U.S.

Department of Education Federal Student Aid

Federal Student Aid Technology Standards and Products Guide
Version # 6.0

Final 09/06/2007

Technology Standards and Products Guide

Document Version Control

Document Version Control
Version 1.0 2.0 2.1 2.2 Date November 2, 2001 January 25, 2002 February 12, 2002 March 29, 2002 Description Provided general updates under TO 55. Reformatted document to align with the Department of Education Policy document and updated document to reflect new standards and products. Updated document with client feedback. Renamed document title. Included updates from 1/15/2002 to 3/15/2002 in Federal Student Aid standards, products, and policies. Added an Application Development section. Incorporated planned ITA upgrades, added an executive summary, added Mobile Devices to Network Services section, added External Connections to External Environment section, and updated several version numbers. Updated to include minor version number changes and other architectural changes. Reflects all updates through revision date. Updated to include minor version number changes and other architectural changes. Reflects all updates through revision date. Updated to include minor version number changes and other architectural changes. Reflects all updates through revision date. Updated to include minor version number changes and other architectural changes. Reflects all updates through revision date. Replaced Consistent Data with Data Strategy section. Reflects all updates through revision date. Introduced the Metadata management category, added products to be provided with ADvance and CSB contracts. Populated the Metadata management category. Revised and added the software for ADvance and CSB contracts. Removed the Data Strategy section and all references to it. Updated the EDM text as well as Data Modeling. Removed the minimum PC Specifications and all references to it. Added a new Appendix A – Reusable Common Services (RCS) and Portlets. Reflects all updates through revision date. Added “FileNet” as the Document Management Standard. Changed “WebSphere Application Server 6.0” to “WebSphere Process Server 6.0”. Updated DRM information, updated web sites, added in Common Operating Environment (COE) Diagrams, updated language. Document renamed to Technology Standards and Products Guide and reorganized to facilitate architecture understanding, re-categorized products and standards to align with FEA TRM. Removed version numbers from product listing to facilitate maintenance. Evergreen process will provide the current version of products in the environment.

2.3

June 30, 2002

3.0 3.1 4.0 4.1

September 27, 2002 April 1, 2003 August 1, 2003 August 2004

4.2 5.0

May 2005 December 2005

5.1 5.2 6.0

February 2006 June 2006 July 2007

Version 6.0 Final

ii

09/06/2007

Technology Standards and Products Guide

Table of Contents

Table of Contents
Executive Summary ...............................................................................................................v Section 1. Introduction...........................................................................................................1 1.1 Purpose................................................................................................................ 1 1.2 Scope................................................................................................................... 1 1.3 Intended Audience .............................................................................................. 2 1.4 Document Organization ...................................................................................... 2 1.5 References and Related Documents.................................................................... 3 Section 2. Information Technology Architecture ..................................................................5 2.1 Common Infrastructure....................................................................................... 5 2.1.1 Integrated Technical Architecture (ITA) .................................................... 5 2.1.2 Enterprise Application Integration (EAI) ................................................... 6 2.1.3 Virtual Data Center (VDC)......................................................................... 6 2.1.4 Network Communications .......................................................................... 9 2.2 Common Services ............................................................................................. 10 2.2.1 Identity and Access Management ............................................................. 10 2.2.2 Business Analytical Services .................................................................... 11 2.2.3 Collaboration / Communications .............................................................. 12 2.2.4 Customer Relationship Management (CRM) ........................................... 12 2.2.5 Search........................................................................................................ 13 2.3 Business Systems .............................................................................................. 13 2.3.1 Central Processing System (CPS)............................................................. 13 2.3.2 National Student Loan Data System (NSLDS)......................................... 14 2.3.3 Common Origination and Disbursement (COD) ...................................... 15 2.3.4 Financial Management System (FMS) ..................................................... 16 2.3.5 Postsecondary Education Participants System (PEPS)............................. 17 2.3.6 eCampus-Based Systems .......................................................................... 18 2.3.7 Federal Student Loan Servicing................................................................ 18 Section 3. Service Specifications.........................................................................................20 3.1 Service Access and Delivery Channels............................................................. 21 3.2 Component Framework .................................................................................... 26 3.3 Service Interface and Integration Standards ..................................................... 30 3.4 Service Platforms and Infrastructure ................................................................ 33 Appendix A. Acronyms...............................................................................................A-1 Appendix B. Glossary .................................................................................................B-1 Appendix C. Bibliography ..........................................................................................C-1

Version 6.0 Final

iii

09/06/2007

Technology Standards and Products Guide

Table of Contents

List of Figures
Figure 3-1 High-Level Federal Student Aid Technology Stack ....................................... 20

List of Tables
Table 1-1 Intended Audience and Document Usage .......................................................... 2 Table 3-1 Federal Student Aid Product Classification ..................................................... 21 Table 3-2 Service Access and Delivery Channels ............................................................ 22 Table 3-3 Component Framework .................................................................................... 26 Table 3-4 Service Interface and Integration Standards..................................................... 30 Table 3-5 Service Platforms and Infrastructure ................................................................ 33 Table A-1 Acronym Listing............................................................................................ A-1 Table B-1 Glossary ......................................................................................................... B-1

Version 6.0 Final

iv

09/06/2007

Technology Standards and Products Guide

Executive Summary

Executive Summary
The Federal Student Aid Technology Standards and Products Guide (The Guide) provides an organized, systematic way of classifying Federal Student Aid’s information technology infrastructure and provides a basis for understanding the basic principles, assumptions, and rules governing the development of Federal Student Aid information technology policies. The Guide addresses the fundamental components comprising the architecture and focuses on services that maintain a reliable and secure environment. The standards established in this Guide detail, by enterprise area, how the currently approved architecture helps Federal Student Aid achieve an optimum degree of order and consistency in the environment. The Guide also explains how Federal Student Aid’s enterprise is organized from a technical perspective, distinguishing “infrastructure” from “applications,” and provides a high level framework against which enterprise solutions are delivered. Each technology is categorized by established guidelines according to the Federal Enterprise Architecture (FEA) Technical Reference Model (TRM) standards. The Guide further augments FEA TRM classifications with a Federal Student Aid Classification scheme to help architects identify preferred products and standards. The scheme identifies the governing body and status of a technology or standard in the architecture as follows:

Government Standard - Standards mandated and maintained by the Federal Government. ED Standard - General use specification maintained at the Department level or accepted de-facto within a given segment (i.e., Network standards). Federal Student Aid Standard - The technologies and products that have been approved for enterprise business use and are supported in the environment. These standards include Federal Student Aid Target Standards that facilitate the alignment of all new applications to the Target State Vision. Federal Student Aid Contained - Technologies/Products approved in the architecture for specific business needs (not to be expanded by investment beyond the need). These can be further defined as Legacy products that were in use prior to the establishment of the component-based architecture and Administrative/Internal Use Only, which are suitable for internal development and administrative use only.

Adoption of enterprise-wide standards promotes interoperability, scalability, and enables acquisition and development of systems and applications to meet Federal Student Aid’s business needs cost effectively. This volume is intended to promote a smooth transition from current to future technologies, but it does not attempt to provide a prioritized, scheduled transition plan for moving toward a desired future state. This document contains embedded hyperlinks to publicly available websites and footnotes that contain documents referenced on Federal Student Aid’s Intranet web site. Documents referenced that are only available via Federal Student Aid’s Intranet web site can be requested directly from Federal Student Aid. All references and hyperlinks are listed in the bibliography in Appendix C.

Version 6.0 Final

v

09/06/2007

Technology Standards and Products Guide

Section 1. Introduction

Section 1. Introduction
1.1 Purpose

This document is a reference tool for Federal Student Aid technical architects, system administrators, application developers, procurement personnel, and others that require guidance on implementing Federal Student Aid technology standards and standard products. The Federal Student Aid Technology Standards and Products Guide’s primary purpose is to enable architects to identify opportunities to leverage technology, alleviate redundancy, and highlight where technology-overlap limits the value of IT investments. This document addresses the fundamental technologies comprising the infrastructure, and it focuses on standards and products that promote managed services within a reliable and secure environment. The Technology Standards and Products Guide is a critical component in a comprehensive effort to align government-wide investments in information technology with the needs of Federal Student Aid. The Guide is not intended as a comprehensive list of products in use within Federal Student Aid. Rather, it is the set of identifiable current and target distributed component architecture standards, along with a minimum set of legacy standards and Intranet standards to differentiate current and future technology standards and preferred products.

1.2

Scope

This Guide is for the use of all personnel (including contractors) who are responsible for or involved in the development of Federal Student Aid’s general support systems and major applications. This document is intended to assist them in determining and applying the relevant standards to systems and applications. The Guide sets out the standards by which the IT infrastructure will be designed and/or operated and lists the technologies and products that promote transition from the current technical architecture to the envisioned technical architecture as described in the Federal Student Aid Target State Vision. Federal Student Aid uses the Federal Enterprise Architecture (FEA) Reference Models as the basis for the Technology Standards and Products Guide. The Guide’s classification scheme is based on the Technical Reference Model (TRM), which is a component-driven, technical framework that identifies the standards and specifications that comprise a service component. Federal Student Aid leverages the Federal Enterprise Architecture (FEA) to describe its technical environment, and to accomplish its goals in implementing the Federal Student Aid mission. Further details of the use of the TRM and the other FEA Reference Models can be obtained via the Federal Enterprise Architecture web site.

