Other Programs

Program Management

Note: 
NA = Not applicable.

INTRODUCTION

These performance measures link to HRSA’s Strategic Plan goal to achieve excellence in management and to the specific objectives to strategically manage information technology to support programs, and foster and lead a high-quality, well-trained workforce.

DISCUSSION OF TARGETS AND RESULTS

35.VII.B.1.  Information Technology Management: Ensure Critical Infrastructure Protection.

HRSA continues to administer a diligent Critical Infrastructure Protection (CIP) program that includes, among other efforts, a strong emphasis on perimeter protection, incident response, risk assessment, and security awareness training.  Legislation such as the Federal Information Security Management Act (FISMA) imposes significant computer security requirements including periodic assessments of security risks to information systems and data supporting its critical operations.

HRSA will monitor the performance of the CIP and Information Systems Security Program through the following measures:

1. Perimeter Protection: HRSA will protect the perimeter and network boundaries by implementing the appropriate network intrusion infrastructure to detect and mitigate improper network violations.  In FY 2006, monitoring/auditing was redesigned to incorporate an additional monitoring and incident detection tool (Securify) which complies with HHS EA needs.  In addition, there is now 24/7 monitoring supported by an agreement with the NIH.  In FY 2007, HRSA Improved overall security posture and compliance levels through implementation of customized and streamlined policies on various IPS/IDS devices and installation of ISS Proventia Enterprise Vulnerability Scanner, ISS Real Secure Server Sensors, and Arcsight for event correlation. In FY08, ISS Realsecure Server Sensors were installed on all public facing servers and some servers on the internal network. Realsecure Server Sensors and Proventia IPS/IDS have been configured for Intrusion Protection (active blocking) mode and are stopping suspect traffic which has further improved the overall security posture of HRSA.  A Sourcefire appliance was also deployed to analyze all Internet traffic, increasing HRSA’s visibility of potential vulnerabilities and attacks. FY 2009 Goal: HRSA will implement and operate a cyber protection and incident handling center to conduct real-time assessment of current network vulnerabilities and remediation of network perimeters. The center is currently operating in a test mode and includes security tools such as SecureFusion, NET IQ and is staffed during duty hours by HRSA contract and Federal employees.
   
   
2. Risk Assessment:  As defined by OMB Circular A-130 and integral to the IT security program, HRSA will broaden risk assessment efforts for Agency information systems and networks.  During FY 2006, HRSA completed annual self-assessments, privacy impact assessments, security reviews, and security plans for all Agency FISMA mission critical/essential systems.  During FY 2007, completed four (4) full Certification and Accreditations and performed annual security reviews on fourteen (14) other HRSA systems.  In FY 2008, HRSA completed 7 full Certification and Accreditations and performed security reviews of 10 other systems.  FY 2009 Goal: complete Certification and Accreditation (C&A) for 10 HRSA systems. This will include re-certification of previously certified and accredited systems that is required every three years.
   
   
3. Security Awareness Training:  In addition to security education and outreach efforts, HRSA will expand the security awareness training program for Agency employees, and other program staff with unique information security responsibilities.  In FY 2007, HRSA successfully reported a 100% completion rate for HRSA Executives and those staff identified to have significant security responsibilities and a 99.9% completion rate for Security Awareness training of HRSA staff.  In FY 2008, HRSA had a 100% completion rate in all areas of Security Awareness and Training.  FY 2009 Goal: HRSA will have continued full participation in Security Awareness Training by 100% of HRSA Staff, specialized security training for 100% of HRSA staff identified to have significant security responsibilities, and participation of Executive Awareness Training by 100% of HRSA executive staff.
   
   
4. Security Authorization to Operate:  This is a new performance measure with its first target set for 2010.  The measure focuses on having all HRSA systems certified and accredited and granted an Authority to Operate.  Currently Authority to Operate are provided to systems that complete the Certification and Accreditation process.  In FY08, 7 full Authority to Operate were signed by the Designated Approval Authority who is the HRSA Chief Information Officer.  The goal for FY 2010 will be for 10 Authority to Operate approvals.

