U.S.

DEPARTMENT OF TRANSPORTATION OFFICE OF THE CHIEF INFORMATION OFFICER

FY 2006 – FY 2011 INFORMATION RESOURCES MANAGEMENT PLAN

September 2006

Information Resources Management Plan EXECUTIVE SUMMARY

FY 2007 – FY 2011

The Department of Transportation’s (DOT) FY 2006– FY 2011 Information Resources Management (IRM) Plan1 identifies the strategies and integrated management frameworks DOT will implement to support its strategic goals and the President’s Management Agenda (PMA) and the measures of success for these goals. The IRM Plan identifies guiding principles, strategic goals and major Information Technology (IT) management activities DOT will undertake to ensure the strategies are implemented in an efficient and effective manner. This integrated approach to IT strategic planning ensures that DOT's investments in IT support DOT’s overall eGovernment and Lines of Business efforts to improve services to citizens, simplify business processes, and improve DOT's overall interactions with its customers. In addition to this internal focus, DOT recognizes the need to integrate external policy directions as defined by Congress and the Administration into its IT initiatives. The DOT IRM Plan responds to the legislative mandate in the Clinger-Cohen Act of 1996 (CCA) which “…requires each agency to undertake capital planning and investment control by establishing a systematic process for maximizing the value, and assessing and managing risks of IT acquisitions of the executive agency.” The Paperwork Reduction Act of 1995 specifies that agencies shall “… develop and maintain a strategic information resources management plan that shall describe how information resources management activities help accomplish agencies’ missions.” The Government Performance and Results Act (GPRA) of 1993, which specifies the strategic planning context and performance metrics to measure accomplishment against strategic goals, further clarifies this legislative direction. Finally, in accordance with OMB Circular A-130, this IRM Plan further supports DOT’s strategic direction. The scope of the DOT IRM Plan encompasses all aspects of Information Technology in DOT, including: mission and administrative systems; telecommunications; and security. It involves all DOT Operating Administrations (OAs), both at headquarters and their field locations. The DOT IRM Plan communicates IT Strategic Objectives that link to the DOT Strategic Plan (see Section 2), thereby ensuring technological support to the accomplishment of DOT’s critical mission requirements. The DOT IRM Plan also communicates IT strategies to link to the Enterprise Architecture (EA) (See Section 3.4), which will expand and evolve to meet DOT business needs as well as OMB EA requirements. DOT annual performance goals and measures in the updated Strategic Plan FY 2006 – 2011 serve to manage progress towards DOT’s strategic objectives. They also provide the baseline performance indicators for how well IT supports DOT and its programs. DOT uses these performance indicators and measures to improve strategies and resource decisions. Figure 1 illustrates these strategic linkages.

1

This IRM Plan is a five-year plan that is selectively reviewed and assessed every three years to evaluate the adequacy and effectiveness of the Department’s information management activities. This update reflects objectives and activities created for 2007 through 2009.

September 2006

i

Information Resources Management Plan Figure 1 DOT Strategic Linkages

FY 2007 – FY 2011

DOT is supporting organizational improvement and business transformation transformation
Department of Transportation Mission
The national objectives of general welfare, economic growth and stability, and the security of the United States require the development of transportation policies and programs that contribute to providing fast, safe, efficient, and convenient transportation at the lowest cost consistent with those and other national objectives, including the efficient use and conservation of the resources of the United States.

DOT’s Strategic Objectives
Safety
Enhance public health and safety by working toward the elimination of transportationrelated deaths and injuries.

Reduced Congestion
Reduce congestion and other impediments to using the Nation’s transportation system.

Global Connectivity
Facilitate an international transportation system that promotes economic growth and development.

Environmental Stewardship
Promote transportation solutions that enhance communities and protect the natural and built environment.

Security, Preparedness and Response
Balance transportation security requirements with the safety, mobility and economic needs of the Nation and be prepared to respond to emergencies that affect the viability of the transportation sector.

Organizational Excellence
Advance the Department’s ability to manage for results and achieve the goals of the President’s Management Agenda.

DOT Technology Strategies DOT Strategic Plan for FY2006-2011

IRM Plan FY 2006 - 2011 This updated plan will guide IT investment decision-making as well as the overall management of information technologies. It reflects the DOT Strategic Plan 2006 – 2011 and specific refinements for the FY 2008 budget submission process. The expected outcomes of implementation are to: 1. Ensure alignment with the President's Management Agenda and the mission-specific business needs of DOT. 2. Ensure integration among Chief Information Officer (CIO) functions (such as IT capital planning, IT security and privacy, operations, and enterprise architecture) and

September 2006

ii

Information Resources Management Plan

FY 2007 – FY 2011

with major Federal and Departmental management processes (strategic planning, budget, procurement, and policy). 3. Focus on performance through establishing appropriate measures for both efficiency (outputs) and effectiveness (outcomes) and managing for results. 4. Assure assimilation of a qualified IT workforce to improve IT product and service delivery, through the development, recruitment and retention of highly qualified project managers, solution architects, security specialists, and other personnel as identified. 5. Assure assimilation of a qualified IT workforce to improve IT product and service delivery, through the development, recruitment and retention of highly qualified IT project managers, solution architects, security specialists, and other key IT and support personnel Vision The strategic vision for Office of the Chief Information Officer for DOT is to: Promote the effective use of technology to enable safer, simpler, smarter transportation solutions by maximizing available resources and optimizing operations. Mission The mission of the Office of the Chief Information Officer for DOT2 is to: Serve as principal advisor to the Secretary on matters involving information resources and information management, and as such, provide leadership in visionary and collaborative manner to leverage Information Technology (IT) resources in order to improve business processes and accomplish strategic Department of Transportation (DOT) mission, goals and program objectives. IT Strategic Objectives The IRM Plan Strategic Objectives are organized according their relationship to the mission of the DOT Strategic Plan (Mission Achievement Strategic Objectives) and the management objectives of the President’s Management Agenda and Enterprise Solutions (Management Improvement Strategic Objectives). Mission Achievement Strategic Objectives: The following strategic objectives focus on alignment of IT to DOT’s mission and to ensure improvement of services to citizens: 1. Improve services to citizens by leveraging the Federal Enterprise Architecture and DOT's EA. 2. Support improved mission performance by enhancing the contribution of information technologies to each DOT strategic goal. 3. Improve customer relationships by implementing a Department-wide, citizen-centered eGovernment and Lines of Business strategy. Management Improvement Strategic Objectives: These strategic objectives focus on alignment of IT to support delivery of services as well as internal operations and infrastructure. These strategies entail DOT's enterprise solutions and internal efficiency and effectiveness initiatives:

2

As stated in DOT Order 1100.16, Office of the Secretary, April 23, 1997.