Version 6.0 Final

1

09/06/2007

Technology Standards and Products Guide

Section 1. Introduction

1.3

Intended Audience

The table below lists the intended users for the Federal Student Aid Technology Standards and Products Guide, the document sections most relevant for each type of user, and the purpose for which the users may utilize the information in this document. Table 1-1 Intended Audience and Document Usage
Users Federal Student Aid Executives / Federal Student Aid Business Owners & CIO Staff Federal Student Aid Architects Relevant Sections Executive Summary Sections 1, 2 Uses Facilitate and communicates an organized, systematic way of classifying the information technology infrastructure Facilitates understanding of Federal Student Aid’s Technology Infrastructure and promotes reuse by identification of preferred products and standards Used to communicate the Technology Infrastructure and identify standards, and technologies that support the construction, delivery, and exchange of Federal Student Aid business and application components

All

Potential Vendors

All

1.4

Document Organization
Section 1. Introduction - This section addresses the purpose, scope, audience, document organization and related references. Section 2. Information Technology Architecture - This section describes the tools, facilities, and technology, which support the creation, use, transport, and storage of Federal Student Aid’s enterprise-wide technology infrastructure, and provides details on the capabilities and technical architecture of Federal Student Aid business systems and services. Section 3. Service Specifications – This section profiles the preferred technologies and standards used to support Federal Student Aid Service Components classified by the Federal Enterprise Architecture guidelines. Appendix A: Acronyms - This appendix lists the acronyms and definitions used throughout the document. Appendix B: Glossary - This appendix provides key terms and definitions used throughout the document.

This document is comprised of the following sections.

Version 6.0 Final

2

09/06/2007

Technology Standards and Products Guide

Section 1. Introduction

Appendix C - Bibliography

1.5

References and Related Documents

The Federal Student Aid’s Technology Standards and Products Guide was developed to support Federal Student Aid’s business operations in compliance with the laws, regulations, and guidance listed.

Clinger-Cohen Act of 1996: requires agencies to implement IT management processes, integrate management and budget processes, inventory IT investments, and designate a Chief Information Officer. OMB Circular A-11: requires agencies to submit plans and progress on their enterprise architectures. OMB Circular A-130: requires that Federal agencies create Enterprise Architecture and update OMB as significant changes are made. Paperwork Reduction Act of 1995 The Government Paperwork Elimination Act (GPEA): requires agencies to leverage improved network technologies by improving electronic transactions. The E-Government Act of 2002 (P.L. 107-347): requires agencies to support eGovernment projects and to leverage cross-agency initiatives to further e-Government. It also requires agencies to submit privacy impact assessments for all new IT investments using personally identifiable data from or about members of the public. The Federal Records Act of 1950: requires Federal agencies to establish and maintain a continuing program for the economical and efficient management of agency records. Electronic records created or received by the Federal Government must be managed as Federal records. Government Performance Results Act of 1993: requires that Federal agencies accurately employ performance metrics to measure and report performance results related to IT investments. The Federal Chief Information Officer Council Federal Transition Framework

• •

The Guide’s classification scheme is based on the Federal Enterprise Architecture (FEA) Technical Reference Model (TRM), which is a component-driven, technical framework that identifies the standards and specifications that comprise a service component. The TRM describes how a component is accessed, built, deployed, and maintained. The following documents were also used as reference material for this release:
• • • • •

Department of Education Enterprise Standards and Guidelines, February 2007 Department of Education Enterprise Data Standards and Guidelines Federal Student Aid Technology Standards and Products Guide (prior versions) CIO Technology Handbook Federal Student Aid Business Case Reviews for Select Phase (FY07)

Version 6.0 Final

3

09/06/2007

Technology Standards and Products Guide

Section 1. Introduction

• • • • •

ITA Current State Reports (Multiple for CY07) EAI Current State Reports (Multiple for CY07) ITA Application State Assessment October 2006 EAI Application State Assessment October 2006 Security Architecture (SA) Application State Assessment October 2006

Version 6.0 Final

4

09/06/2007

Technology Standards and Products Guide

Section 2. Information Technology Architecture

Section 2. Information Technology Architecture
This section describes the tools, facilities, and technology, which supports the creation, use, transport, and storage of Federal Student Aid’s enterprise-wide technology infrastructure, and provides details on the capabilities and technical architecture of Federal Student Aid business systems and services. The architectural areas of interest for Federal Student Aid are described in the Architectural Area List presentation. Global design constraints, such as programming paradigms, architectural styles, and design principles are detailed in the Architectural Models Template.

2.1

Common Infrastructure

The following sections describe the major technology infrastructure components that provide the foundation for Federal Student Aid applications.

2.1.1 Integrated Technical Architecture (ITA)
The Integrated Technical Architecture (ITA) provides a standardized, reusable infrastructure for enabling business capabilities within the Federal Student Aid application community. The ITA team administers the development and test environments generally used by application teams to test Application code on a runtime environment that is very similar to production. Most applications within the ITA uses the following core products:
• • •

IBM HTTP Server (IHS) WebSphere Application Server (WAS) Oracle Database Server

These environments use the same operating system, have the same directory structure, and use the same Java run time environment. Reusable Common Service Components (RCS) Reusable Common Service Components (RCS) components are a set of heterogeneous Java packages that provide a middleware layer between applications and backend systems and standardize Federal Student Aid component code across multiple applications. The components are described below:

Persistence Framework - The ITA persistence framework provides a transparent and flexible mapping of business objects to relational database tables Logging Framework - Supported the migration from an archaic logging framework to the industry standard log4j Search Framework - The search framework simplifies, standardizes, and improves the use of the Google search engine. The framework consists of classes that provide a common way to access the Google HTTP API.

Version 6.0 Final

5

09/06/2007

Technology Standards and Products Guide

Section 2. Information Technology Architecture

Exception Framework - This framework provides consistency in approach, standardization of error messages, and out-of-the-box integration with the logging framework. Pin Web Services - Allows users to authenticate using a Personal Identification Number (PIN) without leaving an application’s web site. Email Framework - The e-mail framework uses Sun Microsystems’ JavaMail API 1.2, which provides a standard interface for Java programs to send e-mails to a Simple Mail Transport Protocol (SMTP) Mail server. JSP Tag Libraries - Standard Tag Library encapsulates as simple tags the core functionality common to many Web applications.

2.1.2 Enterprise Application Integration (EAI)
Enterprise Application Integration (EAI) provides a messaging infrastructure and integration capability that standardizes interfaces to new and legacy systems in support of Federal Student Aid modernization objectives. The EAI Bus consists of a scalable, extensible architecture providing messaging capabilities for batch and real-time transaction processing. At the heart of the architecture is a two-server cluster, which forms a “hub” from which interfaces to the Federal Student Aid business systems are extended. The following provides an overview of the major commercial software components used in the EAI architecture:

WebSphere MQ - Formerly known as MQSeries, WebSphere MQ provides the basemessaging infrastructure, support for point-to-point publish/subscribe messaging, and Java development and application programming interface. CommerceQuest Data Integrator (DI) - DI leverages the WebSphere MQ messaging platform to provide a high-speed transport mechanism for transferring large bulk files between systems for batch transactions. WebSphere Message Broker - IBM WebSphere Message Broker provides function and transport capabilities that support and facilitate enterprise-level business integration. EAI is being supported for legacy applications only; new application will utilize the Enterprise Service Bus (ESB) as described in the Target State Vision.

2.1.3 Virtual Data Center (VDC)
The Virtual Data Center (VDC) is the primary hosting infrastructure for Federal Student Aid’s Internet presence. Two Internet Service Providers (ISPs) are used, which allows load balancing of the connections with a Border Gateway Protocol (BGP). The BGP provides high level of reliability should a single ISP have a failure. The dual paths allow for tuning of inbound and outbound traffic as well. The Virtual Data Center (VDC) provides a 7x24x365 single computing environment for hosting Federal Student Aid Title IV application systems that support the financial aid process. The VDC provides technical and operational services in support of mainframe and midrange hardware and

Version 6.0 Final

6

09/06/2007

Technology Standards and Products Guide

Section 2. Information Technology Architecture

software. The VDC also manages the software licenses for applications residing at the VDC on behalf of Federal Student Aid. Technical and operational services for all information technology systems include but are not limited to: Data Center Services 1. Mainframe services — includes hardware and server side software hosting, data backup and restoration, operations and administration, and other general support services. Non-mainframe Server services — includes hardware and server side software hosting, data backup and restoration, operations and administration, and other general support services. Middleware Administration and Support — includes implementing configurations, establishing and maintaining configuration and system parameters, executing processes for the proper maintenance and functioning of the business and web applications residing in this layer on mainframes and non-mainframe servers. System Level Database Administration and Support — includes technical and administrative work in the management of Federal Student Aid databases through the planning, design, configuring, implementation and operation of database systems; planning and implementing database expansions; reorganizations and/or conversions; developing and implementing backup and recovery procedures; and establishing and administering database policies. Storage services — includes establishing, reporting, and optimizing storage environments to include storage array networks, tapes, non-tape media, and optical devices. This service includes management of media for receiving data into applications from external sources, for backup and recovery, and housing of media to meet regulatory requirements. Custodian of Software Licenses — includes managing and tracking all server and software licenses for applications residing at the VDC, regardless of whether the VDC, Federal Student Aid or an application developer acquired the license. Network managed services — includes the provision, monitoring and management of networks that connect two or more separate facilities spanning a geographic area larger than a campus or metropolitan area. Network managed services also include point-to-point circuits, Frame Relay, dedicated Internet connections, broadband (DSL/cable modem) Internet connections, Internet based Virtual Private Networks and dial up connections. Network managed services include but are not limited to the following: a. Data network management and monitoring — includes the provision and support of a suite of activities that span all aspects of network levels; includes system and component management and monitoring, information protection, component addressing methods, access control and change control.

2.

3.

4.

5.

6.

Data Network Services 1.

Version 6.0 Final

7

09/06/2007

Technology Standards and Products Guide

Section 2. Information Technology Architecture

b.

Management and administration of Government carrier services contract (e.g., FTS2001) — includes reviewing requirements, recommending thresholds, providing capacity and performance reports, and procuring network components and circuits. This includes managing outages of FTS2001 service through escalation to the FTS 2001 vendors. Maintain connectivity to core Federal Student Aid business applications requiring data center access — includes network systems management, troubleshooting, bandwidth management, and maintaining computing resources required to maintain connectivity. Trusted Partner with other networks – includes ability to establish secure point-to-point communications with the Department of Education Network (EDNET).

c.

d.

2.

