Skip Navigation

 

Frequent Questions

Font Size Reduce Text SizeEnlarge Text Size     Print Send this page to printer     Download Reader  Download PDF readerHHS Home|HHS News|About HHS

OCIO Home > E-Government & President's Management Agenda > Proud-to-Be, Management Plan Agreement

OCIO Home

About the OCIO

Policy

Enterprise Architecture

Enterprise Performance Life Cycle

Capital Planning & Budget

IT Contracting & Purchasing

Enterprise Solutions

IT Security & Privacy

E-Government & President's Management Agenda

E-Gov Annual Report

E-Gov Score

Proud-to-Be, Management Plan Agreement

E-Gov Initiatives

Plans & Reports

OCIO Site Map

Proud-to-Be / Management Plan Agreement FY 2007

Department of Health & Human Services
President’s Management Agenda Goals for July 1, 2007

 

July  21, 2006

GOVERNMENT-WIDE INITIATIVES

Goals for July 1, 2007

Owner:     Charlie Johnson

Overall Status Score:  Green

 

GREEN Standards for Success

Agency -- HHS:

   Has an Enterprise Architecture with a score of 4 in the “Completion” section and 3 in both the “Use” and “Results” sections (FY07Q2);

   Has acceptable business cases for all major systems investments and no business cases on the “management watch list” (FY06 Q3, reevaluate FY07Q1);

   Has demonstrated appropriate planning, execution, and management of major IT investments, using EVM or operational analysis, and has portfolio performance within 10% of cost, schedule, and performance goals (FY07Q1);

   Inspector General or Agency Head verifies the effectiveness of the Department-wide IT security remediation process and rates the Department-wide certification and accreditation process as “Satisfactory” or better (FY06 Q1, reevaluate FY07Q1);

   Has 90% of all IT systems properly secured (certified and accredited) (FY04-Q3 and continuing);

   Adheres to the agency-accepted and OMB-approved implementation plan for all of the appropriate E-Gov/Lines of Business/SmartBuy initiatives rather than creating redundant or unique IT projects and has transitioned and/or shut down investments duplicating these initiatives in accordance with the OMB-approved implementation plan (Ongoing).

 

Standard for Success to MAINTAIN GREEN

Agency -- HHS:

   Has ALL IT systems certified and accredited (FY06Q3 and continuing);

   Has IT systems installed and maintained in accordance with security configurations (FY07Q1 and continuing);

   Has demonstrated for 90% of applicable systems a Privacy Impact Assessment has been conducted and publicly posted (FY06-Q3 and continuing); and

   Has demonstrated for 90% of systems with personally identifiable information a system of records has been developed and published (FY06-Q3 and continuing).

 

YELLOW Standards for Success

Agency -- HHS:

   Has an Enterprise Architecture with a score of 4 in the “Completion” section and 3 in either the “Use” or “Results” sections (FY06-Q2);

   Has acceptable business cases for more than 50% of its major IT investments (FY05-Q1);

   Submits security reports to OMB that document consistent security improvement and either (FY04-Q2 and continuing):

 -- 80% of all IT systems are properly secured; OR

 -- Inspector General of Agency Head verifies the effectiveness of the Department-wide IT Security Plan of Action and Milestone Remediation Process;

   Has demonstrated appropriate planning, execution, and management of major IT investments, using EVM or operational analysis, and has IT portfolio performance operating within 30% of cost, schedule, and performance goals (FY06-Q1); and

   Has an up-to-date agency-accepted and OMB-approved implementation plan for all of the appropriate E-Gov/Lines of Business/SmartBuy initiatives rather than creating redundant or agency unique IT projects (FY05-Q4, and Ongoing).

 

KEY MILESTONES for the Department of Health and Human Services

Note:      Parenthesized numbers refer to MPA Outcome Report in which HHS’ status will be reported: Outcome 1 – Strategic Planning; Outcome 2 – Enterprise Architecture; Outcome 3 – CPIC; Outcome 4 – Security and Privacy; Outcome 5 – eGov Initiatives.  Outcome reports to be provided by primary dates given by quarter below.

 

FY 2006 – Fourth Quarter [Sept. 6, 2006 unless otherwise specified, but FISMA report Sept. 1]

  • (na) Submit business cases for all major systems investments which are 100% acceptable (no business cases on the “management watch list” as of FY07-Q1);
  • (2) Publish to the HHS EA website an updated release of the HHS Enterprise Architecture.
  • (3) Revise the HHS ITIRB charter to increase business representation
  • (3) Implement an EVM Tool for all major IT investments
  • (4) Provide quarterly report of progress toward achieving FISMA security goals and objectives to ensure:

--  All systems reflected in system inventory remain fully certified and accredited

--  IT systems are installed and maintained in accordance with security configurations;

--  At minimum 90% of applicable systems have requisite Privacy Impact Assessment conducted and posted;

--  At minimum 90% of systems with personally identifiable information have requisite systems of records developed and published; and

--  All systems retain a tested IT contingency plan

--  At minimum, 98% of all employees and contractors received general security awareness training

--  At minimum, 90% of employees and contractors identified with significant security responsibilities received appropriate role-based training

  • (5) Resolve remaining issues on E-Gov Implementation Plan milestones and related issues.  Report status of migration to PMA e-gov solutions (milestones met and upcoming). 