September 2006

iii

Information Resources Management Plan

FY 2007 – FY 2011

1. Support improved delivery of services to citizens, businesses, and other governmental organizations through continued implementation of comprehensive IT planning and management processes and increased collaboration on e-Government and Line of Business projects. 2. Improve internal operations and infrastructure, and other "back office" support activities, to ensure DOT operates more effectively by continued management and sponsorship of enterprise solutions and enhanced collaboration on e-Government and Line of Business projects. Section 2 offers a full discussion of the stated strategic objectives above. A summary of the approaches and governance structure for implementation of the strategic objectives can be found in Section 3. Lastly, enterprise-wide collaboration (i.e., e-Government and Lines of Business) is a critical success factor that is discussed in Section 4. Overall, the objective of DOT is to strategically enable a safe and efficient transportation system supported by technological solutions where appropriate. Together with complementary goals and strategies, DOT has established a framework making it possible to formulate Information Resource Management (IRM) initiatives consistent with DOT’s strategic business direction.

September 2006

iv

Information Resources Management Plan

FY 2007 – FY 2011

TABLE OF CONTENTS
EXECUTIVE SUMMARY............................................................................................................I 1.0 INTRODUCTION....................................................................................................................1 1.1 CURRENT ENVIRONMENT.............................................................................................................1 1.2 OPPORTUNITIES AND CHALLENGES................................................................................................2 1.3OCIO STRATEGIC PLANNING PROCESS FOR 2007...........................................................................5 2.0IT STRATEGIC FRAMEWORK...........................................................................................6 2.1 MISSION ACHIEVEMENT STRATEGIC OBJECTIVES.............................................................................8 2.2 MANAGEMENT IMPROVEMENT STRATEGIC OBJECTIVES...................................................................11 3.0 IT STRATEGIC PLAN IMPLEMENTATION...................................................................13 3.1 IT GOVERNANCE (PROPOSED)....................................................................................................14 3.2 IT PROGRAM PORTFOLIO MANAGEMENT......................................................................................17 3.3 IT CAPITAL PLANNING AND INVESTMENT CONTROL (CPIC) ........................................................17 3.4 ENTERPRISE ARCHITECTURE (EA)..............................................................................................19 3.5 IT SECURITY AND PRIVACY.......................................................................................................21 3.6 DOT STRATEGIC GOAL AND INFORMATION MANAGEMENT ACTION PLAN........................................23 4.0 ENTERPRISE INITIATIVES AND SUPPORTING STANDARDS................................26 4.1 E-GOVERNMENT AND LINE OF BUSINESS INITIATIVES ....................................................................28 4.2 ENTERPRISE SOLUTIONS (CONSOLIDATED 300S)...........................................................................28 4.3 INTERNET PROTOCOL VERSION 6 (IPV6).....................................................................................29 4.4 HOMELAND SECURITY PRESIDENTIAL DIRECTIVE 12 (HSPD-12).................................................31 4.5 NETWORX..............................................................................................................................31 5.0 SUMMARY............................................................................................................................32

September 2006

v

Information Resources Management Plan

FY 2006 – FY 2011

1.0 INTRODUCTION The Department of Transportation’s top priorities are to provide fast, safe, efficient, and convenient transportation at the lowest cost consistent with those and other national objectives, including the efficient use and conservation of the resources of the United States. DOT relies heavily on the use of IT to accomplish these priorities. DOT invests more than $2.5 billion each year on Information Technology to carry out its mission and programs. DOT’s investment in IT is important to both sustain the nation’s transportation system and make it safer. To foster improved operations and to reduce redundancies, DOT will continue to expand collaborations within DOT and with agencies external to DOT. Through collaboration, DOT realizes enormous opportunities to improve information sharing and serve the public. Looking to the future, DOT acknowledges that the demand for data and services will grow. In order to manage this growth DOT will continue to streamline and improve how citizens and business partners interact with DOT. Further, DOT will utilize a Department-wide governance structure to maintain long-range strategic planning and a disciplined budget process as the basis for efficient management of a portfolio of IT investments. This enhances DOT’s ability to address the agency mission and performance goals with the lowest life-cycle costs and least risk. The DOT Chief Information Officer (CIO) is the principal adviser to the Secretary, and to the DOT’s Operating Administrations (OA), on matters involving IT, portfolio management, and has primary DOT oversight responsibility for all departmental IT investments. As such, the CIO provides leadership to ensure that all IT investments support the strategic goals of DOT. The CIO, in conjunction with the IT governance processes, leads, coordinates, and supports key IT initiatives within and across the OAs. The CIO also coordinates and articulates a shared vision and enterprise perspective among DOT’s information activities, champions Departmental initiatives to effectively manage information and provide for enterprise solutions that add value to the businesses of DOT. To that end, this DOT Information Resources Management (IRM) Plan has been prepared. 1.1 Current Environment DOT is a technology dependent and information intensive organization, as is the transportation industry as a whole. Information Technology is a critical component of air, marine, and surface transportation systems—including those used for traffic control, navigation, search and rescue and law enforcement. In addition, travelers and shippers rely heavily on information to determine how best to meet their personal and business transportation needs. Key features of the current environment are: Transportation Security and Safety - In the current environment, DOT must contribute to homeland security by minimizing the vulnerability of the U.S. transportation system to disruption, damage, or exploitation through crime or terrorism. Information Technology can be used in an effective way to augment and improve safe behavior and practices in all modes of transportation and for traditional physical security checks. Technology Trends - Key trends influencing the U. S. transportation system include: 1) Integration of sensors with computers to create robotic and “smart” vehicles and structures;
September 2006