DHCP/DNS services supporting the fsa.ed.gov domain — includes the provisioning, monitoring and managing all aspects of DHCP/DNS services supporting the Federal Student Aid applications and systems at the Contractor site(s). Internet Communication Services — includes all aspects of providing and maintaining connection of the Federal Student Aid applications and systems to the public Internet. Virtual Private Network (VPN) services — includes the provision, monitoring and management for remote users to securely connect to the VDC over the public Internet; includes dedicated site to site VPN connectivity on a shared public IP network; requires industry based/Internet based standards for security to create and preserve privacy, data integrity and authenticity. Application Acceleration — includes the temporary storage and caching of web objects (web pages or components such as JSPs, servlets, and beans that contain presentation logic) and the routing and distribution of applications to reduce bandwidth consumption, server load and latency of web requests, as necessary (e.g. Akamai and INTERNAP). Planning and analysis, requirements definition, design specification, engineering, acquisition, installation, development, testing and implementation of the infrastructure necessary to support Federal Student Aid. Facilities and Environmental Infrastructure — includes power, cooling, physical security, fire suppression and all other services required to support the facilities used to provide services to Federal Student Aid. Operations, Administration and Maintenance of the Infrastructure — includes ensuring the integrity and quality of service of the production environment. ITIL based Service Management processes including, but not limited to: a. Service Support, which primarily includes incident, problem, change, release, and configuration management.

3.

4.

5.

Cross Functional Services 1.

2.

3. 4.

Version 6.0 Final

8

09/06/2007

Technology Standards and Products Guide

Section 2. Information Technology Architecture

b. c.

Service Delivery, which primarily includes availability, service level, capacity, financial and continuity management. Service and/or Help Desk which primarily includes receiving calls/contacts from Federal Student Aid staff, support contractors, and Guarantee Agencies in support of Post Secondary Education Participants System for reporting of incidents, requesting non-standard changes, and providing information. Security and Security Operations Center, which includes the implementation, monitoring, and reporting of physical and logical security of all information technology (IT) components, such as the network, hardware, software and data. This includes, but is not limited to: virus and access protection; host network intrusion detection; vulnerability management; incident handling; responding to security incidents and issues in compliance with Federal Student Aid security requirements; and complying with all applicable regulatory requirements.

d.

5.

Technology Refreshment and Replenishment — includes modernizing the IT infrastructure on a continual basis to ensure that infrastructure and system components stay current with evolving industry standards and technology platforms. Documentation, Training and Knowledge Transfer Related to the Infrastructure — includes developing, revising, maintaining, reproducing, and distributing information in hard copy and electronic form. Continuous Service Improvement — includes the progressive improvement of all aspects of all Contractor provided services. Account Management — includes but is not limited to: developing a service ordering process for adding/changing services; developing and implementing a Federal Student Aid satisfaction program; providing conference support if requested by Federal Student Aid; and providing reports on statistics, trends and audits. Continuity Services — includes providing prioritized IT continuity services for Federal Student Aid applications and their associated infrastructure components.

6.

7. 8.

9.

2.1.4 Network Communications
The Federal Student Aid Wide Area Network (WAN) consists of several differing network topologies all standardized on the TCP/IP protocol. This maximizes the amount of network activity that can be delegated to the Internet and minimizes usage of costly dedicated circuits. Federal Student Aid uses FTS 2001 vendors to provide WAN services. Federal Student Aid uses Sprint for ATM, and dedicated point-to-point circuits and MCI for Frame Relay. The FTS 2001 vendors provide the topology requested and order the “last mile” from the Local Exchange Carrier (LEC) or a Competitive Local Exchange Carrier (CLEC). The LEC or CLEC install the data line connection into the requested facility. This portion of the connection should be equal to or greater than the size of the circuit being requested to allow bandwidth scalability.

Version 6.0 Final

9

09/06/2007

Technology Standards and Products Guide

Section 2. Information Technology Architecture

2.2

Common Services

The architecture is comprised of business services and technologies that provide capabilities to facilitate Federal Student Aid services to citizens and business partners. Common Services defines the set of cross-functional capabilities that can be leveraged independent of objective and / or mission. The common components of the architecture are defined below.

2.2.1 Identity and Access Management
This section defines the set of capabilities that support Federal Student Aid’s management of permissions for logging onto a computer, application, service, or network; including user management and role/privilege management. The Target State Vision Security Standards1 document represents the standards to be followed in the implementation of enterprise roles, access control and audit logging for all systems integration efforts. The Target State Vision Security Policies2 document guides employees and contractors with the creation and maintenance of enterprise roles, access controls, and audit logging implementations and facilitates the creation of the standards, procedures and guidelines that conform to federal and department regulations and directives. Component: Security Architecture (SA) The Federal Student Aid Security Architecture is comprised of tools and technologies to provide identity and access management services across the enterprise. Key subsystems within the security architecture include the Audit subsystem, the Identify and Credential subsystem, and the Access Control subsystem. These subsystems are defined in more detail in the Security Architecture Options Document. The requirements presented in this document describe the capabilities to be supported by these key subsystems. Current Technology Profile
• •

IBM Tivoli Identity Manager (TIM) IBM Tivoli Access Manager (TAM) o Policy Server o Authorization server o Web Portal Manager system o IBM WebSphere Application Server o WebSEAL

• • •

IBM Tivoli Directory Client IBM Tivoli Directory Server IBM DB2

Target State Vision Security Standards is located on the Federal Student Aid intranet site at http://thestartingline.ed.gov/modernization/documents/WP9.033.2DraftTSVSecurityStandards112305.doc 2 The Target State Vision Security Policies is located on the Federal Student Aid intranet site at http://thestartingline.ed.gov/modernization/documents/WP9.033.1DraftTSVSecurityPolicies112305.doc Version 6.0 Final 09/06/2007 10

1

Technology Standards and Products Guide

Section 2. Information Technology Architecture

Integration
• •

IBM Tivoli Directory Integrator Custom Integration (RCS Components for Security Architecture) Custom User Interface

Front-End

This section defines the set of capabilities that support obtaining information about those parties attempting to log on to a system or application for security purposes and the validation of those users. Component: Personal Identification Number (PIN) PIN is the name of the Federal Student Aid application that provides user authentication for students, schools, and administrators. The FAFSA application team maintains this application; however, PIN provides authentication services to many Federal Student Aid applications both within and outside the ITA shared environment, such as FAFSA, NSLDS, Direct Loans, and Campus-Based (eCB). PIN is hosted in the ITA environment. Current Technology Profile
• • •

Web Server: Application Server: Database: MQSeries PIN Web Site

IBM IHS Web Server Wepsphere Application Server (WAS) Oracle 10g

Integration

Front-End

2.2.2 Business Analytical Services
Business Analytical Services defines the set of capabilities supporting the extraction, aggregation and presentation of information to facilitate decision analysis and business evaluation. Components: COD Data Archive, eCampus-Based, eZ-Audit, Financial Partners Data Mart, and Federal Student Loan Servicing (formerly Common Services for Borrowers) Current Technology Profile

Database: Oracle 10g Informatica - for Extraction, Transformation and Load (ETL) capability MicroStrategy provides reporting, analysis, and information delivery capabilities. MicroStrategy has been installed in the WebSphere development and testing environments and is being integrated into the Security Architecture. Microstrategy actually has three components that are broken across the entire ITA architecture. Web
11

Integration

Front-End

Version 6.0 Final 09/06/2007

Technology Standards and Products Guide

Section 2. Information Technology Architecture

Universal is the presentation layer that runs under WebSphere. The Microstrategy Intelligence server is the Application Query Server that Federal Student Aid Business owners build the queries and the reports. The Microstrategy narrowcast server is a report server that enables email reporting. These components are located in the Virtual Data Center (VDC).

2.2.3 Collaboration / Communications
The following component represents the set of capabilities that support the communication between newer generation hardware/software applications and the previous, major generation of hardware/software applications. Component: Student Aid Internet Gateway (SAIG) The Student Aid Internet Gateway (SAIG) is a store and forward mailbox application used by Federal Student Aid 's customers (post-secondary schools, lenders, guaranty agencies, state agencies, and other electronic trading partners located through out the country) to exchange Privacy Act and SAIG data to the Title IV application systems. The Commercial off the Shelf (COTS) products to support the customers' transmissions were developed by the commercial vendor Click Commerce. The software products include TDClient, TDNgine (mailbox application), and Online Transaction Delivery Community Manager (webbased online query status of transmissions). Current Technology Profile
• •

ClickCommerce Incorporated, TDClient ClickCommerce Incorporated, TDManager ClickCommerce Incorporated, TDNgine Student Aid Internet Gateway (SAIG)

Integration

Front-End

2.2.4 Customer Relationship Management (CRM)
This section defines the set of capabilities that Federal Student Aid uses to enhance help desk/call center operations for Federal Student Loan Servicing, Ombudsman and Integrated Partner
Management (IPM).

Component: (IPM)
• • •

Federal Student Loan Servicing, Ombudsman and Integrated Partner Management

Current Technology Profile Siebel Customer Relationship Management (CRM) Operating System: Database: HP-UX Oracle 10g

Integration

Version 6.0 Final 09/06/2007

12

Technology Standards and Products Guide

Section 2. Information Technology Architecture

The CRM system does not integrated by way of hardware interfaces with any major business systems.

Front-Ends

The Seibel front-end portal does not represent a major capability for future FSA investment

2.2.5 Search
This section defines the set of capabilities that provides pattern-matching technology that enables efficient identification and encoding of unique key words within text documents. The search engine capability locates and retrieves content, such as a set of Web sites, news feed, or an email archive that match the search parameters. There are two appliances installed in the ITA production environment and two installed in the ITA development environment. The appliances use a DNS server to translate domain names to IP addresses and store this information in a DNS repository. Current Technology Profile

Google Search Appliance v4.6.2 N/A (Not Applicable) N/A (Not Applicable)

Integration

Front-End

2.3

Business Systems

The following is a brief description of the major business systems used to deliver Federal Student Aid. These systems are comprised of service components and component-based software, along with the relationships between them.

