Download - State of CDC’s Systems Portfolio and New Imperatives Jim Seligman Chief Information Officer
State of CDC’s Systems Portfolio and New Imperatives
Jim SeligmanChief Information Officer
CDC Information Systems• Historical & Current Systems Profile
– Investment Trends– Portfolio Composition
• New Imperatives and Influences– HSPD-12 Smart Card enablement– Portfolio Review & OMB Tech Stat– Shared Software and Data Services
FY 8
2FY
83
FY 8
4FY
85
FY 8
6FY
87
FY 8
8FY
89
FY 9
0FY
91
FY 9
2FY
93
FY 9
4FY
95
FY 9
6FY
97
FY 9
8FY
99
FY 0
0FY
01
FY 0
2FY
03
FY 0
4FY
05
FY 0
6FY
07
FY 0
8FY
09
FY 1
0FY
11
FY 1
2
$0
$50
$100
$150
$200
$250
$300
$350
CDC IT Expenditures
IT Intramural IT Extramural
$ M
illio
ns
CDC FY 2012 IT Investment CompositionInvestment Level Total Value Average Cost
Major (6) $137.6M $22.9M
Tactical (12) $64.9 M $5.4M
Supporting (109) $101.7M $0.9M
Extramural (7) $161.2M $23.0M
Total FY 2012 (134) $465.4M $3.5M
CDC FY 2012 Investment Jurisdiction
Series1$0
$50
$100
$150
$200
$250
$300
$350
Intramural$304 M
Extramural$161M
66%
34%
6
Number of Systems Trending
FY 2005 FY 2006 FY 2007 FY 2008 FY 2009 FY 20100
20
40
60
80
100
120
140
160
180
200
0
100
200
300
400
500
600
700
Systems Portfolio
New Systems Retired Systems Portfolio
Fiscal Year
New
or
Reti
red S
yste
ms
Port
folio S
ize
IT Systems by OrganizationCenter/Office # Systems
FY 2012 Planned
Budget ($M) Cost per System
($M)
CGH 7 $0.8 $0.1 NIOSH 8 $0.9 $0.1 OD 153 $45.4 $0.3 OID 174 $71.1 $0.4 ONDIEH 135 $23.3 $0.2 OPHPR 26 $13.0 $0.5 OSELS 55 $65.9 $1.2 OSTLTS 2 $0.1 $0.1 Total 560 $220.5 $0.4 Inclusion/Exclusion Criteria Include intramural spending only Exclude IT infrastructure Exclude "Not Updated," "Planning," or "Planned Retirement" systems
8
CDC Systems by Mission Criticality
High Criticality Systems
Medium Criticality
Low Criticality
132
299
191
FY 2012 Systems by Lifecycle Phase
21847%247
53%Development & Modern-izationOperations & Main-tenance
$ in Millions
Federal IT Dashboard - HHS
Federal IT Dashboard - CDC
New Imperatives
Identity & Access Management Program
• OMB Requirements and Deadlines
• CDC Milestones
• Application Assessment
• Application Smart Card Enablement
Draft - For Discussion Purposes Only 13
OMB Requirements and DeadlinesOMB Feb 3, 2011 Directive • Fund HSPD-12 credential issuance using existing resources
• FY 10 - all new systems must be enabled to accept HSPD-12 credentials for authenticating Federal employees and contractors
• FY 11 - agencies must use system technology refreshment funding (DME or O&M) to upgrade existing systems to use HSPD-12 credentials
– CDC policy to be issued in March 2011
• FY 12 - agencies shall not spend DME or O&M technology refreshment funding on systems unless they use HSPD-12 credentials to authenticate Federal employees and contractors
14
FY 11 Timeline for Logical Access Controls
Logical Access Plan Milestone
Establish Unified Helpdesk Plan
OCT 2010 – DEC 2010Q1
JAN 2011 – MAR 2011Q2
JUL 2011 – SEP 2011Q4
APR 2011 – JUN 2011Q3
Complete ITSO Middleware /
Card Reader Pilot and
Documentation
Smart Card access via CITGO
available
WS-3
Develop IWA PKI Enablement Application
Guides (.NET, JAVA)
WS-5
Distribute Desktop Readers & Middleware to
GOE Users
WS-3
Complete Testing Smart Card Access for Webmail
Test and Standardize
Blackberry and Bluetooth Equipment
WS-4
WS-3
WS-15
Smart Card Maintenance
Deployment Plan
WS-15
WS-3
E-Auth Go Live Phase 2 (Level 2
& 3)
WS-14
Start SDN Migration
WS-14
Start PKI Enablement Pilot
2
WS-5
E-Auth Go Live Phase 1 (Level 1)
WS-14
15
Start PKI Enablement Pilot
1
WS-5
Application Assessment Survey
• CDC Application Assessment for Smart Card Enablement Survey
