Proud-to-Be / Management Plan Agreement FY 2008

Department of Health and Human Services

President’s Management Agenda Goals for July 1, 2008

 GOVERNMENT-WIDE INITIATIVES

Expanded E-Government

Owner:  Charles Johnson, Assistant Secretary for Resources and Technology, (202) 690-6396  Charles.Johnson@hhs.gov

Overall Status Score: Yellow  (Enter overall status score – green, yellow or red – that agency anticipates achieving by July 1, 2008.)

GREEN Standards for Success

Agency: HHS

__ [EA] Has an Enterprise Architecture with a score of 4 in the “Completion” section and 4 in both the “Use” and “Results” sections (Q2 FY08 (February));

__ [Ex300] Has acceptable business cases for all major systems investments and no business cases on the “management watch list (Q4 FY07);

__ [EVM] Has demonstrated appropriate planning, execution, and management of major IT investments, using EVM or operational analysis and has portfolio performance within 10% of cost, schedule, and performance goals (Q3 FY08 (July));

√  [FISMA]Inspector General or Agency Head verifies the effectiveness of the Department-wide IT security remediation process and rates the agency certification and accreditation process as “Satisfactory” or better (Q1 FY08 (October));

√  [FISMA] Has 90% of all IT systems properly secured (certified and accredited) (ongoing);

AND

√  [EG Impl] Adheres to the agency-accepted and OMB-approved implementation plan for all of the appropriate E-Gov/Lines of Business/SmartBuy initiatives and has transitioned and/or shut down investments duplicating these initiatives in accordance with the OMB-approved implementation plan (ongoing).

Standard for Success to MAINTAIN GREEN

Agency: HHS

√  [FISMA] Has ALL IT systems certified and accredited (ongoing);

__ [FISMA] Has IT systems installed and maintained in accordance with security configurations (Q1 FY09);

√  [Priv] Has demonstrated for 90% of applicable systems a Privacy Impact Assessment has been conducted and is publicly posted (ongoing);

√  [Priv] Has demonstrated for 90% of systems with personally identifiable information a system of records has been developed and published (ongoing);

__ [FISMA] Has an agreed-upon plan to meet necessary communication requirement for COOP and COG (Q3 FY08).

YELLOW Standards for Success

Agency: HHS

__ [EA] Has an Enterprise Architecture with a score of 4 in the “Completion” section and 4 in either the “Use” or “Results” sections; (Q2 FY08);

√  [Ex300s] Has acceptable business cases for more than 50% of its major IT investments (ongoing);

√  [FISMA] Submits security reports to OMB that document consistent security improvement (ongoing); and either:

     √  80% of all IT systems are properly secured (ongoing); OR

√  Inspector General or Agency Head verifies the effectiveness of the Department-wide IT Security Plan of Action and Milestone Remediation Process (ongoing);

√  [EVM] Has demonstrated appropriate planning, execution, and management of major IT investments, using EVM or operational analysis, and has IT portfolio performance operating within 30% of cost, schedule, and performance goals (ongoing); AND

√  [EG Impl] Has an up-to-date agency-accepted and OMB- approved implementation plan for all of the appropriate E-Gov/Lines of Business/SmartBuy initiatives rather than creating redundant or agency unique IT projects (ongoing).

KEY MILESTONES for the Department of Health and Human Services

FY 2007 – Fourth Quarter

• [EVM] Justify or require corrective action plans for investments reporting zero cost or schedule variances on quarterly variance reports.
• [Ex 300s] Complete IT Infrastructure consolidation framework via Exhibit 300 consolidation (September 9, 2007).
• [EA] Develop EA Program Value measurement plan (Results).
• [FISMA] Provide plan to meet security configuration guidelines for all systems (August 17, 2007). 
• [EG Impl]Adheres to the agency-accepted and OMB-approved implementation plan for all of the appropriate E-Gov/Lines of Business/SmartBuy initiatives and has transitioned and/or shut down investments duplicating these initiatives in accordance with the OMB-approved implementation plan.

FY 2008 – First Quarter

• [EVM] Review and modify HHS EVM Policy and/or IT Investment Review Board Charter. 
• [EVM] Submit IT Investment Review Board (IT IRB) meeting monthly minutes demonstrating management of investment EVM variances outside tolerable limits. 
• [EVM] Install an Earned Value Management Tool (EVMT). 
• [EG Impl] Submit HHS employee training plans, expenditures, and activities information to the Office of Personnel Management (OPM) through the OPM Governmentwide Electronic Data Collection System. 
• [FISMA] Complete annual FISMA Report Assessment. Annual FISMA report reflects IG’s assessment of C&A process and POA&M process as “satisfactory” or better.
• [EA] Conduct EA segment-based strategic planning workshops (Use).
• [EG Impl] Adheres to the agency-accepted and OMB-approved implementation plan for all of the appropriate E-Gov/Lines of Business/SmartBuy initiatives and has transitioned and/or shut down investments duplicating these initiatives in accordance with the OMB-approved implementation plan.