2.3.1 Central Processing System (CPS)
The mission of the CPS is to provide a centralized system for processing applications for students seeking federal financial aid from Title IV programs. The primary function of the CPS is to process each submitted Free Application for Federal Student Aid (FAFSA) through a series of data checks, a formula calculation and verification checks of databases with other Federal agencies. Ultimately, the CPS uses the application data to calculate the Expected Family Contribution (EFC), which is used to determine student's eligibility for federal student aid. The following provides a brief description of the core capabilities, and the services that constitutes the CPS:

Eligibility Determination - An applicant's data, captured via the FAFSA, is processed to determine if a student is eligible to receive Federal Student Aid. Delivery of the eligibility determination system includes data/image receipt and editing, matching with external agencies, calculating results, and providing various outputs to students, schools, and other agencies.

Version 6.0 Final 09/06/2007

13

Technology Standards and Products Guide

Section 2. Information Technology Architecture

Data Entry - Delivery of data entry services resulting from the paper FAFSA and other related forms through a reliable and secure data capture system. Processing operations will include the receipt of FAFSA forms and the timely imaging, data capture and transmission of data and images for processing. Customer Support - Delivery of the EDExpress suite of products, Participation Management System and providing technical assistance to schools, including phone support, developing the appropriate technical references and posting software and user documentation to the Federal Student Aid Download site. Processor: IBM eServer zSeries 890 Model 2086-360 Operating System: OS/390 Database System: DB2 Business Intelligence & Reporting: Information Builders Webfocus MQ Series v5.2 Free Application for Federal Student Aid (FAFSA) - College students and schools use the FAFSA on the Web application to submit financial aid applications to Federal Student Aid via the Internet. ITA provides a dedicated environment for FAFSA because the site is utilized by tens of thousands of applicants. The peak period occurs in mid-February and as many as 150,000 applications are processed per-day. FAFSA uses Google for search functionality. FAFSA also includes the following: o Renewal FAFSA on the Web (RFOTW) o Spanish FAFSA on the Web (SFOTW) o FAFSA Corrections on the Web (COTW) o Financial Aid Administrators (FAA Access on the Web)

Current Technology Profile
• • • •

Integration

Front-Ends

Federal Student Aid Download

2.3.2 National Student Loan Data System (NSLDS)
NSLDS collects, stores, and provides detailed comprehensive data about Title IV aid recipients, including tracking enrollment of all Title IV borrowers, and the items of aid they receive as well as data to help schools determine the eligibility of students for Title IV aid. The principal functions of NSLDS help calculate performance measurement of schools (cohort default rates) to determine whether schools continue their participation in Title IV programs. NSLDS acquires data from guarantors, schools, and internal systems via the Student Aid Internet Gateway (SAIG). NSLDS provides its users with products designed to provide efficient access to NSLDS data for a variety of user levels and purposes.

NSLDS World Wide Web site—The NSLDS web site at www.nsldsfap.ed.gov is the main user access point for the system. This site allows users to view NSLDS information
14

Version 6.0 Final 09/06/2007

Technology Standards and Products Guide

Section 2. Information Technology Architecture

and to perform online updates. NSLDS User Documentation can be obtained online at http://www.ifap.ed.gov.

On-Request and Scheduled Batch Reports—Many reports have been programmed and are available to the user either on a fixed schedule or on request. The user may set selection parameters and sort sequences. Query Management Facility (QMF)—QMF is an end-user, ad hoc query tool for selecting, sorting, and reporting NSLDS data. QMF uses the industry standard Structured Query Language (SQL) to manipulate NSLDS data. QMF queries, data, and report forms can be packaged as procedures, saved and shared by end users. Report Management and Distribution System (RMDS)—RMDS allows users to browse reports online, share them with other authorized users, and print them. Users can route the output of ad hoc queries to RMDS to create online reports. Users can also route reports to a magnetic tape, Student Aid Internet Gateway (SAIG) mailbox, or data set for downloading later to a personal computer. Processor: IBM eServer zSeries 890 Model 2086-360 Operating System: OS/390 Database System: DB2 NSLDS utilizes the Websphere Application Server (WAS), IBM IHS Web server, and Oracle database server in Front End applications. MQ Series v5.2; Student Aid Internet Gateway (SAIG); National Student Loans Data System - Student Access - Front-end web-based application to allow students to access their Title IV financial aid history as stored on the NSLDS database. Uses Personal Identification Number (PIN) site for user authentication. National Student Loans Data System - Professional Access - Front-end web-based application for access to the NSLDS mainframe database. Used by financial aid professionals, lenders, guaranty agencies, and ED internal users. Information for Financial Aid Professionals Online Library - The IFAP online library contains technical publications, regulations, and policy guidance on the administration of the Federal Student Aid programs.

Current Technology Profile
• • • •

Integration

Front-Ends

2.3.3 Common Origination and Disbursement (COD)
The Common Origination and Disbursement (COD) system provides a common IT platform using XML and middleware technologies and an integrated process that enables approximately 5,600 Title IV eligible institutions of higher education to originate and disburse $22 billion of Title IV federal financial aid funds to approximately 6,000,000 eligible students/recipients each award year under the Federal Pell Grant Program and the Federal Direct Loan Program.

Version 6.0 Final 09/06/2007

15

Technology Standards and Products Guide

Section 2. Information Technology Architecture

Also, the COD system provides for a large Help Desk and Customer Service center to assist institutions with processing their data and managing their administration of Pell Grants and Direct Loans. In addition, the COD system provides a facility for processing and storing paper Direct Loan promissory notes, a web-enabled Direct Loan electronic promissory note capability and a Direct Loan bulk promissory note and publication fulfillment center. Finally, the COD system integrates financial data between disparate systems. This affords schools easier access to the foresaid systems and makes it easier for them to reconcile and report financial data to Federal Student Aid. Current Technology Profile

Processor: IBM S/390 Parallel Enterprise Server - Generation 4 IBM 9672 Model R35 The IBM 9672 Model R35 is a Parallel Transaction Server that consists of one CEC (with 3 central processors). CEC capacity includes: from 1GB to 16GB storage; parallel channels up to 96; ESCON channels, up to 256 in increments of four; and Coupling Links up to 16. Operating System: OS/390 Database System: DB2 MQ Series v5.2 Common Origination and Disbursement Web site

• •

Integration

Front-Ends

2.3.4 Financial Management System (FMS)
The Financial Management System (FMS) utilizes Oracle Federal Financials to manage the flow of all financial information through Federal Student Aid. It gives the CFO office the ability to report information across programs, consolidate redundant processes, and account for Federal Student Aid Title IV funds. Current Technology Profile

Oracle Corporation, Oracle Financials o General Ledger o Payables o Receivables o Purchasing

Oracle Corporation, Oracle Public Sector Applications o Public Sector General Ledger o Public Sector Payables o Public Sector Receivables o Public Sector Purchasing

Version 6.0 Final 09/06/2007

16

Technology Standards and Products Guide

Section 2. Information Technology Architecture

Oracle Corporation, Oracle U.S. Federal Financials o U.S. Federal General Ledger o U.S. Federal Payables o U.S. Federal Receivables o U.S. Federal Purchasing o U.S. Federal Administrator

• • •

Oracle Corporation, Oracle Forms Webserver: Oracle Corporation, Oracle App Server-Apache Database: Oracle 10g ClickCommerce Incorporated, COMM-PRESS 2000 Ver 4.4.2 *m* (005) (master, triple DES) Financial Management System (Intranet Access Only)

Integration

Front-Ends

2.3.5 Postsecondary Education Participants System (PEPS)
This system is Federal Student Aid's management information repository for all entities associated with Title IV. This system maintains eligibility data for schools, lenders, guarantors and service providers, as well as oversight of these entities. This system provides various data feeds to Federal Student Aid's Title IV Delivery Systems to ensure consistency of Title IV eligibility data across the enterprise. PEPS functionality will serve as a basis for IPM to identify and track entity relationships that administer Title IV programs, and record current and historical eligibility determinations and administrative actions. Online access to the PEPS database is available to individuals from the U.S. Department of Education, guaranty agencies, state licensing agencies, accrediting agencies, and state departments of education. Current Technology Profile
• •

Citrix Metaframe Access 3.0 Database: Oracle 10g MQ Series v5.2 Postsecondary Education Participants System (PEPS) - PEPS produces a weekly data extracts of select school data; produces Weekly Institutional Update Reports to identify activities of Institutions' eligibility to participate in Federal Student Aid Federal Student Aid Web Applications Gateway – This is a Microsoft Active Server Page (ASP) Application that allows access to the PEPS database via a Citrix Web Client.
17

Integration

Front-End

Version 6.0 Final 09/06/2007

Technology Standards and Products Guide

Section 2. Information Technology Architecture

The Integrated Partner Management (IPM) initiative, through process reengineering and process automation, will provide, in one solution, improved eligibility, enrollment, and oversight processes used to manage partner entities (i.e., schools, school services, lender services, guarantee agencies, private collection agencies, state agencies, federal agencies, accrediting agencies, auditors, and owners) as they administer Title IV Financial Aid for students.

2.3.6 eCampus-Based Systems
The eCampus Based site contains the Fiscal Operations Report and Application to Participate (FISAP) in the three Campus-Based Programs - Federal Perkins Loan, Federal Supplemental Educational Opportunity Grant (FSEOG), and Federal Work-Study (FWS). The eCampus-Based web site allows users to submit FISAP information, access Campus-Based account data, and view reports. This system is also integrated with the Security Architecture. Current Technology Profile
• • •

Web Server: Application Server: Database: MQ Series v5.2

IBM IHS Web Server Websphere Application Server (WAS) Oracle 10g

Integration

Front-End

eCampus-Based Program Web site for Federal Student Aid

2.3.7 Federal Student Loan Servicing
The following systems are utilized for servicing loans and reside on a mainframe platform located in Rockville, Md.