1

Information Resources Management Plan

FY 2006 – FY 2011

2) Growth of electronic commerce, e-Government and Line of Business and web-based communications; 3) Growth of network and information globalization; 4) Use of satellites to navigate and communicate; and 5) Merger of voice, video, and data to enable telecommuting and other requirements to work in alternate locations for any number of reasons. DOT continues to address the impact of technology trends with initiatives such as: • Federal Highway Administration’s (FHWA) joint program with the States to electronically transfer highway payments, • Federal Railroad Administration’s (FRA) Mobile Workforce Initiative that enhances computing and communications for safety inspectors in the field, and • National Highway Traffic Safety Administration's (NHTSA) ARTEMIS system to electronically collect, monitor, and analyze car manufacturer defect data. 1.2 Opportunities and Challenges The U. S. transportation system is vital to the National well-being, whether measured in economic growth, safety, security, international competitiveness or quality of life. Information Technology is a critical enabler for DOT’s on-going mission and programs. Understanding the opportunities and challenges posed by this environment is essential to developing successful IT strategies to guide DOT’s IT future activities. Opportunities Improve Service Delivery Through Teamwork and Collaboration – Working across traditional organizational boundaries to better serve citizens is a tremendous opportunity provided by the focus on e-Government and Line of Business in the PMA. The Federal e-Government and Line of Business Strategy and the Federal Enterprise Architecture provide the vision and direction to support this collaboration in an effort to streamline and simplify services, and provide a business perspective rather than an organizational perspective. DOT Headquarters Relocation - DOT is scheduled to begin personnel relocations to the new Headquarters building in CY2007. The move to the new location will provide an opportunity to establish a common operating environment (COE), where appropriate, without sacrificing the DOT mission and accomplishment of strategic goals. It also provides a unique opportunity to modernize DOT's information systems and networks, and ensure for further adoption of IPv6 standards. Web-enabled Services – DOT has the opportunity to expand upon DOT’s delivery of services and broaden the communication of DOT policies and programs to citizens, customers and employees more effectively and efficiently via DOT's Internet and Intranet sites. These opportunities include ensuring a common look and feel to DOT's web sites, consistent use of technology standards, and potential costs savings through avoiding redundancies. The Operating Administrations are taking leadership roles to consolidate their web services. Finally, all web services activities will be conducted in a manner that ensures IT accessibility standards are met.
September 2006

2

Information Resources Management Plan

FY 2006 – FY 2011

IT Modernization – DOT currently maintains numerous systems with overlapping functionality and data that have limited interoperability. In addition, regions may develop and deploy systems to manage the shortcomings of the enterprise-wide applications, further fragmenting the application architecture. Many of the legacy systems are not user-friendly and require specialized knowledge to navigate and extract information. The sheer volume of systems to be maintained and updated places a strain on DOT resources. The vision to consolidate and eliminate duplicate application data across the DOT business lines provides an opportunity to address the tremendous use of resources. FMCSA’s COMPASS program is a good example of IT Modernization work designed to replace existing systems functionality and re-design business processes based on implementing an EA transition strategy. Network Consolidation – DOT customers are sophisticated and are demanding more, both in terms of the service they receive and the technology and applications that support their business functions. DOT’s internal customers are demanding improved services and response times to their data. DOT must provide information to customers over the Wide Area Network (WAN), Local Area Network (LAN) and Internet, while balancing the needs for data integrity and maintaining overall application security. Therefore, DOT must offer a consolidated network infrastructure that provides a highly reliable, high speed, quality of service infrastructure capable of supporting interagency mission critical applications. In addition, the network must also provide the infrastructure to deploy highly available services for IP telephony, video and future multimedia applications. There is a strategic vision to further consolidate the total DOT network after the migration to the new building. This second phase of network consolidation can be accomplished in conjunction with the implementation of Networx, the follow-on acquisition to FT2001, or as a separate phase after the Networx cutover. In either case, significant savings in telecom cost and improved reliability and service can be achieved in the further consolidation of the DOT network. Challenges Security and Privacy – The integrity, confidentiality and availability of information is the basis of maintaining the trust and confidence necessary for successful e-Government and Line of Business efforts. There are significant challenges to meeting these security and privacy objectives with growing needs for remote access and other factors, including: 1) Emerging technologies that do not have effective security; 2) Worldwide networks that provide access anytime from anywhere; and 3) A new generation of highly-skilled cyber-criminals. DOT is implementing a comprehensive security and privacy program to address the timesensitive needs associated with protection of Personally Identifiable Information (PII) and related requirements. The program is addressed in Section 3.5 of this document. IT Workforce – The ability to recruit, retain and re-train a skilled IT workforce continues to be a challenge confronting the Federal government. DOT must determine the human capital requirements needed to ensure DOT’s future workforce competency/capability requirements are met and establish robust workforce planning capabilities. DOT is addressing this challenge through its Strategic Management of Human Capital organizational excellence activities.
September 2006

3

Information Resources Management Plan

FY 2006 – FY 2011

Data Quality/Information Dissemination/Peer Review - Information is a critical Departmental resource, second only to human resources. This is a major challenge in and among itself because it is vital not only to DOT's daily operations, but is also an essential element in fulfilling our mission to ensure the safe, effective and secure operation of the entire transportation system. Further, in the course of our work, DOT generates a wide variety of information and information products for public use. Some DOT information products can and do have a clear and substantial impact on important public policies and private sector decisions. Pursuant with Section 515 of the Treasury and General Government Appropriations Act for Fiscal Year 2001 (PL 106-554), the CIO has implemented Agency-wide Information Quality guidelines that establish and apply high standards of quality to government information prior to public dissemination to maximize the quality, utility, objectivity, and integrity of the information. The guidelines also guarantee affected members of the public the opportunity to request correction of perceived misinformation. Dissemination activities are also coordinated with DOT’s Freedom of Information Act (FOIA) operations. The CIO has also implemented procedures designed to facilitate DOT’s implementation of the Office of Management and Budget’s (OMB) Bulletin entitled, “Final Information Quality Bulletin for Peer Review.” This Bulletin establishes government-wide guidance aimed at enhancing the practice of peer review of government science documents. Peer review is intended to increase the quality and credibility of the scientific information generated across the Federal government. The implementation of scientific peer review completes the DOT’s organizational excellence objective by further ensuring quality scientific information. The CIO acknowledges that ensuring the quality of information is an important management objective along with other Departmental objectives, such as ensuring the success of OA missions, observing the budget and resource priorities and restraints, and providing useful information to the public. IT Accessibility - The CIO is responsible for providing guidance to DOT organizations regarding implementation of Section 508 of the Rehabilitation Act, as well as on-going consultative assistance regarding IT accessibility, and reviewing progress made toward achieving IT accessibility for DOT employees and individuals with disabilities. Successful implementation of Section 508 requires the support of each and every DOT employee who is involved in the design, development, procurement, or use of electronic and information technology (EIT). Culture of Independence - DOT is currently comprised of thirteen OAs each with its own management and organizational structure. There are also legislative restrictions, as with the FAA, that impact DOT's ability to act or manage in a unified manner. Effectively linking the various modes of transportation as well as meeting the requirements of the e-Gov Act of 2002 to simplify services to citizens across organizational entities will require increased levels of coordination and cooperation. The OST and OAs are committed to providing leadership to ensure continuity of operations between all OAs as evidenced by the proposed IT governance structure and in particular, the key role of the CIO Council. The DOT CIO and the OCIO staff regularly reach out to the OA CIOs on issues that impact the prioritization and kinds of IT investments that are undertaken.
September 2006

4

Information Resources Management Plan

FY 2006 – FY 2011

1.3 OCIO Strategic Planning Process for 2007 The Office of the Chief Information Officer will develop an Information Resources Management Strategic Plan that will further define how the OCIO will support the recently updated DOT FY2006 -2011 Strategic Plan. Incorporating input from the CIOs of the DOT Operating Administrations, the process to update the new IRM Strategic Plan will set objectives, outcomes, and strategies that focus on a five-year horizon. The format of the IRM Strategic Plan will be modified to parallel the DOT Strategic Plan and thus enable a more comprehensive annual performance reporting process for DOT’s information technology program. To accomplish this, the OCIO will engage in a structured, cohesive planning effort to develop IT strategic objectives and outcomes with specific performance indicators and measures that can be tracked and monitored and will serve as a foundation for improved performance-based management. This IRM Strategic Plan will be the guiding document commencing January 2007.

