Skip Navigation
  • Text Size: A A A
  • Print
  • Email
  • Facebook
  • Tweet
  • Share
  • Print
  • Email
  • Facebook
  • Tweet
  • Share

Proud-to-Be / Management Plan Agreement FY 2007

Department of Health & Human Services
President’s Management Agenda Goals for July 1, 2007

 

July  21, 2006

GOVERNMENT-WIDE INITIATIVES

Goals for July 1, 2007

Owner:     Charlie Johnson

Overall Status Score:  Green

 

GREEN Standards for Success

Agency -- HHS:

   Has an Enterprise Architecture with a score of 4 in the “Completion” section and 3 in both the “Use” and “Results” sections (FY07Q2);

   Has acceptable business cases for all major systems investments and no business cases on the “management watch list” (FY06 Q3, reevaluate FY07Q1);

   Has demonstrated appropriate planning, execution, and management of major IT investments, using EVM or operational analysis, and has portfolio performance within 10% of cost, schedule, and performance goals (FY07Q1);

   Inspector General or Agency Head verifies the effectiveness of the Department-wide IT security remediation process and rates the Department-wide certification and accreditation process as “Satisfactory” or better (FY06 Q1, reevaluate FY07Q1);

   Has 90% of all IT systems properly secured (certified and accredited) (FY04-Q3 and continuing);

   Adheres to the agency-accepted and OMB-approved implementation plan for all of the appropriate E-Gov/Lines of Business/SmartBuy initiatives rather than creating redundant or unique IT projects and has transitioned and/or shut down investments duplicating these initiatives in accordance with the OMB-approved implementation plan (Ongoing).

 

Standard for Success to MAINTAIN GREEN

Agency -- HHS:

   Has ALL IT systems certified and accredited (FY06Q3 and continuing);

   Has IT systems installed and maintained in accordance with security configurations (FY07Q1 and continuing);

   Has demonstrated for 90% of applicable systems a Privacy Impact Assessment has been conducted and publicly posted (FY06-Q3 and continuing); and

   Has demonstrated for 90% of systems with personally identifiable information a system of records has been developed and published (FY06-Q3 and continuing).

 

YELLOW Standards for Success

Agency -- HHS:

   Has an Enterprise Architecture with a score of 4 in the “Completion” section and 3 in either the “Use” or “Results” sections (FY06-Q2);

   Has acceptable business cases for more than 50% of its major IT investments (FY05-Q1);

   Submits security reports to OMB that document consistent security improvement and either (FY04-Q2 and continuing):

 -- 80% of all IT systems are properly secured; OR

 -- Inspector General of Agency Head verifies the effectiveness of the Department-wide IT Security Plan of Action and Milestone Remediation Process;

   Has demonstrated appropriate planning, execution, and management of major IT investments, using EVM or operational analysis, and has IT portfolio performance operating within 30% of cost, schedule, and performance goals (FY06-Q1); and

   Has an up-to-date agency-accepted and OMB-approved implementation plan for all of the appropriate E-Gov/Lines of Business/SmartBuy initiatives rather than creating redundant or agency unique IT projects (FY05-Q4, and Ongoing).

 

KEY MILESTONES for the Department of Health and Human Services

Note:      Parenthesized numbers refer to MPA Outcome Report in which HHS’ status will be reported: Outcome 1 – Strategic Planning; Outcome 2 – Enterprise Architecture; Outcome 3 – CPIC; Outcome 4 – Security and Privacy; Outcome 5 – eGov Initiatives.  Outcome reports to be provided by primary dates given by quarter below.

 

FY 2006 – Fourth Quarter[Sept. 6, 2006 unless otherwise specified, but FISMA report Sept. 1]

  • (na) Submit business cases for all major systems investments which are 100% acceptable (no business cases on the “management watch list” as of FY07-Q1);
  • (2) Publish to the HHS EA website an updated release of the HHS Enterprise Architecture.
  • (3) Revise the HHS ITIRB charter to increase business representation
  • (3) Implement an EVM Tool for all major IT investments
  • (4) Provide quarterly report of progress toward achieving FISMA security goals and objectives to ensure:

--  All systems reflected in system inventory remain fully certified and accredited

--  IT systems are installed and maintained in accordance with security configurations;

--  At minimum 90% of applicable systems have requisite Privacy Impact Assessment conducted and posted;

--  At minimum 90% of systems with personally identifiable information have requisite systems of records developed and published; and

--  All systems retain a tested IT contingency plan

--  At minimum, 98% of all employees and contractors received general security awareness training

--  At minimum, 90% of employees and contractors identified with significant security responsibilities received appropriate role-based training

  • (5) Resolve remaining issues on E-Gov Implementation Plan milestones and related issues.  Report status of migration to PMA e-gov solutions (milestones met and upcoming). 

