# |
Key
Outputs |
FY
2004 Actual |
FY
2005
Actual |
FY
2006 |
FY
2007 |
FY
2008 Target/ Est. |
FY
2009 Target/ Est. |
Target/
Est. |
Actual |
Target/
Est. |
Actual |
Long-Term
Objective: Strategically manage information technology
to support programs. |
35
VII. B.1 |
Information
Technology Management: Ensure Critical Infrastructure
Protection.
A. Perimeter Protection |
Implemented
encrypted incident response reporting and updated
security alert/event tracking software. |
Implemented
an updated security program plan that incorporated
a comprehensive suite of security services and included
improved incident response, security monitoring
and risk management capabilities. |
Complete
the redesign of the security monitoring/ net-work
auditing /incident detection capability to ensure
compatibility to the modified IT infrastructure |
Monitoring/auditing
was redesigned to incorporate an additional monitoring
and incident detection tool (Securify) which complies
with HHS EA needs. In addition, there is now 24/7
monitoring supported by an agreement with the NIH. |
Implement
a self-defending network strategy that includes
Internet filtering, redundant firewalls, intrusion
prevention and detection devices, and Virtual Private
Network (VPN) devices. |
Improved
overall security posture and compliance levels through
implement-ation of customized and streamline-ed
policies on various IPS/IDS devices and installation
of ISS Proventia Enterprise Vulnerabil-ity Scanner,
ISS Real Secure Server Sensors, and Arcsight for
event correlation. |
Extend
security monitoring/ network auditing/ incident
detection capabilities to include dedicated monitors
on individual, high-risk servers and devices. |
Operate
a cyber protection and incident handling center
to conduct real-time assessment of current network
vulnerabil-ities and remedia-tion of network perimeters. |
# |
Key
Outputs |
FY
2004 Actual |
FY
2005Actual |
FY
2006 |
FY
2007 |
FY
2008 Target/ Est. |
FY
2009 Target/ Est. |
Target/
Est. |
Actual |
Target/
Est. |
Actual |
Long-Term
Objective: Strategically manage information technology
to support programs. |
|
B.
Risk Assessment |
Performed
annual self-assessments and re-certified ten (10)
mission critical/ essential systems. |
Performed
annual self-assessments, privacy impact assessments,
security reviews, and ensured security plans were
in place for all nine (9) mission critical/essential
systems (one system removed from list). |
Complete
Certification and Accredita-tion (C&A) for two (2)
new HRSA systems and complete annual re-certification
efforts on ten (10) HRSA mission critical/essential
systems. |
Completed
100% of planned C&A activities for FY2006, including
the testing of conting-ency plans and system testing
and evaluation (ST&E) for all HRSA FISMA systems. |
Complete
re-certifica-tion for four (4) major applica-tions
and general support systems, perform annual security
reviews for three (3) HRSA major applica-tions,
and determine security require-ments for 100% of
all new IT invest-ments. |
Completed
four (4) full Certifica-tion and Accredita-tions
and performed annual security reviews on fourteen
(14) other HRSA systems. |
Complete
annual security reviews for ten (10) HRSA major
applica-tions, and determine security requirements
for 100% of all new IT invest-ments |
Complete
Certification and Accredita-tion for twenty (20)
HRSA systems |
35VII.B.1 |
C.
Security Awareness Training |
Developed
and implemented new awareness training module and
trained 84% of HRSA staff. |
Developed
and implemented updated awareness module and trained
96% of HRSA staff. Based on existing requirements,
100% of staff assigned specific security duties
were trained and a new awareness and training program
plan was developed to address newly defined requirements. |
Develop
and deploy a training module for Information System
Security Officers (ISSOs) and successfully complete
annual security awareness training for 95% of HRSA
staff. |
100%
of HRSA staff completed the web-based Security Awareness
training module; 100% of FISMA system ISSO’s completed
HRSA training. |
Full
participa-tion in Security Awareness Training by
100% of HRSA Staff, specialized security training
for 100% of HRSA staff identified to have significant
security responsibil-ities, and participa-tion of
Executive Awareness Training by 100% of HRSA executive
staff. |
100%
completion rate for HRSA Executives and those staff
identified to have significant security responsibilities.
99.9% completion rate for Security Awareness training
of HRSA staff. |
Full
participa-tion in Security Awareness Training by
100% of HRSA Staff, specialized security training
for 100% of HRSA staff identified to have significant
security responsibil-ities, and participa-tion of
Executive Awareness Training by 100% of HRSA executive
staff. |
Full
participation in Security Awareness Training by
100% of HRSA Staff, specialized security training
for 100% of HRSA staff identified to have significant
security responsibilit-ies, and participation of
Executive Awareness Training by 100% of HRSA executive
staff. |
# |
Key
Outputs |
FY
2004 Actual |
FY
2005 Actual |
FY
2006 |
FY
2007 |
FY
2008 Target/ Est. |
FY
2009 Target/ Est. |
Target/
Est. |
Actual |
Target/
Est. |
Actual |
Long-Term
Objective: Foster and lead a high quality, well-trained
workforce. |
35VII.A.1. |
Strategic
Management of Human Capital Initiative: As part
of a management review; HRSA will implement a Delayering
Management and Streamlining Organiza-tional Plan. |
Broad-ranging
organiza-tional package published in Federal Register. |
Developed
proposal to consolidate health information technology
activities. |
Continue
with implementa-tion of streamline-ing efforts. |
Established
Office of Health Information Technology (12//05). |
Continue
with implement-ation of streamlin-ing efforts. |
Established
the Bureau of Clinician Recruit-ment and Service. |
Continue
with implement-ation of streamlin-ing efforts |
Continue
with implementa-tion of streamlining efforts |
35VII.A.2. |
Strategic
Management of Human Capital Initiative: Implement
the HRSA Scholars Program |
41
scholars |
18 |
50 |
51 |
55 |
62 |
NA |
NA |
|
Appropriated
Amount ($ Million) |
148.533 |
147.08 |
|
144.421 |
|
146.283 |
141.087 |
141.087 |