September 2006

5

Information Resources Management Plan 2.0 IT STRATEGIC FRAMEWORK

FY 2006 – FY 2011

The framework adopted here is based on the DOT IT strategic goals. For each of these goals the related strategic objectives are listed. In addition, activities and performance outcomes attributable to these strategic objectives are identified. This framework will be more fully developed during the FY07 strategic planning work. Figure 2 below illustrates the overview of DOT's IT Strategic Framework and identifies two sets of IT strategic goals and the related strategic objectives: Figure 2: IT Strategic Framework DOT Information Technology Strategic Framework
DOT Strategic Plan President’s Management Agenda

IT Strategic Objectives
Mission Achievement Management Improvement • Support improved delivery of services to citizens, businesses, and other governmental organizations Improve internal operations and infrastructure and other “back office” support activities to ensure DOT operates more effectively

• Improve services to citizens by leveraging the Federal Enterprise Architecture and DOT's EA • Support improved mission performance by enhancing the contribution of information technologies to each DOT strategic goal • Improve customer relationships by implementing a citizen-centered EGovernment and Line of Business strategy

IT Strategic Objectives Mission Achievement Strategic Objectives (see Section 2.1) These objectives and activities focus on alignment of IT to DOT's mission. The primary purpose of these strategies is to improve services to citizens. Management Improvement Strategic Objectives (see Section 2.2)

September 2006

6

Information Resources Management Plan

FY 2006 – FY 2011

These objectives and activities focus on alignment of IT to support delivery of services as well as internal operations and infrastructure. These strategic objectives entail DOT's enterprise solutions and internal efficiency and effectiveness initiatives. DOT’s Strategic Plan The U.S. Department of Transportation (DOT) occupies a leadership role in the global transportation network. The employees of DOT are dedicated to improving transportation in the U.S. and around the world by making it safer, simpler and smarter. Safer—because DOT places a greater emphasis than ever before on saving lives and reducing accidents. Simpler—because DOT will consolidate and streamline programs. Smarter—because DOT will focus on efficiency, achieving results and increasing accountability. DOT’s Strategic Plan sets forth the overall direction, vision, and mission of DOT. DOT will achieve its goals through leadership in U.S. transportation policy, operations, investment, and research. The highest priority of DOT is to guarantee the safety and security of the traveling public. President’s Management Agenda In August 2001 the President's Management Agenda was released. The President’s vision for government reform is guided by three principles. The Government should be: • Citizen-centered, not bureaucracy-centered; • Results-oriented; • Market-based, actively promoting rather than stifling innovation through competition. The PMA identifies five primary government-wide initiatives: • Strategic Management of Human Capital • Competitive Sourcing • Improved Financial Performance • Expanded Electronic Government • Budget and Performance Integration Federal Enterprise Architecture The Office of Management and Budget developed the Federal Enterprise Architecture (FEA), a business-oriented framework for government wide improvement, to transform the government into one that is citizen centered, results oriented and market based. The outcome of this effort will be a more customer-focused government that maximizes technology investments to better achieve mission outcomes. The foundation is the Business Reference Model, which describes the government’s Lines of Business and its services. The purpose of this effort is to identify opportunities for collaboration within Lines of Business and across Federal Agencies. This leads to simplified and unified processes that facilitate crossagency analysis, ready identification of duplicative investments and gaps in service delivery. DOT’s departmental EA is steadily evolving, using the Federal Enterprise Architecture Framework (FEAF), FEA Reference Models, and Profiles (such as the Records Management and GeoSpatial Profiles). DOT’s EA will reflect the current organization, business processes,
September 2006

7

Information Resources Management Plan

FY 2006 – FY 2011

applications, information and technology for selected, prioritized DOT business areas and the relationships among them. It will continue to expand and transition activities associated with DOT priorities will be maintained in the DOT Transition Strategy, which includes implementation and sequencing plans for moving from the current to the target state of Departmental activities. Such information will be key to DOT stakeholders in making informed decisions regarding their IT investments. Section 3.4 provides additional details on these efforts. 2.1 Mission Achievement Strategic Objectives DOT will pursue the following strategic objectives to support the achievement of DOT's mission: 1. Improve services to citizens by leveraging the Federal Enterprise Architecture and DOT's EA. Discussion: According to the FEA’s Business Reference Model, DOT supports 21 lines of business and 56 sub-functions in the “Services to Citizens” business area, more than any other Department in the Federal Government. The FEA provides DOT with an analysis tool to investigate alternatives to IT investments by identifying: 1) Agencies which are building, or have already built similar application capabilities, 2) Agencies that are already collecting or plan to collect similar data, and 3) suitable technologies already being used elsewhere in the Federal government. DOT is already working with other Agencies to improve services to citizens and will continue to identify joint opportunities through the use of the FEA and other collaborative mechanisms. One current example is the Federal Aviation Administration's collaboration with the U.S. Air Force on radar acquisitions. 2. Support improved mission performance by enhancing the contribution of information technologies to each DOT strategic goal. Discussion: DOT's Annual Performance Plan identifies the activities DOT will undertake to achieve its six strategic goals and the associated outcomes to be achieved. Information technologies are used by each Operating Administration to support missions and programs. DOT will undertake more rigorous analysis of the contribution of IT investment to each strategic goal to identify additional opportunities to: 1) support strategic goal outcome achievement, and 2) achieve strategic goals more efficiently. 3. Improve customer relationships by implementing a Department-wide, citizen-centered eGovernment and Lines of Business strategy. Discussion: The central tenet of the Federal Government is that it must become more "customer-centric." Being "customer-centric" means creating the environment for understanding and improving the customer relationship. DOT will focus on creating value from the citizen's perspective and incorporate citizen input via techniques such as focus groups or usability surveys. DOT has categorized its Government Paperwork Elimination Act (GPEA) transactions into major customer groups. Further analysis and segmentation to target and improve customer service will be conducted by DOT utilizing multiple data sources and leveraging stakeholder relationships via the Business Reference Model. Employing this citizen-centric strategy will enable DOT to target business process improvements to better meet citizen expectations. DOT is committed to better use of IT to enable faster, easier, and
September 2006

8

Information Resources Management Plan

FY 2006 – FY 2011

more efficient ways for citizens to transact their business with DOT and to provide input on transportation policies and programs. The key activities, outcomes and descriptions of these strategic goals are provided in Table 1.