Direct Loans Servicing System (DLSS) - All borrowers are serviced from this system for all loans that are originated within the Direct Loan Program. This includes billing, payments, and entitlement processing. Debt Management and Collections System (DMCS) - DMCS is a collection of subsystems used to store, retrieve, and edit borrower information, as well as collect and process payments on defaulted student loans. Functionally, DMCS provides for the processing of outstanding financial aid debts from the time a debt is assigned to Department of Education until it is paid-in-full or otherwise satisfied. Direct Loan Consolidation System (DLCS) - The DLCS is a front-end processing system that creates applications and P-Notes and tracks lender pay off and refund amounts for the Direct Loan Program Conditional Disability Discharge Tracking System (CDDTS) - This system tracks Total and Permanent Disability claims for a three-year period that is required by law. Processor: IBM S/390 Parallel Enterprise Server - Generation 4 IBM 9672 Model R35 The IBM 9672 Model R35 is a Parallel Transaction Server that consists of one CEC (with
18

Current Technology Profile

Version 6.0 Final 09/06/2007

Technology Standards and Products Guide

Section 2. Information Technology Architecture

3 central processors). CEC capacity includes: from 1GB to 16GB storage; parallel channels up to 96; ESCON channels, up to 256 in increments of four; and Coupling Links up to 16.
• •

Operating System: Open VMS Database System: DB2 MQ Series v5.2 Direct Loans Servicing Online Direct Loans Servicing Online School Site Direct Loans Master Promissory Note (eMPN) Direct Loans Consolidation Web site

Integration

Front Ends
• • • •

Version 6.0 Final 09/06/2007

19

Technology Standards and Products Guide

Section 3. Service Specifications

Section 3. Service Specifications
Applications hosted in the Virtual Data Center (VDC) share the same hardware, products and support to facilitate re-usability and provide cost savings to the Federal Student Aid business owner. All Federal Student Aid distributed applications use either IBM HTTP Server and/or WebSphere Application Server. The following profiles the major technologies and standards used to support Federal Student Aid Service Components. Target technologies are identified in red.

Figure 3-1 High-Level Federal Student Aid Technology Stack

The overall objective of defining service specifications is to identify and classify standards and technologies that support the construction, delivery, and exchange of Federal Student Aid business and application components (Service Components), according to FEA guidelines, at a level of abstraction that allow principles and rules to be developed and/or followed without being confused by physical implementation details. Federal Student Aid has chosen to augment FEA TRM classifications with a Standards Classification scheme to help architects identify preferred products and standards. The scheme identifies the governing body and status of a technology or standard in the architecture as follows:

Version 6.0 Final

20

09/06/2007

Technology Standards and Products Guide

Section 3. Service Specifications

Table 3-1 Federal Student Aid Product Classification
Service Specification Federal Student Aid Classification Description Standards mandated and maintained by the Federal Government. Standards maintained at the Department Level or a General Use specification accepted as DeFacto within a given segment (i.e., TCP/IP).

A standard that is in use in an Government standard Federal Student Aid mandated environment ED - Department of Education Standard

Federal Student Aid Suitable for new application development for Standard Product or Target Federal Student Aid. Standard Federal Student Aid Contained Technologies/Products approved in the architecture for a specific business need, without expanding the use of the standard to the entire enterprise. Includes Legacy systems and products used for administrative and Internal use.

3.1

Service Access and Delivery Channels

Service access and delivery channels for Federal Student Aid handle all application communication with web, terminal or mobile clients, invoking business logic and transmitting data in response to incoming requests. The services in this tier provide a usable interactive interface between clients and enterprise applications as defined below:

Access Channels define the interface between an application and its users, whether it is a browser, personal digital assistant, or other medium. Federal Student Aid uses thin client technology (web browsers) to serve as the access channel to its external facing applications. Currently the Federal Student Aid standard requires applications to support the following browsers: o Internet Explorer

While Federal Student Aid will continue to use thin client technology for client access, web services are emerging as a target technology within Federal Student Aid.

Delivery channels define the level of access to applications and systems based upon the type of network used to deliver them.

Federal Student Aid makes use of the public Internet for delivering financial aid to citizens and has an extranet capability to collaborate with colleges, business partners and guarantee agencies.

Service Requirements define the necessary aspects to include legislative, performance and hosting.

Version 6.0 Final

21

09/06/2007

Technology Standards and Products Guide

Section 3. Service Specifications

Service Transport defines the end-to-end management of the communications session to include the access and delivery protocols. Table 3-2 Service Access and Delivery Channels

Service Category Access Channel

Service Standard Web Browser

Federal Student Aid Service Specification Internet Explorer

Federal Student Aid Classification ED Standard

Comment

Federal Student Aid is delivered via the public Internet SAIG uses ClickCommerce Inc. EAClient TDClient TDCommunityManager TDConnector API TDManager

Collaboration /Communications

Student Aid Internet Gateway (SAIG)

Federal Student Aid Standard (Technologies may be Contained)

The Service Specification represents the main channels for collaborating with Federal Student Aid

FSA Gateway

Federal Student Aid Target

Postsecondary Education Participants System Web site

Federal Student Aid Standard (Technologies may be Contained)

Citrix Metaframe Access 3.0 (PEPS external)

Integrated Partner Management (IPM) Delivery Channel Internet Federal Student Aid Gateway Students Channel School Eligibility Channel Financial Partners Portal

Federal Student Aid Target

Federal Student Aid Standard

While there are several channels the Service Specification represents the main delivery channel via the public Internet Students Channel: http://studentaid.ed.gov/ Schools Eligibility Channel: http://fsa4schools.ed.gov/ Financial Partners Portal: http://www.fp.ed.gov

Version 6.0 Final

22

09/06/2007

Technology Standards and Products Guide

Section 3. Service Specifications

Service Category

Service Standard

Federal Student Aid Service Specification Enterprise Portal

Federal Student Aid Classification Federal Student Aid Target Federal Student Aid Standard

Comment

Intranet

The Starting Line

Federal Student Aid makes use of an Intranet for Federal Student Aid employee communications SAIG is a private network that uses the Internet protocol and the public telecommunication system to securely share business information with Postsecondary schools, lenders, and guarantors

Extranet

Student Aid Internet Gateway (SAIG)

Federal Student Aid Standard

Virtual Private Network (VPN) Service Requirements Hosting

F5 Networks Firepass Virtual Data Center (VDC) Federal Laws and Regulations including Section 508 Guidelines

ED Standard

Federal Student Aid Standard Government Standard Federal Student Aid follows OMB Policies and Federal Laws and Regulations for Federal Agency Public Websites which can be accessed at http://www.usa.gov/webconte nt/ Web pages must also be accessible to people using assistive technologies like screen readers. “Web-based Intranet and Internet Information and Applications” (http://www.accessboard.gov/sec508/guide/1194. 22.htm) details the provisions required for a web page to be considered accessible.

Legislative / Compliance

Version 6.0 Final

23

09/06/2007

Technology Standards and Products Guide

Section 3. Service Specifications

Service Category

Service Standard

Federal Student Aid Service Specification Federal Student Aid Style guide

Federal Student Aid Classification Federal Student Aid Standard

Comment

The Federal Student Aid Style Guide is required for developing print and online material with the look-and-feel of Federal Student Aid brand identity. The guide is located on theStartingLine at http://thestartingline.ed.gov/st yleguide/

Security

Standards for Information Processing

Government Standard

Under the Information Technology Management Reform Act (Public Law 104106), the Secretary of Commerce approves standards and guidelines that are developed by the National Institute of Standards and Technology (NIST) for Federal computer systems. These standards and guidelines are issued by NIST as Federal Information Processing Standards (FIPS) and Special Publications for use government-wide. http://csrc.nist.gov/publication s/fips/index.html http://csrc.nist.gov/publication s/nistpubs/index.html

Security Configuration Guidelines Security Configuration Checklist Service Transport Service Transport Hyper Text Transfer Protocol (HTTP)/1.1 Hyper Text Transfer Protocol Secure (HTTPS)

Federal Student Aid Standard

Online Security Center

ED Standard

http://www.w3.org/Protocols/

ED Standard

Version 6.0 Final

24

09/06/2007

Technology Standards and Products Guide

Section 3. Service Specifications

Service Category

Service Standard

Federal Student Aid Service Specification Internet Protocol (IP) Version 4 (IPv4) Internet Protocol (IP) Version 4 (IPv6)

Federal Student Aid Classification ED Standard

Comment

ED Target Standard

http://www.ipv6.org/

Supporting Network Services

Domain Name System (DNS) IBM Tivoli Directory Server

ED Standard

Federal Student Aid Standard

See Section 2.2.1 Identity and Access Management of this document LDAPv3 Specification Lightweight Directory Access Protocol (LDAP) v3

Microsoft Exchange 2000

ED Standard

Internet Message Access Protocol / Post Office Protocol (IMAP / POP3)

Version 6.0 Final

25

09/06/2007

Technology Standards and Products Guide

Section 3. Service Specifications

3.2

Component Framework

The Component Framework defines the underlying foundation and technical building blocks by which Federal Student Aid’s Service Components are built. Target application components will be built based on a server-side component model utilizing technologies that are aligned with the Federal Student Aid Enterprise Architecture and are categorized as:

Business Logic - Defines the software, protocol or method in which business rules are enforced within applications. Data Interchange - Data Interchange define the methods in which data is transferred and represented in and between software applications. Data Management - The management of all data/information in an organization. It includes data administration, the standards for defining data and the way in which people perceive and use it. Presentation / Interface - This defines the connection between the user and the software, consisting of the presentation that is physically represented on the screen. Security -Security defines the methods of protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality and availability.

