Advanced PlanningBrief to Industry
Jerry L. Davis
DAS, Office of Information SecurityJune 9, 2011
2
Agenda
Discussion Points:
–Who we are
–Our Goals in Support of Our Mission
–Our Critical Services
–IT Funding Allocation Trends
–FY12 Top Procurement Actions
Who We Are
3
OIS safeguards the services and benefits of morethan
–25 million Veterans
–45 million beneficiaries
–260,000 VA employees
–1,000,000 IP enabled devices
OIS Mission:
“Serve our Veterans, their beneficiaries, employees, and all VAstakeholders by ensuring the confidentiality, integrity, andavailability of VA sensitive information and informationsystems”
Five Goals Support the OIS Mission
4
1)Protect the overall VA information security and privacy posture to ensureconfidentiality, integrity, and availability of information
2)Integrate risk and performance management into information securityand privacy governance processes
3)Ensure alignment of VA security and privacy policy and standards withFederal guidelines and best practices
4)Balance VA business needs with security and privacy requirements toreduce risk and maximize productivity
5)Promote an environment where all employees’ and contractors’ actionsreflect the importance of information security
Six Critical Services Enable OIS toExecute Our Mission
5
Office ofInformationSecurity
Field SecurityOperations
CyberSecurity
Privacy &RecordsManagement
RiskManagement& IncidentResponse
BusinessContinuity
Network &SecurityOperationsCenter
Six Critical Services Enable OIS toExecute Our Mission
6
Field Security Operations: Ensures compliance and implementation of security solutions inaccordance with Federal requirements; ensures privacy, confidentiality, integrity, and availability ofVA information assets associated with VA services, as well as assures that cost effective securitycontrols are in place to protect automated systems from financial fraud, waste, and abuse
Cyber Security: Assures VA information security systems, practices, policies, procedures, andstandards are in compliance with regulatory requirements and legislated mandates governinginformation systems security
Privacy & Records Management: Integrates privacy considerations, responds to requests forinformation, manages official records, and ensures the confidentiality, integrity, and availability ofVA sensitive information and information systems
Risk Management & Incident Response: Maintains the OIS Risk Management Program andmanages VA response to data breaches or loss of sensitive personal information
Business Continuity: Develops and implements policies, plans, and procedures to mitigate theimpact of disruptive events on VA mission-critical IT services and support a return to fullfunctionality as swiftly and smoothly as possible
Network & Security Operations Center: Monitors, responds to, and reports threats andvulnerabilities on a 24x7 basis
FY10 – FY12 IT Acquisition Trends
7
In millions
FY10
FY11
FY12
FSO
$4.319
$3.617
$3.494
RMIR
$6.743
$6.366
$9.111
Privacy
$2.930
$2.112
$3.551
COOP
$5.512
$6.006
$6.006
Cyber Security
$45.845
$33.323
$18.223
NSOC
$58.147
$85.167
$77.309
IT Funding Allocation
8
In millions
Services
Hardware
Software
Hybrid
FY10
$71.524
$9.097
$25.240
$17.635
FY11
$96.356
$1.443
$15.863
$22.928
FY12
$77.177
$14.218
$8.509
$17.835
9
Top Procurement Actions
TITLE
DESCRIPTION
EST. VALUE
ESTIMATED AWARDDATE
Identity Access
Management
Identity and Access Management is an initiative which will change the formof access to Physical and Logical access within the Federal government. It is aCyber Security Federal requirement that we convert access to the FederalIdentity, Credential & Access Management (FICAM) requirements. OIS is theBusiness Sponsor for IAM to coordinate across the Department the strategicvision for accomplishing FICAM requirements.
$3,000,000
9/30/2012
FISMA Program Services
and SMART Operations
This contract will yield development support for SMART to accommodateconstantly changing OMB and DHS requirements for FISMA reporting. Thiscontract is particularly essential this year, when the FISMA reporting ismoving from paper reporting to automated data feeds, which will requiresignificant modifications to SMART.
$1,280,074
9/28/2012
Risk Management/Risk
Monitoring and Review
This contract is used to address Risk issues to include Risk Assessment insupport of FSS and FISMA Compliance as mandated. These tasks requireoutside support to assist in filling resource shortages and expertise.
$2,084,295
8/15/2012
Software Assurance
This solution will assist in developing partnerships and standards betweenthe government, industry, and the private sector, imperative for cyberdefense. To shift the security paradigm from patch management tosoftware engineering to " build security in".
$5,000,000
9/30/2012
FY 12 Top Procurement Actions
10
Top Procurement Actions
TITLE
DESCRIPTION
EST. VALUE
ESTIMATEDAWARDDATE
Gateway Expansion 2011/2012
This solution will expand the existing four One-VA Trusted InternetConnection (TIC) Gateways in order to continue to support CIO mandatedvisibility to the desktop initiative while continuing to be able to supportother VA approved programs that reside on the perimeter of the One-VAwide area network in the One-VA TIC Gateways.
$5,000,000
9/1/2012
Gateway Application Firewall Services
This solution will protect VA information from application based attacks bydetecting and blocking malicious web requests, preventing data leakageand monitoring application activity.
$5,000,000
5/1/2012
Backup & Imaging
The Backup and Imaging solution will provide needed and requiredbackup, storage, and retention of all critical VA-NSOC data. The project willimplement a new backup system, procedure, and network storage systemthat will address all identified deficiencies listed in the Data Backup Auditreport and any legal requirements. The system will be owned andmaintained by the VA-NSOC.
$1,750,000
4/18/2012
Customer Support Center (CSC)
The VA NSOC has a requirement to provide tier I & II service center (helpdesk) support for a variety of technical areas including: PKI, HIPS, NIPS,security devices and security incidents. This support involves the initialuser support, monitoring, triage, analysis, troubleshooting and escalationof events and calls reported.
$3,700,000
8/13/2012
Audit Resolution
This solution is Required by the Federal Information Security ManagementAct (FISMA), independent evaluation of the cyber security program isdesigned to assess the adequacy and effectiveness of information securitypolicies, procedures, and practices. This request is for a managementsystem to systematically address deficiencies noted in such audits.
$3,500,000
7/30/2012
FY 12 Top Procurement Actions
11
FY 12 Top Procurement Actions
Top Procurement Actions
TITLE
DESCRIPTION
EST. VALUE
ESTIMATED AWARDDATE
Business Continuity
(CEMHSP) Support
Contract Support is required for the following :
1) Development, staffing and approval of the OI&T Multi-Year Strategy andProject Management Plan (MYSPMP) for CEMHSP2) Develop OI&T plans and procedures for the planning scenarios outlined inHomeland Security Presidential Directive (HSPD)-8, National Preparednessand in accordance with the Department of Homeland Security (DHS)Integrated Planning System (IPS)3) Meet all OI&T requirements under National Security PresidentialDirective (NSPD)-51/HSPD-20, National Continuity Policy and supportingfederal continuity regulation and guidance 4) Ensure the integration of IS Contingency and Disaster Recover (ISCP/DR)Plans into the CEMHSP
$2,863,307
9/1/2012
ESSS IT & PM Support
Contractor support is required to assist with meeting with vendors,conducting security evaluations, testing various IT security technologies, andproviding comprehensive security reports, security configuration guidelines,and professional recommendations to the Department of Veteran Affairs.
$1,252,000
8/21/2012