FY 2007 – First Quarter Quarter[Dec. 1, 2006 unless otherwise specified, including FISMA report]

  • (1) Evaluate and update, as necessary, the HHS Enterprise IT Strategic Plan, which supports the HHS Strategic Plan mission and goals, in accordance with the HHS Strategic Plan (December 1, 2006)
  • (1) Review and update, as necessary, the Information Resources Management (IRM) Tactical and Performance Plan that will align with strategic plan and performance goals (December 1, 2006)
  • (2) Publish to the HHS EA website an updated release of the HHS Enterprise Architecture.
  • (3) Finalize revised CPIC/EVM processes to capitalize on the new EVM Tool
  • (3) Demonstrate use of EVM variance data in IT management decision processes, including capital planning and budgeting.
  • (3) Resolve any remediation issues for acceptability of FY 2008 business cases.
  • (4) Provide HHS Annual FISMA Report and quarterly FISMA progress report, demonstrating all IT systems are secure, and installed in accordance with security configurations.  In particular:

--     All systems reflected in system inventory remain fully certified and accredited;

--    IT systems are installed and maintained in accordance with security configurations;

--    At minimum 90% of applicable systems have requisite Privacy Impact Assessment conducted and posted;

--    At minimum 90% of systems with personally identifiable information have requisite systems of records developed and published; and

--    All systems retain a tested IT contingency plan

  • (4) Demonstrate 98% of all employees and contractors have received general security awareness training (FY07Q1 and continuing);
  • (4) Demonstrate 90% of all employees and contractors identified with significant security responsibilities have received appropriate role-based training (FY07Q1 and continuing);
  • (5) Pending appropriations, approve required MOUs/MOAs with all e-gov initiatives in which HHS is a partner
  • (5) Report status of migration to PMA e-gov solutions (milestones met and upcoming)
  • (5) Provide HHS Annual E-Gov Report [OMB Due Date]

FY 2007 – Second Quarter Quarter[Mar. 15, 2007 unless otherwise specified, but FISMA report Mar. 1]

  • (2) Publish to the HHS EA website an updated release of the HHS Enterprise Architecture.
  • (2) Has an Enterprise Architecture with a score of 4 in the “Completion” section and 3 in both the “Use” and “Results” sections
  • (3) Eliminate reliance on omnibus annual reviews for quality in the FY09 budget cycle due to an increase in the rigor of quarterly reviews.
  • (3) 100% of changes to major and tactical IT investment baselines are under IT governance control.
  • (4)  Provide quarterly report to demonstrate continued achievement of the following objectives:

--    All systems reflected in system inventory remain fully certified and accredited;

--    IT systems are installed and maintained in accordance with security configurations;

--    At minimum 90% of applicable systems have requisite Privacy Impact Assessment conducted and posted;

--    At minimum 90% of systems with personally identifiable information have requisite systems of records developed and published; and

--    All systems retain a tested IT contingency plan

--    At minimum, 98% of all employees and contractors received general security awareness training

--    At minimum, 90% of employees and contractors identified with significant security responsibilities received appropriate role-based training

  • (5) Report status of migration to PMA e-gov solutions (milestones met and upcoming)

FY 2007 – Third Quarter[June 1, 2007 unless otherwise specified, including FISMA report]

  • (2) Publish to the HHS EA website an updated release of the HHS Enterprise Architecture.
  • (3) Establish improved HHS ITIRB oversight over OPDIV CPIC processes and HHS ITIRB review of key OPDIV investments.
  • (3) Formalize the CPIC/Budget formulation integration process.
  • (3) Integrate the EVM and Portfolio Management Tools.
  • (4)  Provide quarterly report to demonstrate continued achievement of the following objectives:

--    All systems reflected in system inventory remain fully certified and accredited;

--    IT systems are installed and maintained in accordance with security configurations;

--    At minimum 90% of applicable systems have requisite Privacy Impact Assessment conducted and posted;

--    At minimum 90% of systems with personally identifiable information have requisite systems of records developed and published; and

--    All systems retain a tested IT contingency plan

--    At minimum, 98% of all employees and contractors received general security awareness training

--   At minimum, 90% of employees and contractors identified with significant security responsibilities received appropriate role-based training

  •  (5) Report status of migration to PMA e-gov solutions (milestones met and upcoming)

FY 2007 – Fourth Quarter[Sept. 5, 2007 unless otherwise specified, but FISMA report Sept. 1]

  • (2) Publish to the HHS EA website an updated release of the HHS Enterprise Architecture.
  • (4)  Provide quarterly report to demonstrate continued achievement of the following objectives:

--    All systems reflected in system inventory remain fully certified and accredited;

--    IT systems are installed and maintained in accordance with security configurations;

--    At minimum 90% of applicable systems have requisite Privacy Impact Assessment conducted and posted;

--    At minimum 90% of systems with personally identifiable information have requisite systems of records developed and published; and

--    All systems retain a tested IT contingency plan

--    At minimum, 98% of all employees and contractors received general security awareness training

--   At minimum, 90% of employees and contractors identified with significant security responsibilities received appropriate role-based training

  •  (5) Report status of migration to PMA e-gov solutions (milestones met and upcoming)

HHS Proud-to-Be/Management Plan Agreement: As always, further revisions to the Proud to Be may be necessary as circumstances change and HHS continues to progress with its initiatives, including revisions to incorporate future milestones from final scorecards.