September 2006

9

Information Resources Management Plan Table 1: Mission Achievement Strategic Objectives
MISSION ACHIEVEMENT STRATEGIC OBJECTIVES No. 1 Strategic Objective Improve services to citizens by leveraging the Federal Enterprise Architecture and DOT's EA • • • Key Activities Map the DOT EA to the FEA (ongoing-as both evolve) Identify shared functions with other Agencies Identify where DOT does and does not have systems supporting the functions Identify redundancies and gaps Prioritize opportunities for collaboration within DOT and with other Agencies Conduct outreach meetings with other Agencies to develop collaborative approaches • • •

FY 2006 – FY 2011

Performance Outcomes Simplified delivery of services Improved citizen satisfaction Improved integration of data, applications, and technology with DOT's mission, functions, and processes Reduced costs through integrating and eliminating redundant systems Minimize the burden on the public Collect information once, and re-use, as appropriate Improved ability to achieve DOT strategic goals more efficiently and effectively

• •

• •

2

Support improved mission performance by enhancing the contribution of information technologies to each DOT strategic goal

• •

Develop IT portfolios for each DOT strategic goal Conduct portfolio analysis to identify opportunities to contribute to achieving strategic outcomes or reducing costs Link strategic goal portfolio analysis with DOT EA target business architecture Conduct Post Implementation Reviews on selected systems supporting each strategic goal Categorize major DOT customer groups Identify other organizations servicing the same customer groups Establish pilot projects Identify and analyze opportunities to improve customer satisfaction and simplify business processes

3

Improve customer relationships by implementing a citizen-centered eGovernment and Lines of Business strategy

• •

• •

Improved customer satisfaction Improved ability for customers to find information and get services from the Federal government

September 2006

10

Information Resources Management Plan

FY 2006 – FY 2011

MISSION ACHIEVEMENT STRATEGIC OBJECTIVES No. Strategic Objective Key Activities incorporating citizen input Performance Outcomes

2.2 Management Improvement Strategic Objectives DOT will pursue the following strategies to improve the delivery of services: 1. Support improved delivery of services to citizens, businesses and other governmental organizations through continued implementation of comprehensive IT planning and management processes and increased collaboration on e-Government and Line of Business projects. Discussion: The lines of business that support the delivery of services include business management of information, regulatory management, planning and resource allocation, Federal financial assistance, IT management, controls and oversight, public affairs, internal risk management and mitigation, and legislative management. DOT participates in several eGovernment and Line of Business Initiatives including Grants.gov, e-Authentication, and Business Gateway. DOT is also implementing a comprehensive IT governance and management framework that supports the determination of strategic direction, identification and establishment of programs and processes to enable change, and allocation of resources among those programs and processes. 2. Improve internal operations and infrastructure and other "back office" support activities to ensure DOT operates more effectively by continued management of enterprise solutions and enhanced collaboration on e-Government and Line of Business projects Discussion: The internal operations and infrastructure lines of business include human resources, supply chain management, administration, and financial management. DOT has successfully implemented several e-Gov Initiatives such as e-Payroll, e-Training, and e-Travel to improve internal operations by leveraging government-wide solutions. DOT is also pursuing several modal and cross-cutting initiatives within the Department. DOT will continue to pursue opportunities for collaboration internally and with other Agencies to improve internal operations and infrastructure. The key activities, outcomes and descriptions of these strategic goals are provided in the table below.

September 2006

11

Information Resources Management Plan

FY 2006 – FY 2011

Table 2: Management Improvement Strategic Objectives
MANAGEMENT IMPROVEMENT STRATEGIC OBJECTIVES 1 Strategic Objective Support improved delivery of services to citizens, businesses, and other governmental organizations • Key Activities Continue implementation of comprehensive, integrated approaches to IT planning, including advanced implementation of the IT CPIC process and employment of the DOT EA as a management tool Collaborate with other Agencies e-Gov and LOB Initiatives within the support delivery of services FEA business area such as eRulemaking, Grants.gov, and Business Gateway Continue implementation of Section 508 (IT accessibility initiatives) Continue identification and management of the internal DOT enterprise solutions to streamline operations, reduce redundancies, and identify cost savings Collaborate with other Agencies on e-Gov and LOB Initiatives within the support delivery of services business area such as e-Payroll, and eTraining Leverage opportunities arising from the planned DOT headquarters move to streamline and consolidate IT services Performance Outcomes Improved IT decisionmaking and support for DOT missions and programs • Improved inter- and intraAgency service delivery capabilities • Increased access for persons with disabilities to web sites and eGovernment and Line of Business applications •

2

Improve internal operations and infrastructure and other “back office” support activities to ensure DOT operates more effectively

• •

More efficient and effective Agency operations Timely and accurate access to data and information

September 2006

12

Information Resources Management Plan

FY 2006 – FY 2011

3.0

IT STRATEGIC PLAN IMPLEMENTATION

DOT is implementing a comprehensive set of IT management frameworks and processes to ensure that it achieves its strategies. This section provides an overview of these efforts. This illustrates our approach, integrating Enterprise Architecture, IT Program Portfolio Management, Capital Planning and Investment Control, IT Security and Privacy, IT Project Management, eGovernment and Line of Business Initiatives. Figure 3: Integrated Approach

Integrated Approach to Support Strategies
Federal and Departmental Strategic Goals IT Mission Achievement and Management Improvement Goals
Baseline Architecture
Strategy Business Business

Capital Planning & Investment Control

Target Architecture
Strategy Business

Data

Data Applications

IT IT Portfolio Portfolio IT IT 07 08 Portfolio Portfolio 06 09

cur Se

Se ity cur

Business

Data

ity

Data Applications

Applications

Applications

Technology Technology
What is my business today and how is it supported by IT?

Technology Technology DOT Transformation
What will my future business be and how should it be supported by IT?

