January 8, 2001HHS-IRM-2000-0012Table of Contents1. PurposeThis circular establishes the policies and responsibilities for the Implementation and Usage of the Enterprise Directory Service [which will use the Lightweight Directory Access Protocol (LDAP)] by the Department of Health and Human Services (HHS) and its Agencies. 2. BackgroundThe American public relies on the U.S. Department of Health and Human Services (HHS) to administer a broad range of approximately 300 Federal program activities. Together with its many service partners, HHS delivers $238 billion dollars of health care services annually to 62 million people through its Medicare, Medicaid and Indian Health Service Programs. HHS also plays a vital role in ensuring safety, efficacy, and appropriate use of health care products; controlling disease and promoting health; advancing biomedical research; and assisting the poor. HHS’ service partners include States, universities, contractors and not-for-profit organizations. Together these activities are vital to the health and well being of the American Public, especially the elderly, children, and the poor. Taking account of private and public spending, the health sector constitutes a significant segment of the overall U.S. economy and looks toward the HHS to lead the future direction of these vital health activities. Presidential Decision Directive 63 (PDD 63), "Critical Infrastructure Protection" requires each Federal Agency to develop a vulnerability plan, implement an infrastructure framework solution, monitor the enterprise infrastructure for vulnerabilities and respond to threats as appropriate. In order to become more compliant with Federal regulations, the HHS will implement an Enterprise Directory Service. The HHS centralized enterprise directory will be used to manage access rights of its internal personnel, business partners and customers. An electronic directory server provides access to information via electronic means. This information is variable in content, however it is explicitly defined by the directory purpose. Information about people, organizations, services and network hardware are just a few examples of the data content that a directory service can provide. Electronic mail communication benefits from the existence of a global electronic "White Pages" because these "White Pages" allow network users to retrieve address information in an intuitive fashion. Manual searching for names and addresses, specifically electronic addresses, can take a great deal of time. A "White Pages" directory service permits network users to retrieve the addresses in a user friendly way, using known variables such as common name, surname, and organization to facilitate various levels of searches. The Enterprise Directory is a global service comprised of independently operated and distributed Directory Service Agents (DSAs) that provide information in the form of a "White Pages" Telephone Directory. An Enterprise Directory service provides a common access point for this distributed information, and is generally configured to make access to the information sought intuitive and easy. The Enterprise Directory Model is a distributed collection of independent systems that cooperate to provide a logical database of information to provide a global Directory Service. Directory information about a particular organization is maintained locally in a DSA. This information is structured. It is possible for one organization to keep information about other organizations, and it is possible for an organization to operate independently from the global model as a stand-alone system. DSAs that operate within the global model have the ability to exchange information with other DSAs by means of a common protocol. Lightweight Directory Access Protocol (LDAP) is a common protocol used for client-to-server communication. LDAP defines a standard method for accessing and updating information in a directory. 3. ScopeThis policy applies to all Departmental (Operating Division and Staff Division) Directory implementation whether owned and operated by HHS, or operated on behalf of HHS. 4. Policy
4.1 HHS End-User Interface
4.1.1 The HHS user interface shall use Lightweight Directory Access Protocol (LDAP) for accessing on-line Directory Services. 4.1.2 LDAP shall be used as a primary standard for client-to-server communication. 4.2 HHS Enterprise Directory Architecture
4.2.1 The HHS Enterprise Directory architecture shall be that of a single logical Departmental Directory all emanating from the root domain. 4.2.2 By implementing an LDAP-enabled Directory, OPDIV’s Directory Managers shall be able to control what is shared and viewable across the global directory. 4.2.3 Security and independence of the OPDIV domains is recognized to be critical to the success of the HHS Enterprise Directory. Each OPDIV’s Directory Manager shall have the ability to update its branch or portion of the global directory. The OPDIVs shall possess read-only rights to information not under their sole-ownership. Changes to OPDIV’s information residing in the global directory shall be done only through prior approval by the OPDIV to which the information belongs. The Enterprise Directory Manager shall have the responsibility to make updates to the directory following the OPDIV’s approval. 5. Roles and Responsibilities
5.1 The HHS Chief Information Officer (CIO)The CIO is responsible for providing advice and assistance to the Secretary and other senior management personnel, to ensure that information technology is acquired and information resources are managed for the agency in a manner that implements the policies and procedures of the HHS Enterprise Directory. The CIO is responsible for approving any Directory implementation by HHS OPDIVs. 5.2 The Deputy Assistant Secretary for Information Resource ManagementThe Deputy Assistant Secretary for Information Resources Management (DASIRM) shall assure that the HHS Enterprise Directory effectively supports mission requirements, meets strict performance criteria, and conforms to the HHS hierarchical directory architecture. The DASIRM is responsible for defining, implementing and managing HHS directory policy decisions. The DASIRM is also responsible for certification and accreditation of the global directory implementation and has responsibility for the oversight of all directory operations. The DASIRM will provide lead support in the development and implementation of the HHS Enterprise Directory. The DASIRM is responsible for the appointment of the Enterprise Directory Manager. The DASIRM is also responsible for assuring that proper and reliable operations of the Enterprise Directory are maintained, and for seeing that proper LDAP policies and directives are in place. 5.3 THE OPDIV CIOS, and OPDIV/StaffDiv Program/Project ManagersThe OPDIV CIOs shall be responsible for assuring that directory implementation is performed in accordance with the policy of the DASIRM. The OPDIV CIOs provide planning guidance to, and oversight of the directory infrastructure, and direct the activity of the OPDIV’s Directory Manager. The OPDIV CIOs have overall responsibility for assuring that proper and reliable operations of the OPDIV Directories are maintained, and for seeing that the policies and directives of the DASIRM are carried out. They are responsible for establishing and approving detailed operating procedures. Responsibilities of the OPDIV CIOs include oversight of: - Developing, maintaining currency, and publication of the Directory Policy
- Establishing and monitoring security procedures.
- Directory operations
- Identifying and investigating areas for directory improvement.
- All technical, hardware and software aspects of the directory.
|