working draft – internal va use only technology acquisition center (tac) information technology...

Working D

raft – Internal VA

Use O

nly

Working Draft, Pre-Decisional, Deliberative Document – Internal VA Use Only

1

Technology Acquisition Center (TAC)

Information Technology Advanced Planning Briefing for Industry

6/16/2015

Stanley F. LoweDepartment of Veterans Affairs Office of

Information Security (OIS)June 16, 2015

Working D


Use O

nly


26/16/2015

• Overview• Goals• Offices• Other Priorities and Focus Areas

Agenda

Working D


Use O

nly

Working Draft, Pre-Decisional, Deliberative Document

3

OIS Overview

• Office of Information Security (OIS)• Manages the VA-wide information security and privacy

programs that protect the information security and privacy infrastructure of VA

• “Devoted to supporting all stages of Veteran care by protecting the personal information of Veterans and the employees who serve them”

• OIS protects the personally identifiable information (PII) of 23 million Veterans, 45 million beneficiaries, and over 300,000 VA employees

6/16/2015

Working D


Use O

nly


4

OIS Goals

• Goal 1: Protect the overall VA information security and privacy posture to ensure confidentiality, integrity, availability, and appropriate destruction of information

• Goal 2: Integrate risk and performance management into information security and privacy practices to create a cost and process effective program

• Goal 3: Establish an information security governance structure and policies that create operational efficiency and accountability

• Goal 4: Seamlessly integrate security processes into VA’s business and IT projects to reduce exposure to risk and maximize efficiency

• Goal 5: Promote an environment where all employees’ and contractors’ actions reflect the importance of information security accountability

6/16/2015

Working D


Use O

nly


5

OIS Offices

• Business Continuity (BC)• Office of Cyber Security (OCS)• Field Security Service (FSS)• Office of Privacy and Records Management

(OPRM)• Network Security Operations Center (VA-

NSOC)

6/16/2015

Working D


Use O

nly


6

Business Continuity (BC)

• Responsible for developing and implementing emergency management and continuity programs that ensure resiliency of critical IT tasks

• Provides staffing to VA’s Integrated Operations Center to create and maintain shared situational awareness across administrations and staff offices concerning OI&T issues

6/16/2015

Working D


Use O

nly


7

BC Activities

• Information Systems Contingency Planning (ISCP)

• IT Systems Disaster Recovery• Business Impact Analysis (BIA)• Continuity of Operations (COOP)

6/16/2015

Working D


Use O

nly


8

Upcoming FY16 Contract Opportunities-BC

6/16/2015

Name of Investment DescriptionBusiness Continuity Support This contract is for part-time subject matter

experts across the continuity spectrum to assist in any internal support for OI&T exercises, including Contingency Plans and Disaster Recovery Plans. Exercise support provides subject matter experts to develop, measure, and run exercises at the OI&T, VA and National Level.

Working D


Use O

nly


9

Office of Cyber Security (OCS)

• Establishes policy and oversees the implementation and operation of IT security programs across the Department

• Manages and directs all activities for audit resolution and readiness, the Certification Program Service, security architecture and software assurance, the Emergency Response team, and identity access management

6/16/2015

Working D


Use O

nly


10

OCS Activities

• Policy Development/Oversight and Compliance Reporting

• Continuous Readiness in Information Security Program (CRISP) Supporting Initiatives

• Assessment/Authorization Program• Identity and Access Management Program Support• Visibility to Everything (V2E) Related Initiatives• Security Architecture and Software Assurance

6/16/2015

Working D


Use O

nly


11

Upcoming FY16 Contract Opportunities-OCS

6/16/2015

Name of Investment DescriptionBig Data Analyze VA Cyber Security data and develop an approach for

establishing a VA cyber security “big data” program. Cyber Security Transformation Address the oversight, execution, budgeting, programming, promotion,

management and monitoring of cyber security activities across VA regions and facilities. VA’s cyber security program is a comprehensive department-wide initiative supporting VA’s multiple administrations and staff offices in cooperation with Federal Departments and Agencies (i.e., DHS, HHS, DoD).

End Point Manager (Big Fix) Maintenance Field Office remediation; Information Security Continuous Monitoring (ISCM); premium support for Enterprise Management Foundation (EMF) Federated Data Repository (FDR), with dedicated resources and additional product licenses required, due to increased utilization of the BigFix and Cognos platforms integrating into multiple efforts.

Policy Support The contractor shall provide assistance to the OCS and Security Technical Management Service (STMS) in revising, reviewing, and interpreting the operational, technical, and management controls required by VA’s information security program. The contractor shall provide support to translate and customize specific requirements related to the Federal Information Security Management Act (FISMA), Health Insurance Portability and Accountability Act (HIPAA), E-government Act, Freedom of Information Act (FOIA), Privacy Act, and other requirements for the VA environment.

Working D


Use O

nly


12

Field Security Service (FSS)

• Field Security Service (FSS) consists of VA Information Security Officers (ISOs)

• FSS ISOs are the “boots on the ground” security professionals - the face of information security for the Department.

6/16/2015

Working D


Use O

nly


13

FSS Activities

• Manages VA-wide field based Information Security Officers (ISOs)

• Continuous Readiness in Information Security Program (CRISP) Compliance - Ensures the security and compliance of all VA information systems

• Medical Device Protection Program - Ensures medical devices used at VA medical centers are safeguarded against cyber security threats

6/16/2015

Working D


Use O

nly


14

Upcoming FY16 Contract Opportunities-FSS

6/16/2015

Name of Investment DescriptionFSS Program Management Support

FSS requires project management expertise at the national and regional level. This expertise is critical to meeting the goals of OIS, CRISP, and remediating the VA OI&T material weakness.