• Total Number of Responses: 424 (~75% responded)
Draft - For Discussion Purposes Only 16
Application Assessment Survey
Draft - For Discussion Purposes Only 17
218180
26
Integrated Windows Authentication
Yes
No
Unsure
Application Assessment Survey
Draft - For Discussion Purposes Only 18
25 41
356
Application Type
Standard Commercial Package
Highly Customized Commercial Package
Custom Developed Application
Application Assessment Survey
Draft - For Discussion Purposes Only 19
126
1315
66 3
Application Language
.NetJavaAccess/SQLSASPowerBuilderFoxpro
Application Assessment Survey
Draft - For Discussion Purposes Only 20
0
20
40
60
80
100
120
140
1 to 10 10 to 100 100 to 1000
1000 to 5000
Greater than 5000
102
75 69
24
128
Total User Population
HSPD-12 Logical Access Approach• HHS Enterprise Applications (e.g. CapHR, EWITS, LMS)
– Plan to use Sun Identity and Access Manager-based solution
• CDC Capabilities currently using Integrated Windows Authentication (IWA)
– Built-in, requires no additional investment
– Leverages existing investment and infrastructure
– Ties in with CDC Active Directory that is already PKI enabled for Smart Card authentication
• Authentication upgrades will require focused investment over time
– Microsoft .NET applications can easily upgrade to Integrated Windows Authentication
– JAVA/J2EE provides available, mature, bolt-on modules
– Develop a set of generic authentication modules shared across systems
Draft - For Discussion Purposes Only 21
PKI-Enabling Technology CategoriesCategory A – IWA-type applications or with built-in PKI support
Category B – Applications that will use Sun Identity Suite
Category C – Applications that will use PKI-enablement libraries
Category D – Applications/Systems where access is limited by “PKI-enabled Vault” i.e. need a credential to login to the server
Category E – Applications where the vendor provides upgrades to PKI-enable
Category F – Applications that will be replaced (Not PKI-enabled in favor of new application)
Category G – Applications that will not be upgraded (requires justification)
Draft - For Discussion Purposes Only 22
Logical Access Next Steps• Integrated Windows Authentication Guides developed
for .Net and Java applications, posted on IRGC SharePoint site
• HSPD-12 PMO meeting with major CDC application groups
• Develop additional guidance documents to leverage Integrated Windows Authentication
• Develop tests to verify HSPD-12 compliance
• Establish user groups to identify impacts and requirements
• Conduct pilots and develop prototypes
Draft - For Discussion Purposes Only 23
CDC Systems Review• Number of systems?
• Spending on systems?
• Redundancy/duplication?
• System development success: on-time, on-scope, on-budget?
• System performance success measures– meeting original intent– achieving performance measures– scale of usage and content– customer satisfaction
Shared Software and Data Services• Developing a registry of shared software and data services
– Service name– Service description– Contact– Lifecycle stage– Information location (URL)– Authentication required– Standards supported
• Compliment to Enterprise Systems Catalog & EA Reference Guide
• Resource for developers - shared code, objects, APIs, data resources
Some Candidate Shared Services at CDC• WONDER
– 11 Databases of Population, Vital Statistics, and Morbidity– XML-based API
• Security Services (SDN and IAM.Net Services)– Identification, Access, and Credentialing Services
• PHIN Services– PHIN-MS (Messaging), PHINDIR (Directory), PHIN-VADS
(Vocabulary)
• GIS Mapping/Geospatial Services• People Repository (other HR Services)
Questions?