IT Program Management

September 2006

13

Information Resources Management Plan

FY 2006 – FY 2011

3.1 IT Governance (Proposed) DOT is currently reviewing a proposed IT governance framework and related processes which will be implemented by December 31, 2006. There are three main governing boards that will collectively address DOT IT governance requirements – the Investment Review Board (IRB), the CIO Council, and the proposed CTO Council (see Figure 4). The IT governance structures will also ensure that the IT management processes implemented by DOT are conducted in a comprehensive and integrated manner. Therefore, in response to the Clinger-Cohen Act and the need to establish a process that ensures technical feasibility of proposed DOT IT investments, DOT established the CIO Council to review and render decisions on new information technology concepts. The CIO Council is formed under the authority vested in the DOT CIO in 49 CFR §1.72 and DOT Order 1101.16. The CIO Council is considered a permanent DOT governance body. The CIO Council is a cross-agency deliberative committee responsible for reviewing the technical and managerial soundness of IT investments and providing technical recommendations to the DOT Investment Review Board (IRB). The CIO Council is proposed to: • Act as a decision-making body that will prioritize needs and scope workload for the Chief Technology Officer (CTO); • Coordinate with the Working Capital Fund (WCF) and Franchise Fund Boards on project funding; • Prioritize funding for e-Gov and enterprise-wide (cross-cutting) initiatives; • Annually endorse/approve WCF rates for the Common Operating Environment for final approval by the WCF Steering Committee; • Approve new services and respective rates for the Common Operating Environment; • Provide recommendations to the IRB on the direction of IT infrastructure; • Determine which projects should be reviewed by the IRB; • Review OA IT portfolios and recommend to the IRB OA IT funding; • Conduct IT portfolio reviews; • Review the technical approach of individual IT investments coming before the IRB and make recommendations to the IRB regarding technical aspects of affordability, soundness of design, risk, and compliance with architectural and security standards; • Ensure new investments do not duplicate or conflict with existing IT investments; • Recommend proposed major cross-cutting IT investment to the IRB; recommend associated governance structure and funding algorithm. • Provide executive oversight for enterprise-wide (cross-cutting) initiatives; • Conduct major milestone reviews for the cross-cutting and infrastructure major investments; • Review re-baseline requests of major investments; • Develop and approve the enterprise architecture, ensure for configuration management; • Market/Promote Enterprise Architecture and related governance throughout DOT; • Promote the sharing of best practices; • Review most recent DOT CIO staff recommendations and findings based on quarterly compliance reviews, with emphasis on key issues and trends; September 2006 14

Information Resources Management Plan • •

FY 2006 – FY 2011

Collaborate on Departmental IT strategies, infrastructure investments, management issues, and practices; and, Develop, approve, and achieve a DOT-wide IT strategic plan.

The CIO Council will consider any IT issues that have a potential for Department-wide impact. Tactical IT decisions and operational issues that do not raise Department-wide concerns will continue to be handled by the individual operating administrations. The CIO Council will establish and agree to criteria that will be used to determine scope/thresholds of what is tactical OA versus potential Department-wide impact or infrastructure. As an example, core OA mission activities (e.g. National Airspace System) are generally outside the scope of the CIO Council. The DOT Investment Review Board, hereinafter referred to as the “IRB”, is formally chartered and empowered to provide enterprise leadership by ensuring common strategic direction and support for business modernization. The IRB has authority and responsibility for executing major changes to the enterprise. Examples of such enterprise-wide changes include eliminating redundant IT spending, consolidating IT resources, and complying with external mandates. The IRB will readily seek guidance/support from the Secretary, OMB, DOT CIO’s staff, OA CIOs and other governance boards as part of its process and functions. The IRB is formed under the authority of the Secretary of the Department of Transportation. The IRB is considered a permanent DOT governance body. The IRB is a department-level, executive governance board whose scope includes: • Provide strategic direction and leadership (agency needs and direction, business objectives, goals, performance planning and reporting) • Provide budget recommendations on IT projects to the Chief Financial Officer and the Secretary/Deputy Secretary • Conduct portfolio oversight (prioritization, go/no-go decisions, budget preparation, management of Capital Planning and Investment Control (CPIC) processes) • Ensure that decisions pertaining to IT investment management deliver substantial business benefit to the Department and/or substantial return on investment to the taxpayer • Provide implementation direction (policies, standards, processes, priorities) • Communicate OMB’s strategic guidance, oversight, and prioritization of activities • Sponsor enterprise-wide (cross-cutting) initiatives

September 2006

15

Information Resources Management Plan Figure 4: OCIO Governance Model (Proposed)

FY 2006 – FY 2011

DOT Investment Review Board
Strategic Direction, Portfolio Approval and Funding

Portfolio Recommendations

$

WCF/Franchis e Fund Coordination

WCF Rates and New Services

Chief Information Officers Council

Enterprise Initiatives

Prioritize eGov/ Enterprise

$

Chief Technology Officers Council

Solution Recommendations

Prioritized Business Needs

COE Change Control Board

Commodity Councils Commodity Councils

September 2006

16

Information Resources Management Plan 3.2 IT Program Portfolio Management

FY 2006 – FY 2011

The need for improved management of DOT’s $2.5 billion in IT investments requires the implementation of a comprehensive DOT-wide IT program management framework. DOT recognizes that a successfully leveraged IT program management framework affects all aspects of DOT’s resources. Therefore, DOT is evaluating the effect of any proposed solution on an OA’s staffing and funding. Particular emphasis is being placed on the framework impact on OA’s. DOT is developing an integrated investment portfolio and EA framework that are specifically tailored to finding the best solutions for IT-related business requirements and generating measurable business results. This portfolio will facilitate better coordination, management, and visibility of IT investments across the Department. For each objective, current baselines and specific improvement targets are being identified. To ensure that new criteria are effectively implemented, performance measures will be used as a gauge to determine program success and to identify areas for improvement. DOT is taking into consideration the level of effort needed to implement any identified performance measures as well as determine timelines for implementation. Performance measures identified will complement existing programs within DOT such as the IT CPIC process (See Appendix C). In addition, DOT addresses risk management. At the more global level risk management is addressed within the context of IT CPIC and addresses all facets of risks that could impact the success of an IT project. DOT takes a global approach to risk management addressing strategic risk, project management risk, technical risk, development risk, cost sensitivity risk, performance risk, and operational risk. Risk management is also addressed within the context of the DOT IT security program to address system-level risks. In every case, the focus is on early identification of potential risks and development and implementation of risk mitigation strategies. Also, the CIO and the Chief Financial Officer cooperatively ensure that plans for IT projects are based on risk adjusted estimates to ensure full and accurate accounting of Information Technology expenditures, related expenses, and results. Performance measures and outcomes that appear in the Exhibit 300s and Exhibit 53 are consistent with what is being reported in the other budget exhibits and documents. As a result of the consistency, DOT is well-positioned to track program results, coupled with project-specific results. 3.3 IT Capital Planning and Investment Control (CPIC)

