FEA security layer due this summer

The Office of Management and Budget by the end of the summer will release a security layer for the Federal Enterprise Architecture.

Environmental Protection Agency CIO Kim Nelson, the co-chairwoman of the CIO Council’s Architecture and Infrastructure Committee, told lawmakers yesterday that committee members are reviewing CIO comments on the plan and will release it soon to be used by agencies.

“This will provide the opportunity for agencies to start thinking about security and privacy on Day One [of an IT project] versus thinking about it once you are into the later design phases,” Nelson said during a hearing on the progress of the FEA held by the House Government Reform Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census.

OMB decided to make security a layer that cuts across all the FEA reference models, instead of separate reference model, because of its importance to every aspect of the IT planning, design and implementation processes, said Karen Evans, OMB administrator for e-government and IT.

“There was a lot of discussion going forward and as vice chairwoman of the CIO Council when these efforts were going on, we specifically asked OMB not to have a specific security reference model because we didn’t want to have security segregated from all the models,” Evans said. “We wanted to ensure that cybersecurity and overall risk is looked at as each investment goes forward and how you manage your program overall. We had concern in the council that if we had a separate model that we may start down the path again of separating it without always thinking about it as we go forward.”

Randolph Hite, the General Accounting Office’s director of IT architecture and systems, said the CIO Council should look at the lessons learned from the IRS’ experience of extracting security as a separate view into the architecture.

“Security cannot be something that is done after the fact and laid on top,” Hite said. “It is something that is done in concert with the lines of business, the technical and data elements of the architecture.”

Rep. Adam Putnam (R-Fla.), chairman of the subcommittee, also pressed witnesses including Transportation Department CIO Dan Matthews about the progress of agency enterprise architectures, after GAO reported agencies spent almost $600 million on developing their modernization blueprints.

“With the vast majority of government agencies’ EA maturity assessed at the Stage 1 level, we still have a long way to go before we fully realize the benefits of effective EA management,” Putnam said. “You can say the trend is not hot. That is the overarching lesson here.”

Evans said OMB is using GAO’s assessment as well as their own assessment methodology to evaluate agency progress.

Matthews told Putnam that while the assessments measure whether certain criteria are met, the better measurement is how many of those criteria are met year-to-year.

And Nelson added many agencies, such as EPA, have met many of the criteria in stages 4 and 5, but are rated in Stage 1 because they did not complete one task to move out of the initial stage.

“We never had a formal written policy before and now we will when EPA Administrator [Mike] Leavitt signs it in the next few weeks,” Nelson said. “A lot of agencies have similar issues where they were doing certain EA processes, but never a formal written policy so GAO rated them in a lower stage.”

About the Author

Connect with the GCN staff on Twitter @GCNtech.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.