FY 2007 – First Quarter Quarter [Dec. 1, 2006 unless otherwise specified, including FISMA report]

  • (1) Evaluate and update, as necessary, the HHS Enterprise IT Strategic Plan, which supports the HHS Strategic Plan mission and goals, in accordance with the HHS Strategic Plan (December 1, 2006)
  • (1) Review and update, as necessary, the Information Resources Management (IRM) Tactical and Performance Plan that will align with strategic plan and performance goals (December 1, 2006)
  • (2) Publish to the HHS EA website an updated release of the HHS Enterprise Architecture.
  • (3) Finalize revised CPIC/EVM processes to capitalize on the new EVM Tool
  • (3) Demonstrate use of EVM variance data in IT management decision processes, including capital planning and budgeting.
  • (3) Resolve any remediation issues for acceptability of FY 2008 business cases.
  • (4) Provide HHS Annual FISMA Report and quarterly FISMA progress report, demonstrating all IT systems are secure, and installed in accordance with security configurations.  In particular:

--     All systems reflected in system inventory remain fully certified and accredited;

--    IT systems are installed and maintained in accordance with security configurations;

--    At minimum 90% of applicable systems have requisite Privacy Impact Assessment conducted and posted;

--    At minimum 90% of systems with personally identifiable information have requisite systems of records developed and published; and

--    All systems retain a tested IT contingency plan

  • (4) Demonstrate 98% of all employees and contractors have received general security awareness training (FY07Q1 and continuing);
  • (4) Demonstrate 90% of all employees and contractors identified with significant security responsibilities have received appropriate role-based training (FY07Q1 and continuing);
  • (5) Pending appropriations, approve required MOUs/MOAs with all e-gov initiatives in which HHS is a partner
  • (5) Report status of migration to PMA e-gov solutions (milestones met and upcoming)
  • (5) Provide HHS Annual E-Gov Report [OMB Due Date]

FY 2007 – Second Quarter Quarter [Mar. 15, 2007 unless otherwise specified, but FISMA report Mar. 1]

  • (2) Publish to the HHS EA website an updated release of the HHS Enterprise Architecture.
  • (2) Has an Enterprise Architecture with a score of 4 in the “Completion” section and 3 in both the “Use” and “Results” sections
  • (3) Eliminate reliance on omnibus annual reviews for quality in the FY09 budget cycle due to an increase in the rigor of quarterly reviews.
  • (3) 100% of changes to major and tactical IT investment baselines are under IT governance control.
  • (4)  Provide quarterly report to demonstrate continued achievement of the following objectives:

--    All systems reflected in system inventory remain fully certified and accredited;

--    IT systems are installed and maintained in accordance with security configurations;

--    At minimum 90% of applicable systems have requisite Privacy Impact Assessment conducted and posted;

--    At minimum 90% of systems with personally identifiable information have requisite systems of records developed and published; and

--    All systems retain a tested IT contingency plan

--    At minimum, 98% of all employees and contractors received general security awareness training

--    At minimum, 90% of employees and contractors identified with significant security responsibilities received appropriate role-based training

  • (5) Report status of migration to PMA e-gov solutions (milestones met and upcoming)

FY 2007 – Third Quarter [June 1, 2007 unless otherwise specified, including FISMA report]

  • (2) Publish to the HHS EA website an updated release of the HHS Enterprise Architecture.
  • (3) Establish improved HHS ITIRB oversight over OPDIV CPIC processes and HHS ITIRB review of key OPDIV investments.
  • (3) Formalize the CPIC/Budget formulation integration process.
  • (3) Integrate the EVM and Portfolio Management Tools.
  • (4)  Provide quarterly report to demonstrate continued achievement of the following objectives:

--    All systems reflected in system inventory remain fully certified and accredited;

--    IT systems are installed and maintained in accordance with security configurations;

--    At minimum 90% of applicable systems have requisite Privacy Impact Assessment conducted and posted;

--    At minimum 90% of systems with personally identifiable information have requisite systems of records developed and published; and

--    All systems retain a tested IT contingency plan

--    At minimum, 98% of all employees and contractors received general security awareness training

--   At minimum, 90% of employees and contractors identified with significant security responsibilities received appropriate role-based training

  •  (5) Report status of migration to PMA e-gov solutions (milestones met and upcoming)

FY 2007 – Fourth Quarter [Sept. 5, 2007 unless otherwise specified, but FISMA report Sept. 1]

  • (2) Publish to the HHS EA website an updated release of the HHS Enterprise Architecture.
  • (4)  Provide quarterly report to demonstrate continued achievement of the following objectives:

--    All systems reflected in system inventory remain fully certified and accredited;

--    IT systems are installed and maintained in accordance with security configurations;

--    At minimum 90% of applicable systems have requisite Privacy Impact Assessment conducted and posted;

--    At minimum 90% of systems with personally identifiable information have requisite systems of records developed and published; and

--    All systems retain a tested IT contingency plan

--    At minimum, 98% of all employees and contractors received general security awareness training

--   At minimum, 90% of employees and contractors identified with significant security responsibilities received appropriate role-based training

  •  (5) Report status of migration to PMA e-gov solutions (milestones met and upcoming)

HHS Proud-to-Be/Management Plan Agreement: As always, further revisions to the Proud to Be may be necessary as circumstances change and HHS continues to progress with its initiatives, including revisions to incorporate future milestones from final scorecards.


horizontal line

HHS Home | Questions? | Contacting HHS | Accessibility | Privacy Policy | FOIA | Disclaimers | Inspector General | No FEAR Act
The White House | USA.gov | HHS Archive | Flu.gov

U.S. Department of Health & Human Services · 200 Independence Avenue, S.W. · Washington, D.C. 20201