FY 2008 – Second Quarter

• [Ex 300s] Has acceptable FY 2009 business cases for all major systems investments and no business cases on the “management watch list”.
• [EVM] Submit IT Investment Review Board (ITIRB) meeting monthly minutes demonstrating management of investment EVM variances outside tolerable limits. 
• [EVM] Commence quarterly updates on how changes in EVM and ITIRB policy are facilitating increased use of IT system development performance data by high level policy officials and program managers in decision-making. 
• [EVM] Use EVMT for variance reporting and management of enterprise-level major IT investments. 
• [EA-Retains Green] Release additional EA segment architectures (Completion). 
• [FISMA]Adheres to the agency-accepted and OMB-approved implementation plan for all of the appropriate E-Gov/Lines of Business/SmartBuy initiatives and has transitioned and/or shut down investments duplicating these initiatives in accordance with the OMB-approved implementation plan.

FY 2008 – Third Quarter

• [Ex 300s] Has no business cases for major IT investments on the OMB Management Watch List.  
• [EVM] Submit IT Investment Review Board (ITIRB) meeting monthly minutes demonstrating management of investment EVM variances outside tolerable limits. 
• [EVM-Green] Achieve EVM Green standard by demonstrating appropriate planning, execution, and management of major IT investments, using EVM or operational analysis, and having portfolio performance within 10% of cost, schedule, and performance goals. 
• [EA] Implement BI tool integrating EA and CPIC information (Use). 
• Complete network backbone transition to IPv6 (Results). 
• [EG Impl] Adheres to the agency-accepted and OMB-approved implementation plan for all of the appropriate E-Gov/Lines of Business/SmartBuy initiatives and has transitioned and/or shut down investments duplicating these initiatives in accordance with the OMB-approved implementation plan. 

FY 2008 – Fourth Quarter

• [EVM] Use the EVMT for variance reporting and management of enterprise-level major IT investments. 
• [EG Impl] Adheres to the agency-accepted and OMB-approved implementation plan for all of the appropriate E-Gov/Lines of Business/SmartBuy initiatives and has transitioned and/or shut down investments duplicating these initiatives in accordance with the OMB-approved implementation plan.

FY 2009 – First Quarter

• [FISMA-Maintaining Green] Has IT systems installed and maintained in accordance with security configuration policy. 
• [EG Impl] Adheres to the agency-accepted and OMB-approved implementation plan for all of the appropriate E-Gov/Lines of Business/SmartBuy initiatives and has transitioned and/or shut down investments duplicating these initiatives in accordance with the OMB-approved implementation plan.

On-going

• [EVM] Demonstrate appropriate planning, execution, and management of major IT investments, using EVM or operational analysis and has portfolio performance within 10% of cost, schedule, and performance goals. 
• [EVM] From FY08-Q3 on, provide subsequent quarterly updates on use of IT system development performance data (EVM data) in policy-level and program management decision-making. 
• [EG Impl] Adheres to the agency-accepted and OMB-approved implementation plan for all of the appropriate E-Gov/Lines of Business/SmartBuy initiatives and has transitioned and/or shut down investments duplicating these initiatives in accordance with the OMB-approved implementation plan. 
• [FISMA] Has ALL IT systems certified and accredited. 
• [Priv] For 90% of applicable systems, demonstrates, conducts, and publicly posts a Privacy Impact Assessment.  
• [Priv] For 90% of systems with personally identifiable information, develop and publish a system of records.

Overall Status Score: Green (Enter overall status score – green, yellow or red – that agency anticipates achieving by July 1, 2009.)

Explanation:  (Provide brief rationale for why these goals are reasonably aggressive. The explanation could summarize significant actions/achievements planned for July 1, 2008 – June 30, 2009.)

HHS is aggressively targeting FY09 Q1 as the timeframe in which all IT systems are installed, maintained, and verified in accordance with the security configuration policy. HHS is in the process of selecting an automated tool to monitor the effective implementation of security configurations across all platforms. The required configuration standards and the selected tool must be installed on every HHS desktop or machine on the HHS network, which is a geographically dispersed heterogeneous collection. The configuration standard implementation and compliance strategy outlined is reflective of the HHS goal to further centralize and coordinate the management of its Information Security Program. HHS will continue to seek further compression of this schedule as the implementation proceeds. 

KEY RESULTS - We Would Be Proud to Achieve 

List key results that the agency would plan to achieve by July 1, 2009. If goals are for a different time period, please specify time frame.

• Green on Status in Q1 FY09, by achieving the goal for installation and maintenance of IT systems in accordance with security configuration requirements.  HHS would be proud to  maintain that status through FY09. 
• Demonstration of appropriate planning, execution, and management of major IT investments, using EVM or operational analysis and has portfolio performance within 10% of cost, schedule, and performance goals. 
• Adheres to the agency-accepted and OMB-approved implementation plan for all of the appropriate E-Gov/Lines of Business/SmartBuy initiatives and has transitioned and/or shut down investments duplicating these initiatives in accordance with the OMB-approved implementation plan. 
• Certified and accredited ALL IT systems. 
• For 90% of applicable systems, has demonstrated, conducted and publicly posted a Privacy Impact Assessment.  
• For 90% of systems with personally identifiable information, developed and published a system of records. 
• HHS implements appropriate E-Gov solutions in lieu of new, redundant systems.

As always, further revisions to the Proud to Be may be necessary as circumstances change and HHS continues to progress with its initiatives, including revisions to incorporate future milestones from final scorecards.