The server-side component model simplifies development, allows for transactional integrity, and provides for a portable and scalable architecture. Components built using this model will simplify client access to data while encapsulating communications and implementation details. The components developed will interface with the mainframe transaction processing systems, which provide the critical information infrastructure for the Aid delivery business processes. These services will also interface with back-end data services that provide registration, authentication, and entitlement services. Table 3-3 Component Framework
Service Category Business Logic Service Standard Platform Dependent Federal Student Aid Service Specification C-Sharp (C#) VB Script Visual Basic Visual Basic .Net (VB.Net) Federal Student Aid Classification Federal Student Aid Contained Comment

Version 6.0 Final

26

09/06/2007

Technology Standards and Products Guide

Section 3. Service Specifications

Service Category

Service Standard Platform Independent

Federal Student Aid Service Specification Enterprise Java Beans (EJB) Service Component Architecture Specification

Federal Student Aid Classification Federal Student Aid Standard

Comment

http://java.sun.com/ See also: Design principles detailed in the Architectural Models Template

C, C++ Cobol Fortran Data Interchange Data Exchange Electronic Business using XML (ebXML) Simple Object Access Protocol (SOAP)

Federal Student Aid Contained

Legacy Business Systems

Federal Student Aid Standard

http://www.ebxml.org/

Federal Student Aid Target

http://www.w3.org/TR/soap/

*XMI, CWM

Federal Student Aid Target

Various Data Exchange standards (i.e. XMI, CWM) are under consideration by the Enterprise Data Management Group and will be incorporated into future revisions pending outcome of EDM decisions. See http://www.omg.org for information concerning the standards.

Data Management

Database Connectivity

Java Database Connectivity (JDBC) DB2 Connector

Federal Student Aid Standard

Federal Student Aid Contained Federal Student Aid Contained

Active Data Objects (ADO) Active Data Objects .NET (ADO.NET) Open Database Connectivity (ODBC)

Version 6.0 Final

27

09/06/2007

Technology Standards and Products Guide

Section 3. Service Specifications

Service Category

Service Standard Reporting and Analysis

Federal Student Aid Service Specification Microstrategy 8 Platform MicroStrategy Intelligence Server MicroStrategy Narrowcast Server

Federal Student Aid Classification Federal Student Aid Standard

Comment

http://www.microstrategy.com/ Online Analytical Processing (OLAP) Decision Support and Data Mart Systems

Presentation / Interface

Content Rendering

Cascading Style Sheets (CSS)

Federal Student Aid Standard

http://www.w3.org/Style/CSS/

JavaScript

Federal Student Aid Standard Federal Student Aid Standard The W3C’s recommendation for the next generation of HTML leveraging XML http://www.w3.org/TR/2001/RECxhtml11-20010531/

eXtensible HTML (XHTML)

Dynamic HTML (DHTML)

Federal Student Aid Standard

Dynamic / Server-Side Display

Java Server Pages (JSP) Java Portlet API (JSR 168) Java Servlet (JSR 53) Adobe Forms IBM Forms Active Server Pages (ASP) Active Server Pages .Net (ASP.Net) Oracle Forms (FMS)

Federal Student Aid Standard

Federal Student Aid Contained

Static Display

Hyper Text Markup Language (HTML)

Federal Student Aid Standard

The language used to create Web documents http://www.w3.org/TR/html4/

Version 6.0 Final

28

09/06/2007

Technology Standards and Products Guide

Section 3. Service Specifications

Service Category Security

Service Standard Certificates / Digital Signature Supporting Security Services

Federal Student Aid Service Specification Secure Sockets Layer (SSL)

Federal Student Aid Classification Federal Student Aid Standard

Comment

Web Services Security (WSSecurity) WS-Trust v1.3 Security Assertion Markup Language (SAML) v2.0 WSSecureConversation v1.3 WSReliableMessaging 1.1

Federal Student Aid Target

http://www.oasisopen.org/specs/index.php wssv1.1

Version 6.0 Final

29

09/06/2007

Technology Standards and Products Guide

Section 3. Service Specifications

3.3

Service Interface and Integration Standards

The system interface and integration services tier will provide an additional service layer that supports existing technologies and allows access to application functionality via web services and messaging subsystems. Presentation logic as well as vendor and agency back-office systems will be allowed secure access to utilize these services.

Integration - Integration defines the software services enabling elements of distributed business applications to interoperate. These elements can share function, content, and communications across heterogeneous computing environments. In particular, service integration offers a set of architecture services such as platform and service location transparency, transaction management, basic messaging between two points, and guaranteed message delivery. Interface - Interface defines the capabilities of communicating, transporting and exchanging information through a common dialog or method. Delivery Channels provide the information to reach the intended destination, whereas Interfaces allow the interaction to occur based on a predetermined framework. Interoperability - Interoperability defines the capabilities of discovering and sharing data and services across disparate systems and vendors. Table 3-4 Service Interface and Integration Standards

Service Category Integration

Service Standard Enterprise Application Integration

Federal Student Aid Service Specification IBM Websphere Adapters IBM Websphere Process Server: WebSphere DataPower SOA Appliances WebSphere DataPower Integration Appliance XI50 WebSphere DataPower XML Accelerator XA35

Federal Student Aid Classification Federal Student Aid Standard

Comment

Application Connectivity

Federal Student Aid Target

Business Process Management Business Process Execution Language (BPEL) Service Component Architecture (SCA)

WebSphere DataPower SOA Appliance

Enterprise Service Bus (ESB)

Version 6.0 Final

30

09/06/2007

Technology Standards and Products Guide

Section 3. Service Specifications

Service Category

Service Standard

Federal Student Aid Service Specification Informatica

Federal Student Aid Classification Federal Student Aid Standard Federal Student Aid Standard

Comment

Extract, Transform and Load (ETL) IBM WebSphere MQ is a network communication technology launched by IBM in March 1992. It was previously known as MQSeries, which is a trademark that was rebranded by IBM in 2002 to join the suite of WebSphere products. WebSphere MQ is IBM's Message Oriented Middleware offering.

Middleware

IBM Websphere MQ

ANSI SQL

Federal Student Aid Standard

SQL (Structured Query Language) has been standardized by both ANSI and ISO

Interface

Service Description / Interface

IBM WebSphere DataPower XML Security Gateway XS40 Web Services Description Language (WSDL)

Federal Student Aid Target

Service Discovery

Universal Description, Discovery, and Integration (UDDI)

Federal Student Aid Target

Interoperability

Data Format / Classification

eXtensible Markup Language (XML) Namespaces

ED Standard

http://www.w3.org/XML/

ED Standard

http://www.w3.org/TR/RECxml-names/

Version 6.0 Final

31

09/06/2007

Technology Standards and Products Guide

Section 3. Service Specifications

Service Category

Service Standard

Federal Student Aid Service Specification ISO/IEC 11179 XML Registry and Repository for the Education Community

Federal Student Aid Classification ED Standard

Comment

The Core Components stored in the XML Registry and Repository have been created and reviewed through a collaborative effort between the Office of Federal Student Aid (FSA), Postsecondary Electronics Standards Council (PESC), and the Education Standards Community. http://www.w3.org/Style/XSL/

Data Transformation

eXtensible Stylesheet Language Transform (XSLT) XML Schema

Federal Student Aid Standard

Data Types / Validation

Federal Student Aid Standard

http://www.w3.org/TR/RECxml/

Version 6.0 Final

32

09/06/2007

Technology Standards and Products Guide

Section 3. Service Specifications

3.4

Service Platforms and Infrastructure

The Service Platform and Infrastructure defines the collection of platforms, hardware and infrastructure specifications that enable Federal Student Aid to develop component-based architectures and facilitate component reuse. Platform and Application servers will reduce the complexity of developing components by providing automatic support for services such as transactions, security and database connectivity.

Database / Storage - Database / Storage refers to a collection of programs that enables storage, modification, and extraction of information from a database, and various techniques and devices for storing large amounts of data. Delivery Servers - Delivery Servers are front-end platforms that provide information to a requesting application. It includes the hardware, operating system, server software, and networking protocols. Hardware / Infrastructure - Defines the physical devices, facilities and standards that provide the computing and networking within and between enterprises. Software Engineering - Software engineering covers not only the technical aspects of building software systems, but also management issues, such as testing, modeling and versioning. Supporting Platforms - Supporting platforms are hardware or software architectures. The term originally dealt with only hardware, and it is still used to refer to a CPU model or computer family.

This area also includes the collection of relational and legacy database systems, enterprise resource planning (ERP) systems, and mainframe transaction processing systems that provide the critical information infrastructure for Federal Student Aid’s business processes. These varied systems hold the information that Federal Student Aid needs to carry out its daily operations. It is essential that new applications developed for Federal Student Aid are able to integrate with these enterprise information systems. Table 3-5 Service Platforms and Infrastructure
Service Category Database/ Storage Service Standard Database Federal Student Aid Service Specification IBM Database 2 (DB2) Informix Federal Student Aid Classification Federal Student Aid Contained Federal Student Aid Contained Federal Student Aid Standard Comment

Legacy

Legacy

Oracle

Business Systems

Version 6.0 Final

33

09/06/2007

Technology Standards and Products Guide

Section 3. Service Specifications

Service Category

Service Standard

Federal Student Aid Service Specification SQL Server

Federal Student Aid Classification Federal Student Aid Contained Federal Student Aid Standard

Comment

Intranet Only

Delivery Servers

Application Servers

IBM Websphere Application Sever

Portal Servers

IBM Websphere Portal Sever IBM Websphere Portal Factory

Federal Student Aid Target

Web Servers

IBM IHS Webserver Standards set by contractual requirements

Federal Student Aid Standard LAN/Network ED Standard Servers/Computers - Federal Student Aid Standard See Integrated Technology Architecture / Enterprise Application Integration and the Virtual Data Center for current product listing for infrastructure hardware.

