An essential element of expanding e-government is ensuring that Federal agency information technology systems are funded, developed and operated to provide the greatest level of performance, manage risk, and provide robust services to citizens. Information policy and technology provides a framework for Federal technology systems that includes privacy and security and capital planning.
The Federal Government must effectively manage its portfolio of capital assets, including information technology, to ensure that scarce public resources are wisely invested. Capital planning and investment control integrates the planning, acquisition and management of capital assets into the budget decision-making process, and is intended to assist agencies in improving asset management and in complying with results-oriented requirements. Capital planning is an essential part of the E-Government strategy and assists projects managers and agency officials in managing their portfolio of technology projects so that agency mission goals may be achieved and citizens are served better.
Capital planning guidance is provided by the Office of Management and Budget.
The Management Watch List and the High Risk List are tools used by OMB to help agency officials successfully monitor agency IT planning, as well as improve project performance. These lists are updated quarterly to ensure that agencies are effectively managing their IT investments and improving the ability of the Federal government to deliver information and services to the public.
Under the Clinger-Cohen Act of 1996, agencies are required to submit business plans for IT investments to OMB that outline the steps they have taken to ensure they have adequately planned each investment to promote success. The information under review within the business cases includes acquisition strategies, security and privacy plans, and its organizational design. If the agency’s investment plan contains contains one or more planning weakness, it is placed on OMB’s Management Watch List and is targeted for follow-up action to strengthen the project’s management and potential to produce results.
In August 2005, OMB established its High Risk List to ensure agencies and programs were meeting their intended goals and producing results. Projects on the High Risk List are not necessarily “at risk,” but are those requiring special attention from the highest level of agency management. While these programs may be performing well, they are determined to be high risk due to different factors such as the high cost of the project or the level of importance the project plays in the overall mission of the agency or other organization.
PRIVACY & SECURITY
Privacy and security of data are important elements of planning, acquisition, and management of Federal information technology systems. The E-Government Act of 2002 and the Federal Information Security Management Act (FISMA) provide significant privacy and security responsibilities for federal information technology system operators.
The E-Government Act of 2002 requires agencies to conduct a Privacy Impact Assessment (PIA) before developing or procuring IT systems or projects that collect, maintain, or disseminate information in identifiable form from or about members of the public, or initiating, consistent with the Paperwork Reduction Act, a new electronic collection of information in identifiable form for 10 or more persons (excluding agencies, instrumentalities or employees of the federal government). Agencies must update their PIAs to reflect changed information collection authorities, business processes or other factors affecting the collection and handling of information in identifiable form.
FISMA requires agencies to integrate IT security into their capital planning and enterprise architecture processes, to conduct annual IT security reviews of all programs and systems, and to report the results of those reviews to OMB. The Act provides the framework for securing the Federal government’s information technology. All agencies covered by the Paperwork Reduction Act must implement the requirements of FISMA and report annually to the Office of Management and Budget and Congress on the effectiveness of their security programs.
HOMELAND SECURITY PRESIDENTIAL DIRECTIVE: COMMON IDENTIFICATION STANDARD FOR EMPLOYEES AND CONTRACTORS (HSPD-12)
On August 27, 2004, the President issued a Homeland Security Presidential Directive calling for a mandatory, government-wide standard for secure and reliable forms of identification issued by the federal government to its employees and to the employees of federal contractors. The implementation of this Standard will ensure the identification for government employees and contractors is reliable and secure.
The Office of Management and Budget was directed to oversee agency implementation. Agencies must ensure consistency with existing privacy and security law and policies to ensure employee and contractor information is protected and appropriately used.
INTERNET PROTOCOL VERSION 6 (IPV6)
On August 2, 2005, the OMB Office of E-Gov and IT issued OMB Memorandum 05-22, “Transition Planning for Internet Protocol Version 6 (IPv6),” directing all Federal government agencies to transition their network backbones to the next generation of the Internet Protocol Version 6 (IPv6), by June 30, 2008. The memorandum identifies several key milestones and requirements for all Federal government agencies in support of the June 30, 2008 target date.
The existing protocol supporting the Internet today - Internet Protocol Version 4 (IPv4) – supports only 4 billion IP addresses, limiting the number of devices that can be given a unique, globally routable location on the Internet. This has constrained the growth of the Internet worldwide, and has limited the number of computers and other devices that can be connected to one another via the Internet. In contrast to IPv4, IPv6 provides an almost unlimited number of IP addresses, and offers enhanced mobility, security, and network management features. IPv6 supports the continued growth of the Internet and development of new business capabilities leveraging mobile, Internet connectivity.
The CIO Council will issue guidance to assist agencies with transition planning.