This FITARA presentation was made to USDA ISSC Meeting on 2017-10-03 to IT Security Experts. There were about 20 people in the room and over 100 on the phone.
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Impacts of FITARA on IT Security & IT Spending
1. Impacts of FITARA
on IT Security
& IT Spending
VARETTA HUGGINS, PMP, ITIL, CSM, PgMP
Tuesday, October 3rd, 2017
1
2. AGENDA
System of Systems Story
FITARA Definition & Purpose
Role of Chief Information Security Officer
FITARA Objectives Impacting Security
FITARA Objectives Impacting Security
FITARA Scorecards
GEOSS vs FITARA
Questions
2
3. System of Systems Story
GEOSS FOCUSED
ON:
1. Single Internet
Access Point
2. Standardization
3. Consolidation
All assisted
in reducing
duplication
& improving
cost savings!
3
4. What is FITARA?
Federal Information Technology Acquisition Reform Act
• FITARA has been Federal Law for Acquiring and Managing IT Resources within Federal Agencies since
December 19, 2014.
• It strengthens the authority of Agency CIOs by specifying that Agencies may not submit an IT budget,
enter into IT acquisitions, or hire bureau CIOs without the approval of the Agency CIO.
• It enables Congress to monitor Agencies’ progress and hold them accountable for reducing duplication
and achieving cost savings.
Government Accountability Office High Risk List
• Improving the Acquisition and Management of Federal IT Resources (FITARA) was added to the GAO’s
High Risk List in February 2015.
• In 2016, GAO added about 200 new recommendations to an existing list of 800 on ways to improve IT
Acquisition & Management.
4
5. Role of CISO
Chief Information Security Officer
• Identify, Protect, Detect, Respond, and Recover Threats to
Federal IT
• Provide and implement risk-based approaches to improving
Cybersecurity Policies
• Manage and provide oversight of ITSC Investment
• Align FISMA metrics with Agency-reported Cybersecurity
spending
5
6. FITARA Objectives: CIO is Approver
➢Enable the CIO's role, with respect to the development, integration, delivery, and
operations of any type of IT, IT service, or information product to enable integration with
the capabilities they support wherever IT may affect functions, missions, or operations.
➢Strengthen the agency CIO's accountability for the agency's IT cost, schedule,
performance, and security.
Agency CIO is Approver for the whole IT Life Cycle – Acquisition,
Development, Modernization, Enhancements, Operations,
Maintenance, and Disposition.
IT SECURITY IMPACT: Agency CIO is part of the process to approve Security IT Acquisitions so
show how implementing innovative Cybersecurity solutions align to Agency strategic objectives and
FITARA objectives too.
6
7. FITARA Objectives: Standardization
◦ Establish a "Common Baseline" for roles, responsibilities, and authorities of
the agency CIO and the roles and responsibilities of other applicable Senior Agency
Officials in managing IT as a strategic resource.
◦ Establish consistent governmentwide interpretation of FITARA terms and
requirements.
◦ Assist agencies in establishing an inclusive governance process that will enable
effective planning, programming, budgeting, and execution for IT resources.
◦ Assist agencies in establishing management practices that align IT resources with
agency missions, goals, programmatic priorities, and statutory requirements.
IT SECURITY & SPENDING IMPACT: The CISO now has to manage a Standard IT Security &
Compliance Investment showing the IT Budgetary Resources, Personnel, Facility, Equipment, and
Services Costs. The September 2017 ITSC submission mandated the addition of IT Tower Costs.
Practice Standard for Earned Value Management, 2nd Edition (pg. 5) | OMB Circular A-11, The Capital Programming Guide V3.0 (pgs. 16 & 18)
IT Resources refer to – IT Budgetary Resources, Personnel, Facility, Equipment, and Services.
7
8. ITSC IT Cost Pools & Towers
Working to standardize Part 3:
Investments for IT Infrastructure, IT
Security and IT Management consistent
with TBM IT Towers (IT view) and
gradually providing more granularity in all
IT Investment costs through IT Cost Pools
(financial view) and IT Towers, begins to
align the categorization of costs with
policies around CIO Authorities,
commodity IT management, category
management, data center optimization,
among others.
8
9. FITARA Objectives: Consolidation
◦ Provide transparency on IT resources across entire agencies and programs.
◦ Provide appropriate visibility and involvement of the agency CIO in the management
and oversight of IT resources across the agency to support the successful
implementation of cybersecurity policies to prevent interruption or exploitation of
program services.
Consolidation and Transparency of IT ensures
that Agency CIOs are involved in
management and oversight of IT resources at
all stages of IT and can make informed
decisions to replace outdated systems with
modernized systems or cloud solutions.
IT SECURITY & SPENDING IMPACT: Implementing Cybersecurity policies will require more Security
IT and human resources. Justify the need for more Security resources using FITARA objective.
“Federal agencies reported in 2016 that they
spend 3% of their total IT expenditures on cloud
services. That is significantly less than private
sector peers, for which benchmarking shows 12%”,
(Rick Holgate, Research Director, Gartner Inc.).
TESTIMONY BEFORE THE HOUSE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM, SUBCOMMITTEES ON GOVERNMENT OPERATIONS AND INFORMATION TECHNOLOGY ON FITARA 4.0 9
10. FITARA Impacts on IT Security
Manage IT Security and Compliance Standard Investment
Increase in IT Security Workload
ITSC Investment Manager Training Requirements (FAC-PPM Level 3)
Higher Visibility for Cybersecurity Initiatives
10
12. GEOSS vs FITARA
• Agency CIO is Approver of IT Budget
• Agency CIO is Approver of IT Life Cycle
• Agency CIO is Approver of IT Security
Single Internet
Access Point
• IT Resources
Consolidation
• FITARA Roles, Responsibilities, Authorities, Terms, & Requirements
• IT Terminology & Processes
• ITSC Investment
• Governance Processes & Management Practices
Standardization
12
13. Any Questions?
CONTACT INFO:
• Varetta Huggins, PgMP, PMP, ITIL, CSM
• Email: Varetta.Huggins@v-pmc.com
• Phone: 240-499-2827
• V-Project Management Consulting LLC is an 8(a) and WOSB SBA certified firm located in
Germantown Maryland.
• Services include:
• Project, Program, and Portfolio Management Support
• Earned Value Management including Business Intelligence Reporting
• Capital Planning and Investment Control (CPIC) Support
• Enterprise Risk Management Support
• Change Management Support
• MS Project Server and SharePoint Administration Support
• Federal Regulations Compliance Support (FITARA, FISMA, MEGABYTE, MGT, PMIAA)
13