Hardware / Infrastructure

Network Devices / Standards Peripherals Servers / Computers

Software Engineering

Integrated Development Environment (IDE)

Visual Studio Visual Studio.Net IBM WebSphere Studio Eclipse

Federal Student Aid Contained Federal Student Aid Standard Federal Student Aid Standard Federal Student Aid Target http://www.eclipse.org/

Modeling

Unified Modeling Language (UML) v2.0 Business Process Execution Language (BPEL) v2.0 Business Process Modeling Notation (BPMN) v1.0

http://www.uml.org/

Federal Student Aid Target

BPEL Specification 2.0 – http://www.oasis.org

Federal Student Aid Target

http://www.bpmn.org/

Version 6.0 Final

34

09/06/2007

Technology Standards and Products Guide

Section 3. Service Specifications

Service Category

Service Standard

Federal Student Aid Service Specification Federal Student Aid Data Model Standards and Guidelines, Registration Policies and Procedures Information Engineering (IE) Notation IBM Rational Rose

Federal Student Aid Classification Federal Student Aid Standard

Comment

Enterprise Data Modeling Standards and notation Data Model Standards are part of the Acquisition Package(s)

Federal Student Aid Standard Federal Student Aid Standard Federal Student Aid Standard

Application behavior & design tool Enterprise Data Modeling Tool Business process Engineering Tool

Embarcadero E/R Studio IBM Websphere Business Integration Modeler (WBIM) Software Configuration Management

IBM Rational ClearQuest
IBM Websphere Deployment Manager IBM Rational RequisitePro and SODA IBM Rational ClearCase CVS

Federal Student Aid Standard

Change Management / Defect Tracking / Issue Management Deployment Management

Federal Student Aid Standard

Federal Student Aid Standard

Requirements Management and Traceability Version Control

Federal Student Aid Standard Federal Student Aid Contained Federal Student Aid Contained Federal Student Aid Contained

CCC/Harvest

Endeavor

Version 6.0 Final

35

09/06/2007

Technology Standards and Products Guide

Section 3. Service Specifications

Service Category

Service Standard Test Management

Federal Student Aid Service Specification Tools and standards are currently under review and will be referenced in the Testing Standards Handbook scheduled to be released Sept. 2007

Federal Student Aid Classification Federal Student Aid Target

Comment

Functional Testing Installation Testing Reliability Testing Security and Access Control Testing Usability Testing (508 Testing)

Standards for load/stress, performance, installation and configuration testing will not be included in the first version of the testing standards handbook.

Version 6.0 Final

36

09/06/2007

Technology Standards and Products Guide

Acronyms

Appendix A. Acronyms
Table A-1 Acronym Listing
Acronym APP AWG BTIG CCB CDA CDDTS CFO CIO CM CMO COD COOL COR CPIC CPS CR CSB CSR DL DLCS DLSS DMCS DS DUNS EA EAI ESB EBF Annual Performance Plan Architecture Working Group Business and Technology Integration Group Change Control Board Common Data Architecture Conditional Disability Discharge Tracking System Chief Financial Officer Chief Information Officer Configuration Manager / Change Management Case Management & Oversight Common Origination and Disbursement College Opportunities Online Contracting Officer’s Representative Capital Planning and Investment Control Central Processing System Change Request Common Services for Borrowers Customer Services Representative Direct Loan Direct Loan Consolidation System Direct Loan Servicing System Debt Management and Collection System Data Services Data Universal Numbering System Enterprise Architecture Enterprise Application Integration Enterprise Service Bus Enterprise Business Function Definition

Version 6.0 Final

A-1

09/06/2007

Technology Standards and Products Guide

Acronyms

Acronym ECB ED EDCAPS EIPM ESP EVM EJB FAA FAFSA FACH FEA FFEL FMS FMSS FOIA FP FPDM FPO FPS FSA FSC FSEOG FWS GAO GA GAPS GPRA GSA GSS IA IF Version 6.0 Final Electronic Campus Based U.S. Department of Education

Definition

ED Consolidated Accounting & Payment System Enterprise Integration Planning and Management Enterprise Sequencing Plan Earned Value Management Enterprise Java Bean Financial Aid Advisors Free Application for Federal Student Aid Federal Audit Clearinghouse Federal Enterprise Architecture Federal Family Education Loan Financial Management System (FSA) Financial Management System Software (ED) Freedom of Information Act Financial Partner Financial Partner Data Mart Financial Partners Oversight Financial Partner Services Office of Federal Student Aid Federal School Code Federal Supplemental Educational Opportunity Grant Federal Work Study General Accounting Office Guaranty Agency Grant Administration and Payment System Government Performance and Results Act General Services Administration General Support System Information Assurance Information Framework A-2 09/06/2007

Technology Standards and Products Guide

Acronyms

Acronym ILSC IFAP IMS IPC IPEDS IPM IT ITIL ITIM J2EE JMS JSF

Definition Integration Leadership Support Contractor Information for Financial Aid Professionals Integrated Master Schedule Investment Planning Council Integrated Post Secondary Education Data System Integrated Partner Management Information Technology Information Technology Infrastructure Library IT Investment Management Standard Java Environment Specification Java Messaging Service Java Server Faces

LaRS (aka LAP/LaRS) Lender Reporting Systems/Lender Application Process Leveraging Education Assistance Partnership/ LEAP/SLEAP LID LDAP LS&T MA MVC NSLDS O&M OCFO/FMSS OHA OIG O11ie OMB OPE OPEID PBO PCA Special Leveraging Education Assistance Partnership Lender ID Lightweight Directory Access Protocol Limit Suspend and Terminate Major Application Model-View-Controller National Student Loan Data System Operations & Maintenance (Vendor) Office of the Chief Financial Officer Office of Hearing and Appeals Office of the Inspector General Oracle 11i Implementation Environment Office of Management and Budget Office of Postsecondary Education Office of Postsecondary Education ID Performance Based Organization Private Collection Agency

Version 6.0 Final

A-3

09/06/2007

Technology Standards and Products Guide

Acronyms

Acronym PEPS PIP PMO POJO PP&E QA RID RM RMT SA SAIG SEC SME SOAP SSA SSN TAM TIM TIN USPS V&V VDC VIDM WBS XML

Definition Postsecondary Education Participant System Performance Improvement Procedures Program Management Office Plain Old Java Object Partner Participation and Enrollment Quality Assurance Routing ID Risk Management Risk Management Team Security Architecture Student Aid Internet Gateway School Eligibility Channel Subject Matter Expert Simple Object Access Protocol Social Security Administration Social Security Number Tivoli Access Manager Tivoli Identity Manager Tax ID Number United States Postal Service Verification and Validation Virtual Data Center Virtual Integration Data Mapping Work Breakdown Structure eXtensible Markup Language

Version 6.0 Final

A-4

09/06/2007

Technology Standards and Products Guide

Glossary

Appendix B. Glossary
Table B-1 Glossary
Term 508 Compliance Definition A section of the Rehabilitation Act that requires compliance with the Electronic and Information Technology Accessibility Standards. The office or offices within the Department responsible for managing an IT solution and whose purpose will be to support that business function. This process is an integrated approach to managing Information Technology (IT) investments. This activity entails a comprehensive analysis of the technical and non-technical security features and other safeguards of an IT solution to establish the extent to which a particular solution meets a set of specified security requirements. Process for managing changes to configuration items (see ITIL) This public law is formerly known as the Information Technology Management Reform Act or ITMRA. It requires each agency to undertake capital planning and investment control by establishing a process for maximizing the value and assessing and managing risks of IT acquisitions of the executive agency. Management of collections of hardware, software or other entities belonging to well-defined sets or configurations (see ITIL) Departmental offices that review and approve acquisition-planning documents. A document that must be completed and approved by the end of a particular stage. This public law requires agencies to develop performance measures for implementing egovernment. In addition, the act requires agencies to conduct and submit to OMB, Privacy Impact Assessments (PIAs) for all new IT investments administering information in identifiable form collected from or about members of the public. (Refer to the CPIC process for more information). This functional area provides resources and processes to help the Department link its business needs with the best available technologies. EA B-1 09/06/2007

Business Area

Capital Planning and Investment Control (CPIC) Certification and Accreditation (C&A)

Change Management Clinger-Cohen Act

Configuration Mgmt

Contract Office Core Deliverable E-Government Act of 2002

Enterprise Architecture (EA)

Version 6.0 Final

Technology Standards and Products Guide

Glossary

Term

Definition helps the Department accomplish more with existing resources by using common or shared technology features to deliver needed capabilities faster, reduce new technology risks and free key program staff to focus on more important work. Funding request document describing the business case for an investment, financials, performance measures, SRM and TRM mappings. The required Framework deliverables that must be completed and approved to exit one stage and enter the next. A Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. Federal legislation that requires agencies to integrate IT security into their capital planning and enterprise architecture processes at the agency, conduct annual IT security reviews of all programs and systems and report the results of those reviews to OMB. A structured approach of required stages, key activities and core deliverables that provides a foundation for aligning existing interrelated processes within the Department-regardless of system lifecycle methodology employed. Interconnected information resources under the same direct management control that shares common functionality. A system normally includes hardware, software, information, data, applications, communications, facilities and people. It provides support for a variety of users or applications, or both. The continuous application of security policies, procedures and processes that protect and defend information and information resources from unauthorized disclosure, modification or denial of services to authorized consumers. A term used to describe equipment or an interconnected system or subsystem of equipment, which is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data by an executive agency. A process area within the Department that provides an integrated management mechanism for the continuous selection, control and evaluation of investments in information systems and resources B-2 09/06/2007

Exhibit 300

Exit/Entry Criteria

Family Educational Rights and Privacy Act (FERPA)

Federal Information Security Management Act (FISMA) of 2002

Framework

General Support System (GSS)

Information Assurance (IA)

Information Technology (IT)

Information Technology Investment Management (ITIM)