35.VII.B.2.  Capital Planning and Investment Control

This is a new performance measure with its first target set for 2010.  The measure focuses on having all IT investments with acceptable business cases.  In FY 2008, HRSA submitted two major business cases (i.e. OMB Budget Exhibit 300) as part of the President’s Budget request. One of these IT investments was initially placed on the OMB Management Watch List for issues related to the Performance-based management system and Acquisition management, but by early-summer OMB approved the investment’s Corrective Action Plan and removed the investment from the Watch List. The goal for FY 2010 will be for all HRSA major business cases to be acceptable and excluded from the OMB Management Watch List.

35.VII.A.1.  Strategic Management of Human Capital Initiative:  As part of a management review, HRSA will implement a Delayering Management and Streamlining Organizational Plan.

HRSA continues to focus its efforts to consolidate and re-deploy staff to more effectively support the President’s Management Agenda and accomplish the mission and goals of the Department and HRSA.  By the end of December 2001, HRSA had accomplished the following: 1) Created a Citizen-Centered Agency; 2) Realigned Health Professions Programs into one Bureau and created a mission centered Primary Care Bureau; 3) Streamlined the Office of the Administrator; 4) Consolidated Information Technology (IT) functions; and 5) Consolidated Legislative and Public Affairs staff within HRSA, with appropriate reporting relationships to OS.
During FY 2002 and FY 2003, HRSA accomplished the following restructuring efforts:

1) Completed the restructuring of its financial management functions.  These functions were formerly performed by the Office of Management and Program Support and HRSA’s four Bureaus.  They have all been consolidated; and 2) Completed a reorganization plan that was announced in the Federal Register on January 7, 2003, which restructured the grants function within HRSA.  During FY 2004, a substantial Agency restructuring package was published in the Federal Register on September 21, 2004.  This eliminated a variety of levels, created an Office of Federal Assistance Management which consolidated the grants activity within HRSA, and realigned administrative and financial management activities in the Office of Administration and Financial Management.  During FY 2006, HRSA created an Office of Health Information Technology, which was formally established with a Federal Register notice.  During FY 2007, HRSA consolidated a variety of Health Professions loan repayment and obligated scholarship programs into a Bureau of Clinician Recruitment and Services.  (April 18, 2007 Federal Register).  During FY 2008, a restructuring of the Office of Financial Management (with the hiring of a new Chief Financial Officer) and the Office of Management was accomplished.

35.VII.A.2.  Strategic Management of Human Capital Initiative: Implement the HRSA Scholars Program

To assist in accomplishing the President’s Strategic Management of Human Capital Initiative, HRSA has developed the HRSA Scholars Program.  This program will increase career development opportunities and develop a new approach to hiring staff-experienced professionals and young graduates.  It has components for workforce planning, outreach and recruitment, hiring, recruiting incentives, training, developing and mentoring, and evaluation.  This approach focuses on bringing in honor students at the GS-5, 7 and 9 levels.

During FY 2001, the HRSA Scholars Program was developed and implemented.  Forty-eight Scholars were hired.  In FY 2002 and FY 2003 the numbers of scholars were 53 and 43, respectively.

For FY 2004, 41 HRSA Scholars were brought on board.  In FY 2005, an additional 18 scholars were brought on board.  This initiative was originally a five-year initiative (FY 2001- FY 2005), but an additional class was added.  The FY 2006 target was set at a level of 50 Scholars.  Fifty-one (51) scholars were brought on board in FY 2006.  In FY 2007, 53 scholars were added. In FY 2008, 50 scholars were added, exceeding the target of 30.  There is no target for FY 2009.

The HRSA Scholars Program served as a model for the HHS Emerging Leaders Program.  Additionally, HRSA is a full participant in the HHS Emerging Leaders Program.  Of the first class of 65, HRSA took 5 positions.  This represents about 7.7% of the total HHS class, although HRSA represents only 3.2% of the HHS workforce.