OPM’s path to green paved by IT security

As the leaves turned brown last fall, Office of Personnel Management IT officials could only think about green.

CIO Janet Barnes hoped OPM would become only the second agency to earn a green rating for its e-government work on the President’s Management Agenda scorecard.

“We thought we were close, but we didn’t know until the scores came out,” Barnes said.

When the Office of Management and Budget recently released the final 2003 scores, OPM had made the grade. Securing its systems, completing its enterprise architecture and shoring up overall IT management gave the office a final push into green.

OMB gives major agencies scores of green, yellow or red for their efforts to meet the agenda’s five goals—budget and performance integration, competitive sourcing, e-government, financial performance and human capital—every quarter. Green means an agency has met all standards for success; yellow means it has met some but not all the criteria; and red means there are serious problems.

The National Science Foundation earned the first e-government green rating in February 2003.

OPM also is one of two agencies that earned either a yellow or green score in all of the management agenda categories. The Energy Department was the other.

“These agencies are leading the pack with regard to management improvement and are furthest along to becoming the well managed, results-oriented organizations we want the whole government to become,” OMB deputy director for management Clay Johnson said.

Security scores

What finally put OPM over the top?

IT security, said Karen Evans, OMB’s administrator for e-government and IT.

“OPM really moved forward with a comprehensive IT security plan,” Evans said. “That is the last major challenge for many agencies.”

Barnes said third-party organizations or the agency’s inspector general have certified and accredited nearly 100 percent of the agency’s systems.

OPM took a two-pronged approach to meeting the requirement. Barnes said every program office has a designated IT security worker who takes part in monthly meetings.

“These people are program people first and security people second,” she said. “They understand the nature of the data, and we are helping them understand the security functions.”

At the monthly meetings, Barnes said her office discusses cybersecurity problems and ways to resolve them.

OPM’s associate director for management and chief financial officer, Clarence Crawford, also credits the CIO office’s relationship with the IG.

“The IG provides insights and assistance to identify areas that we need to improve our IT security,” he said. “They attend the monthly IT security meetings and give us as much of a heads-up as you would want about issues they see.”

OPM officials also incorporate the IG’s suggestions into their annual strategic plan.

OPM also met OMB’s requirements by completing its enterprise architecture, getting all of its business cases approved by OMB and participating in the 25 e-government initiatives.

“We have a solid IT program,” Crawford said. “We’ve had an architecture in place since 1997, and we’ve focused on cost and schedule issues for many years. It hasn’t been like we had to find religion over the last few years.”

Besides the security meetings and the IG input, Crawford credited OPM director Kay Coles James for taking an active role in the process.

“Director James asked deputy director Dan Blair to support the e-government item on the PMA, and he attended every meeting and was actively involved,” Crawford said. “That made the director’s priorities and commitment to this very clear.”

Now that the agency’s made the top grade, OPM officials are looking beyond green.

“Green is more of an indication of status than an end goal,” Crawford said. “Getting to green is really nice, but the more important item is you are improving your business processes by getting to green.”

About the Author

Connect with the GCN staff on Twitter @GCNtech.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.