Version 6.0 Final

Technology Standards and Products Guide

Glossary

Term

Definition over the course of their lifecycles. (Refer to the Department's ITIM Process Guide for more information). Infrastructure that will reduce the number of stove piped applications within FSA that are costly to update. FSA applications use this infrastructure to reduce performance bottlenecks and resolve issues. Any task, procedure or process that enables and supports the development and/or approval of a core deliverable (see definition for core deliverable above). Critical documents, sections of documents or categories of information that pertain to a core deliverable. The coordination of activities associated with the implementation of information systems from conception through disposal, which include defining requirements, designing, building, testing, implementing and disposing of systems. An application that requires special attention to security due to the risk and magnitude of the harm resulting from the loss, misuse, or unauthorized access to, or modification of, the information in the application. This organization is a non-regulatory Federal agency within the U.S. Commerce Department's Technology Administration division. NIST's mission is to develop and promote measurement, standards and technology to enhance productivity, facilitate trade and improve the quality of life. The title of this legislation is "Preparing, Submitting and Executing the Budget." A-11 provides guidance on preparing the Fiscal Year Budget submissions for Presidential review and includes instructions on budget execution. The revised version of this policy will have the title, "Management's Responsibility for Internal Control," and is effective as of FY 2006. This legislation defines management's responsibility for internal control in Federal agencies and has a strong emphasis on financial reporting, as opposed to IT Capital Planning. The title of this policy is "Management of Federal Information Resources," A-130, provides information resource management policies on Federal Information Management/Information Technology (IM/IT) resources. The ED OCIO recommends that all offices investing in IT B-3 09/06/2007

Integrated Technical Architecture (ITA)

Key Activity

Key Component

Lifecycle Management (LCM)

Major Application

National Institute for Standards and Technology (NIST)

OMB Circular A-11

OMB Circular A-123

OMB Circular A-130

Version 6.0 Final

Technology Standards and Products Guide

Glossary

Term

Definition resources become familiar with OMB A-130. The title of this policy is "Guidelines and Discount Rates for Benefit-Cost Analysis of Federal Programs." A-94 offers guidelines to promote efficient resource allocation through well-informed decision-making. Federal legislation intended to minimize the paperwork burden resulting from the collection of information by or for the Federal government in an effort to reduce cost by better managing Federal government information. Delivery of specific services, content or data keyed to user attributes Department governing body that conducts IT investment analysis reviews and evaluates IT investments and makes recommendations to the CIO. The PIRWG also advises the CIO on Strategic IT investment management issues. Portal server subsystem that delivers basic portal services Portal application component (often one of several on one page) Portal application program interface for portlet manipulation Offices within the Department that are responsible for ensuring that they develop automated systems that use information technology in accordance with the Framework. All Department IT systems processing data that is protected under the Privacy Act must have measures implemented to protect individually identifiable information. Interconnecting systems owned by other departments and agencies that process Department data must also be considered. Protection measures must consist of management, technical and operational controls and ensure an acceptable level of risk. An acceptable level of risk should be determined in accordance with the Department's Risk Management Procedures. Resolution of known errors Documents for various process areas within the Department (e.g. ITIM, TRB, CCRB). Function to manage portal user profile storage and access

OMB Circular A-94

Paperwork Reduction Act of 1995

Personalization Planning and Investment Review Working Group (PIRWG)

Portal Portlet Portlet API Principal Office (PO)

Privacy Act of 1974, as amended

Problem Resolution Process Guides Profile Management

Version 6.0 Final

B-4

09/06/2007

Technology Standards and Products Guide

Glossary

Term Project Manager

Definition Staff person who is responsible for creating deliverables and ensuring that business and technical reviews are executed and required deliverables are completed. This individual is also responsible for managing the day-to-day operations of the Department's IT solutions. A discipline within project management to objectively monitor control and ensure the completion of key activities and required core deliverables throughout the lifecycle. A term to describe all automated information systems, software applications and manual processes at the Department (see System below). Computer application as written in its source language, e.g. Java Definitive sections of the lifecycle that indicate a specific purpose or goal (e.g. Vision Stage, Design Stage). The end of each stage is marked by a "stage gate," which marks the exit from one stage and entry into the next. The integration of various business and technical reviews that ensures core deliverables (and any additional deliverables) required for that stage have been completed. A collection of components (hardware, software, interfaces) organized to accomplish a specific function or set of functions; generally considered to be a self-sufficient item in its intended operational use. A document to be used by program and project managers to plan, record and track the completion of all deliverables required for that solution. Project managers should list all Framework core deliverables and any additional required deliverables for their solution. Department governing body whose purpose is to govern the technical aspects of new systems development that might affect the performance of the many client and enterprise systems, infrastructure, data and general integrity of the Department's network (EDNet). An individual or organization operating or interacting directly with the system; one who uses the services of a system. Application access supported by XML and use of Internet protocols

Quality Assurance (QA)

Solution

Source Code Stage

Stage Gate Review

System

Tailored Project Guide

Technical Review Board (TRB)

User

Web Services

Version 6.0 Final

B-5

09/06/2007

Technology Standards and Products Guide

Glossary

Term Work Products Guide

Definition The Work Products Guide seeks to provide project managers with access to a knowledge base of guidelines, procedures, and templates for all critical project activities.

Version 6.0 Final

B-6

09/06/2007

Technology Standards and Products Guide

Bibliography

Appendix C. Bibliography
Publicly accessible references 1 2 3 4 5 6 7 8 9 10 11 12 13 The Technical Reference Model (TRM) is referenced from http://www.whitehouse.gov/omb/egov/a-6-trm.html The Federal Enterprise Architecture (FEA) Reference Models are referenced from http://www.whitehouse.gov/omb/egov/a-2-EAModelsNEW2.html The Federal Enterprise Architecture is referenced from http://www.whitehouse.gov/omb/egov/a-1-fea.html The Clinger-Cohen Act of 1996 is referenced from http://www.cio.gov/Documents/it_management_reform_act_Feb_1996.html The OMB Circular A-11 is referenced from http://www.whitehouse.gov/omb/circulars/a11/02toc.html The OMB Circular A-130 is referenced from http://www.whitehouse.gov/omb/circulars/a130/a130.html The Paperwork Reduction Act of 1995 is referenced from http://www.archives.gov/federal-register/laws/paperwork-reduction/ The Government Paperwork Elimination Act (GPEA) is referenced from http://www.cdt.org/legislation/105th/digsig/govnopaper.html The E-Government Act of 2002 (P.L. 107-347) is referenced from http://www.cdt.org/legislation/107th/e-gov/020325s803analysis.pdf The Federal Records Act of 1950 is referenced from http://www.ed.gov/policy/gen/leg/fra.html The Government Performance Results Act of 1993 is referenced from http://www.whitehouse.gov/omb/mgmt-gpra/gplaw2m.html The Federal Transition Framework is referenced from http://www.whitehouse.gov/omb/egov/a-2-EAFTF.html FIP Publications and Standards are referenced from http://csrc.nist.gov/publications/fips/index.html and http://csrc.nist.gov/publications/nistpubs/index.html

Version 6.0 Final

C-1

09/06/2007

Technology Standards and Products Guide

Bibliography

Federal Student Aid Web sites referenced 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 The PIN Web Site is publicly available at http://www.pin.ed.gov Student Aid Internet Gateway (SAIG) is publicly available at http://www.saigportal.ed.gov/ Free Application for Federal Student Aid (FAFSA) is publicly available at http://www.fafsa.ed.gov/ Federal Student Aid Download is publicly available at http://www.fsadownload.ed.gov/ National Student Loans Data System (NSLDS) Web site is publicly available at https://www.nslds.ed.gov/nslds_SA/ NSLDS – Professional Access is publicly available at https://www.nslds.ed.gov/nslds_FAP/secure/logon.jsp Information for Financial Aid Professionals Online Library is publicly available at http://www.ifap.ed.gov/ Common Origination and Disbursement Web site is publicly available at https://cod.ed.gov/cod/LoginPage Postsecondary Education Participants System (PEPS) is publicly available at http://www.ed.gov/offices/OSFAP/PEPS/index.html Federal Student Aid Web Applications Gateway is publicly available at https://www.fsa-remote.ed.gov/login.asp?ClientDetection=On eCampus-Based Program Web site for Federal Student Aid is publicly available at https://cbfisap.ed.gov/ecb/CBSWebApp/ Direct Loans Servicing Online is publicly available at https://www.dlssonline.com/ Direct Loans Servicing Online School Site is publicly available at http://schools.dlssonline.com/ Direct Loans Master Promissory Note (eMPN) is publicly available at http://dlenote.ed.gov/ Direct Loans Consolidation Web site is publicly available at http://loanconsolidation.ed.gov/ Federal Government Laws and Regulations are referenced from http://www.usa.gov/webcontent/ Student Aid on the Web is publicly available at http://studentaid.ed.gov/ XML Registry and Repository for the Education Community is publicly available at http://www.fsaxmlregistry.ed.gov/

The following materials are referenced from Federal Student Aid’s intranet:

Version 6.0 Final

C-2

09/06/2007

Technology Standards and Products Guide

Bibliography

1 2 3

Financial Management System is available on the Federal Student Aid intranet at https://fsa-fms.ed.gov:8000/ The Starting Line is available on the Federal Student Aid intranet at http://thestartingline.ed.gov/ The Integrated Technology Architecture / Enterprise Application Integration is available on the Federal Student Aid intranet at http://thestartingline.ed.gov/cio/itaeaisa/

The following documents are referenced from Federal Student Aid’s intranet: 1 The Architectural Area List presentation is referenced from http://thestartingline.ed.gov/modernization/documents/04_Task20.3Architectural AreaList.ppt The Architectural Models Template is referenced from http://thestartingline.ed.gov/modernization/documents/03_Task 20.1ArchitecturalModelTemplate.doc The Target State Vision Security Standards is referenced from http://thestartingline.ed.gov/modernization/documents/WP9.033.2DraftTSVSecur ityStandards112305.doc The Target State Vision Security Policies is referenced from http://thestartingline.ed.gov/modernization/documents/WP9.033.1DraftTSVSecur ityPolicies112305.doc The Security Architecture Options Document is referenced from http://thestartingline.ed.gov/modernization/7_2SecurityArchitectureArchitectureO ptionsDocument.doc CIO Handbook - Section 508 Standards at http://thestartingline.ed.gov/cio/techcenter/technology_handbook/2/22_section_50 8_standards.pdf The Federal Student Aid Style Guide is referenced from http://thestartingline.ed.gov/styleguide/ Federal Student Aid Data Model Standards and Guidelines, Registration Policies and Procedures (TBD), are part of the Acquisition Package(s)

2

3

4

5

6

7 8

Version 6.0 Final

C-3

09/06/2007