
the President’s Management Agenda. The requirements
were established in three key pieces of legislation: the Clinger-Cohen
Act, the Federal Acquisition Streamlining Act, and the E-Government
Initiatives Act. We don’t know how human resources are
being managed across the government. An Enterprise Human Resources
Architecture is needed.
Currently
there are 700 projects in the President’s Budget that
are on the “At Risk” list, which indicates a need
for basic project management skills in the government. There
is a need for literally thousands of skilled IT project managers,
security officers, solutions architects, enterprise architects,
and information management specialists. In the FY04 Passback,
agencies were directed to complete an annual skills assessment,
as required by the Clinger-Cohen Act.
Ira Hobbs
discussed three areas of focus in terms of human capital:
1.
Enterprise Architects and Solution Architects
2. Cyber Security
3. Project Management
The Workforce
Committee wrote a white paper to define enterprise architects
and solution architects, as well as outline differences in
competencies. A draft was given to Norm Lorentz, for comment,
and then it will be disseminated to the CIOC. The goal is
for OPM to codify these as occupational series.
The second
issue is cyber security. The Scholarship for Service Program
was developed by OPM, NSF, and the Critical Infrastructure
Protection Board to produce a pool of skilled cyber security
employees. This June and September 2003, 40 students will
be graduating from the program. CIOs will be asked to help
in placing these highly qualified, career-oriented individuals
in agencies.
There
was a question about the interests of the graduating students,
in that several resumes indicated an interest in security
intrusion detection. The agencies have a need for policy experts,
and expressed some concern that the program does not address
agency needs. Mr. Hobbs responded that the CIO Council can
work with the University of Oklahoma and Carnegie-Mellon Institute
to develop a curriculum that will meet the needs of agencies.
With regards
to project management, there are currently over 1,000 major
projects with budgets of over $50 million across the Government.
Many of these projects lack a project manager. A working group,
led by Emory Miller (GSA), has been established to identify
the gap in skills. The group crafted a definition of a skilled
project manager as someone who:
- Has
project management experience demonstrated through past
successes or a PMI certification and
- Is
working as a project manager full time.
This
definition will be used to determine the skills gap and is
included in the IT Project Management Skills Gap Survey that
will be sent out next week. The data will be analyzed and
“Islands of Excellence” will be pinpointed and
distributed to all agencies. The goal is that by September
2003 when Business Cases are due, no organization will say
that there is no project manager available for a major system
project. If a strong need for project managers is identified
in the survey, then the CIOC will work with OPM to codify
the project management discipline in government.
There
was a question regarding the use of contractors as program
managers being phased out. Mr. Forman responded that agencies
will always hire contractors and that there must be a contractor
project manager. But the government needs project managers
to oversee the overall project on behalf of the government.
A contractor can’t be responsible for the transformation
necessary in government.
Dr. Gauss
presented a briefing of the IT Workforce Management efforts
at VA. The VA is the largest civilian department of the Government
with over 4 million customers today. In the summer of 2001,
VA determined several needs with regards to IT strategy that
should be implemented by the summer of 2004. The VA identified
several areas for strategic improvements, including an IT
workforce strategy. They recognized a need for an IT workforce
with the right mix of skills who can develop, integrate, test,
certify and deploy IT systems, as well as operate and maintain
the system.
The VA
begin by assessing and surveying their workforce, determining
the “to be” workforce, and then found the gap
between the two. They contracted with the University of North
Texas (UNT) to administer a survey. The results provided a
clear picture of the “as is” VA workforce and
established a starting point to transition the workforce.
Based on the survey results, the VA aligned the IT workforce,
defined what constitutes IT costs, and established project
management and information security officer training programs.
The next
steps include:
- Define
IT-related job series
- Implement
the VA-wide reorganization
- Complete
technical requirements definition and future requirements
analysis
- Determine
skill gaps and trends
- Develop
and execute the implementation plan
- “Hire
the brains and contract the brawn”
- Recruit
and retain the “cream of the crop”.
Dr. Gauss
concluded his presentation by stressing the importance of
human capital in VA’s overall IT strategy. A member
asked about the survey, and the VA is willing to share the
workforce assessment tool, but it is likely that some adaptation
will be necessary.
|