Working D


Use O

nly


156/16/2015

• Works across OIS to integrate privacy considerations and requests for information, manage official records, and ensure that the confidentiality, integrity, and availability of VA sensitive information and information systems are protected

Office Of Privacy and Records Management (OPRM)

Working D


Use O

nly


166/16/2015

• Freedom of Information Act (FOIA) • Records Management

• Release of Names and Addresses (RONA) • Controlled Unclassified Information (CUI)• Electronic Recordkeeping Initiatives

• Social Security Number Reduction and Elimination• Privacy and Security Events Tracking System (PSETS)• Policy and Training Development Efforts• Privacy Impact Assessments (PIA)• Identity Theft Prevention and Detection

OPRM Activities

Working D


Use O

nly


176/16/2015

Name of Investment DescriptionPrivacy Security Events Tracking Privacy and Security Event Tracking System

(PSETS) is used to record all privacy-related complaints and privacy/security incidents across VA. Privacy and Security event tracking is a component of the Department of Veterans Affairs (VA) Privacy Program, mandated in VA Directive 6502, VA Enterprise Privacy Program, and administered by the VA Office of Privacy and Records Management, Privacy Service.

Upcoming FY16 Contract Opportunities-OPRM

Working D


Use O

nly


186/16/2015

• Protects VA information on a 24/7 basis by monitoring, responding to, and reporting cyber threats and vulnerabilities

Network Security Operations Center (NSOC)

Working D


Use O

nly


196/16/2015

• Manages Remote Access to VA • Provides Support to Wide Area Network (WAN)• Monitors Trusted Internet Connection (TIC)

Gateways

NSOC Activities

Working D


Use O

nly


20

Upcoming FY16 Contract Opportunities-NSOC

6/16/2015

Name of Investment DescriptionCFS Data Storage and Retention Procure dedicated storage to allow for future expansion and enable to keep a

1-year retention of all logs and keep all evidence related to security incidents for at least 3 years per federal standards. Storage could be expanded later to accommodate future needs for the Cyber Forensics Team.

RESCUE SMC [change MAC to SMC) Adaptive Security Appliances (ASAs)

Procure the CA Service Desk Manager (SDM) modules required by the NSOC to leverage the benefits of a configuration management database (CMDB) as well as procure the professional services required to successfully install, configure and maintain the CA SDM CMDB tool.

RightIT Now Renew of the current RightITNow ECM (Event Correlation Manager) subscription to enable IT operations staff to proactively detect, isolate and respond to infrastructure issues before they affect customers. RightITNow ECM also enables the creation and execution of automated workflows.

SourceFire 3D Increase Increase in funding to the current SourceFire 3D contract to include devices that are currently out of license and need renewing.

Tenable Additional 400,000 Internet Protocols (IPs)

Identifies all vulnerabilities and reports the findings to the appropriate system administrators for corrective action and up to management. Requesting an additional 400,000 IPs for usage to accommodate the network growth and expansion.

Trusted Internet Connections (TIC) Gateway Application Firewall Refresh

Increase in the capacity of the Firewall system in order to offload web browsing traffic to hardware systems.

TIC Gateway Nexus Core Switches The TIC program supports VA 6500 Handbook by allowing for a robust core switching capability and network virtualization. The TIC must be able to scale to support up to 100Gbps (gigabits per second) of mixed IP traffic throughput to meet projected operational needs.

Working D


Use O

nly


21

Upcoming FY16 Contract Opportunities-NSOC

6/16/2015

Name of Investment Description

TIC GSI Refresh

Perform a technical refresh of our converged infrastructure, which combines network, storage and computer resources in to one area or resource pool where virtual machines can operate and process work.

AppSec License_Support

Procure AppDetective Pro is an database auditing tool to assess all Office of Inspector General (OIG) / Federal Information Security Management Act (FISMA) audit sites and to assess other databases as necessary. This tool will directly impact remediation of ongoing material weaknesses.

Security Incident and Event Management (SIEM)

Procure a centralized event and information correlation tool that can correlate information from disparate network and security management systems, and present it at various levels ranging from an basic monitoring and technical analysis dashboards to Executive Management Level Reports for legal and compliance reporting.

Tenable Security Center 500 IPs

Supports the enterprise scanning solution and Visibility to the Desktop, identifying all vulnerabilities and reporting the findings to the appropriate system administrators for corrective action and up to management.

Tenable Security Center

Supports the enterprise scanning solution and Visibility to the Desktop, identifying all vulnerabilities and reporting the findings to the appropriate system administrators for corrective action and up to management.

TIC Gateway Storage Infrastructure Maintenance Support

Provides VA with the maintenance and support to the infrastructure deployed for SIEM and SAN as well as updates and servicing to 430,000 endpoints VA-wide.

Web Content Filtering

Procure hardware and software to positively identify the VA active directory credentials of individuals accessing the Internet and positively link a user to logged access attempts. The solution must be able to record this information for use in investigations and disciplinary action where necessary.

Working D


Use O

nly


226/16/2015

• Cloud Services• Patching • Encryption

Other Priorities and Focus Areas

Working D


Use O

nly


236/16/2015

• For more information about the Office of Information Security, contact: [email protected]

• For information on doing business with VA, visit: http://www.va.gov/oal.business/dbwva.asp

Questions?

Additional Information

mailto:[email protected]

http://www.va.gov/oal.business/dbwva.asp

working draft – internal va use only technology acquisition center (tac) information technology...

Documents

working draft internal

vawide information security

va employees

privacy infrastructure

security processes

internal support

identifiable information

ois goals goal