DOT’s IT CPIC process is a yearly cycle that is correlated to the Federal budget cycle. To ensure that CPIC processes are conducted in a sound, business-like manner and in accordance with broader management process (budget, strategic and acquisition) requirements, each OA has established a process that is consistent with the principles and concepts identified in Departmental IT Capital Planning and Investment Control Manual and the OMB Capital Programming Guide. DOT has established Planning, Selection, Control and Evaluation Phases of the IT CPIC process and is focused on reaching higher levels of maturity using the Government Accountability Office’s Information Technology Investment Management (ITIM) Maturity Model Framework. To support DOT’s IT strategies, the IT CPIC process ensures that IT investments are closely aligned with DOT’s IT strategic goals. The focus of the IT CPIC community continues to be on enterprise solutions to identify opportunities for streamlining, consolidation, cost-avoidance and September 2006 17

Information Resources Management Plan

FY 2006 – FY 2011

cost savings. Importantly, the IT CPIC process provides opportunity for data collection and analysis that can be supportive of e-Government, customer improvement and strategy outcome analysis. Departmental IT CPIC Policy was initially signed in June 2002 and updated in September 2004. As governance is finalized, it is anticipated that additional updates to the CPIC policy will be issued in early 2007. Efforts are underway to ensure the CPIC process has a timely impact in budget decisions for the department. In order to accomplish this, efforts are underway to determine an effective manner of ranking investments for the department. Additional work is needed among both the CFO and CIO communities to ensure this is accomplished. IT Project Management To meet the need for improved IT project management as required by the Clinger-Cohen Act, OMB policies, and OPM guidance, DOT’s Office of the Chief Information Officer (OCIO) plans to establish an Enterprise Projects Program Management Office (EPPMO) with the goal to become an IT Project Management Center of Excellence. EPPMO guiding principles will comply with relevant Federal guidelines related to IT project management, incorporate industry best practices, and ensure IT projects align with the DOT Strategic Plan and DOT’s Enterprise Architecture. The EPPMO will establish a baseline for measuring IT project management improvements and measure enterprise-wide and project-specific progress against this baseline. This baseline will enable DOT to track improvements in efforts to keep projects on track and meet cost, schedule and performance goals. The EPPMO will facilitate adoption of common project management practices and industry best practices. The EPPMO plans to implement a common project management methodology, tools, metrics, processes and procedures as part of DOT IT project management practices to the extent practical, allowing for flexibility as one size may not fit all. The benefits of establishing the EPPMO at DOT include streamlining project management processes to reduce costs, increasing productivity, minimizing duplication of effort, committing to excellence in project management, introducing greater discipline in the planning, execution and closeout of IT projects, improving customer satisfaction and product quality, and ensuring more reliable and consistent IT product delivery. The EPPMO will provide oversight of DOT IT projects from project initiation through closeout and ensure compliance with applicable federal policies. The EPPMO will oversee IT projects as part of the DOT IT project portfolio. Specifically, the EPPMO will develop and manage the operational framework for the EPPMO, conduct an organizational maturity assessment, develop a consistent project management methodology, assess current and proven software development life-cycle methodologies (SDLC), facilitate change management, provide Earned Value Management (EVM) support, conduct EVM data analysis, develop project manager training content, conduct software tool assessments and select a tool, develop a quality assurance plan, develop and conduct a project pilot, and provide strategic acquisition support. The EPPMO will provide support to the DOT modes, including training on the use of tools, templates and guidance as needed. In FY 2007, the EPPMO will develop a plan for conducting program evaluations that will support IT project investment decisions by the DOT’s Investment Review Board (IRB). In FY 2008, the EPPMO plans to conduct program evaluations to determine which DOT programs should or should not be continued and make recommendations to the IRB.

September 2006

18

Information Resources Management Plan

FY 2006 – FY 2011

3.4 Enterprise Architecture (EA) Federal Agencies are continually being asked by citizens, industry, and other government agencies to improve their performance and efficiency. Identifying agency performance gaps involves an integrated mix of strategic planning, enterprise architecture, capital planning, project management, security, and human capital management to streamline internal operations, prioritize investments, integrate products and services, and improve customer service. DOT’s Enterprise Architecture (EA) strategy actively supports the Department’s strategic objectives through its holistic, performance-based approach to identifying areas where opportunities for change exist. Based upon the DOT mission, EA utilizes the IT strategy and aligns disparate business, information, and technology elements around business strategy. The strategic information relevant to the Department is the basis upon which EA is utilized to understand the current environment, envision the future environment, and determine the optimal path to meet agency goals. The value lies in providing the information necessary for the Department to understand how to employ the best people with the most appropriate resources to achieve operational excellence; select investments (IT and otherwise); and manage cost and performance. In order for DOT to position itself to make informed, justifiable decisions regarding the future investments of the Department, EA must be utilized as a decision making tool to provide answers to business questions in areas pertaining to strategic planning, business processes, data, applications, and technology. An example of business questions key to the strategic planning area are highlighted in Figure 5. Based on answers to the business questions, EA identifies business process gaps, opportunities for sharing information and options for implementing enterprise solutions. Departmental business owners are able to optimize IT investing those results in streamlining business processes and eliminating redundancy through leveraging existing technology to realize cost savings. DOT IT investments are being modernized based on utilizing DOT Strategic Planning, EA strategy and CPIC Integration as outlined in DOT’s Transition Strategy.

September 2006

19

Information Resources Management Plan Figure 5: Managing Enterprise Change

FY 2006 – FY 2011

Managing Enterprise Change
What events or requirements have triggered the change , or need to change? 1. What has, or needs to change? 2. What is the impact of the change on elements of the Enterprise Architecture ? 3. What are the dependencies? 4. What are the sequence of events necessary for managing the change? 5. What are the prerequisites ? 6. What are the risks of changing and of not changing ? 7. What are the alternatives of how to change ? 8. What can be done to limit scope and risk through incremental change ?

Department/Agency Enterprise Architecture
PRM

Strategic Plans
Probable Impact What ? How ? Where ? Who ? When ? Why ?

S E C U R I T Y A R C H I T E C T U R E

- Have our Goals or Objectives changed? - Have our Strategies for achieving them changed? - Have our Performance Measures changed? BRM

Business Processes

- Can we use existing business processes as is ? - Can we modify existing business processes? - Do we need to create new business processes? DRM

H U M A N C A P I T A L

Data & Information

- Can we use existing data as is ? - Do we need to create new data ? - Do we need to provide data to new locations ? SRM

Applications & Services

- Can we use existing application (s) as is? - Can we add to an existing application (s)? - Do we need to create a new application (s)? TRM
Possible Impact

Technology Infrastructure

- Can we use the infrastructure as is ? - Can we modify the existing infrastructure ? - Do we need to create new infrastructure ?

Strategic Transition As part of DOT’s primary objective, to reduce duplicative spending and improve safety for citizens, DOT plans to reinvest savings in the use of IT to advance DOT core missions. Based upon the agency mission outlined in the DOT Strategic and IT Strategic Plans, DOT’s EA strategy can drive the DOT business areas to target investment dollars toward common solutions, referred to as enterprise solutions, cross-cutting initiatives, or horizontal business segments (e.g., Financial Management and Grants Management). Segment architectures unique to the DOT OAs, referred to as vertical segments, are also covered in the Department’s EA development effort through the work of the individual OA EA Programs. Defined projects can be specific to the Department or move DOT towards common, governmentwide solutions.
September 2006

20

Information Resources Management Plan

FY 2006 – FY 2011

The initiatives defined in DOT’s and the OAs’ Transition Strategies are driven by the DOT Strategic Plan and are the link between EA and IT investment management. DOT has identified a number of transition initiatives that are classified in four categories: • • • • Federal e-Government and Line of Business Initiatives Departmental Enterprise Solutions DOT Shared Infrastructure Services OA Mission Specific Applications and Services

In addition, the move to the new headquarters building and new and/or emerging federal and industry standards (e.g., Internet Protocol Version 6 (IPv6), see Section 4.3), will be integral to DOT’s transition toward modernization. To ensure that the transition strategy reflects the results of a strategic portfolio review, the OMB pass back and Congressional appropriation decisions, determination of the most effective cycle for updating the DOT Transition Strategy is underway. 3.5 IT Security and Privacy

DOT is committed to establishing and managing a world class Information Assurance (IA) program that addresses confidentiality, integrity and availability of information to ensure proper levels of security are provided for all of the department’s voice, data, and video networks. To date, DOT has aligned its IT security program with the President’s Management Agenda, as well as integrated it with the CPIC and EA programs to accomplish the following: 1) Developed and implemented a comprehensive IA effort for the protection and accountability of Personally Identifiable Information (PII) in accordance with OMB’s M-16-06 directive. 2) Created and disseminated Agency-wide security polices; 3) Established a Department-wide Incident Reporting Program; 4) Developed the Transportation Cyber Incident Response Center (TCIRC) to monitor and respond to threats, vulnerabilities, and incidents within DOT; 5) Certified and accredited 100% of DOT’s mission critical/major IT Systems

September 2006

21

Information Resources Management Plan Figure 6 provides an overview of the IT security program approach. Figure 6: IT Security Program

FY 2006 – FY 2011

Co nf ide nt ial it y

IA Goals & Objectives

t In eg y rit

Governance Structure

Policies Guidelines Standards

Management, Technical, Operational Controls
Incident Response Privacy Contingency Training, Testing Awareness

POA&M Remediation C&A

Technical Implementation
Host Security • Access Controls • Operating System Controls • Software Development/Change Controls • Self Healing Network Security • Firewalls • Intrusion Detection Systems • Vulnerability Testing • Quarantine

Enterprise Architecture and IT Capital Planning

Availability

Looking forward, DOT will focus on the following IT security program elements: • • • • Deployment of HSPD-12 Logical access capabilities, Wireless, eAuthentication and eSignature, as well as levels of information protection, supporting technology acquisition and deployments; Conduct recurring vulnerability scanning and quarterly compliance reviews of all mission critical hosts to determine information assurance with configuration management/minimum security baselines established by the OCIO; Consolidation and migration of the major computer response centers into one enterprise DOT Computer Incident Response Center; Integrate DOT into OMBs ISS Line of Business for both IA training and FISMA reporting.

IT Security Performance Measurement In FY06, DOT continued work on the Enterprise Security Portal (ESP) which provides a single system for managing information security at DOT. The portal contains: • DOT’s current IT System inventory • Access to DOT IT Security policy, guidance and standards • Incident reporting data • Tracking and management of PII incidents
September 2006

22

Information Resources Management Plan • • •

FY 2006 – FY 2011

Access to data and information required by Federal Information Security Management Act (FISMA) Access to Foundscan (DOT’s information vulnerably assessment tool). Sponsor enterprise IA technologies

The FY07 phase of the ESP Project will improve the process based on lessons learned from FY06, and establish more rigorous performance measures that extend beyond measuring compliance with policies and processes to incorporate measures of efficiency and effectiveness. The long-term goals of the ESP Project are to: • • • • • • Proactively validate DOT security practices and investments Provide direction for continuous risk reduction Develop and implement a practical and manageable system for gathering data and reporting progress of DOT security program activities Continuously address IT security needs in the face of new challenges Improving the Systems and Program POA&MS process Enables the OIG to audit the DOTs IA effectiveness.

Privacy DOT is committed to respecting citizens' rights to privacy and will protect it as citizens visit DOT’s web sites. DOT monitors visits to the web site to identify any attempt to tamper with it. When a citizen submits personal information using a DOT web site, controls are in place to protect this information. DOT provides personal information when required to do so by law, such as in a law enforcement investigation. Any information DOT collects for investigations is destroyed according to Federal guidelines. DOT develops privacy impact assessments to address potential privacy implications of the systems and will incorporate privacy considerations into the IT investment approval processes. DOT also provides required security and privacy training for DOT employees. e-Government and Line of Business Initiatives DOT will continue to participate in all of the e-Gov and Line of Business Initiatives that are applicable to the Department. This includes participation in all e-Gov categories of government to citizen, government to government, government to business, e-Authentication and efficiency and effectiveness. DOT provides oversight of these initiatives to ensure compliance with the eGov Act of 2002 and to meet OMB requirements. DOT will continue to monitor and track project status, completion of milestones, actions and issues working closely with the project managers of these initiatives. DOT continues to oversee the development of the annual e-Gov Implementation and Alignment Plan based on project manager input and agreement on the plan between OMB and DOT. In addition, DOT monitors the status of quarterly project milestones and reports the results to OMB on a quarterly basis. Some initiatives are complex and require CIO involvement, such as, Grants. 3.6 DOT Strategic Goal and Information Management Action Plan The following action highlights some of the major activities DOT will undertake through FY 2011 to implement its IT management activities as they align to DOT’s Strategic Goals.
September 2006

23

Information Resources Management Plan

FY 2006 – FY 2011

Table 3: Information Management Action Plan Strategic Goal Description Organizational Advance DOT’s ability to Excellence manage for results and achieve the goals of the President’s Management Agenda Action Continue to support eGovernment and Lines of Business initiatives and other inter-governmental collaborative initiatives. Grants.gov, Geospatial, eAuthentication, Rulemaking, and Infrastructure Optimization Initiative. Plan to reinvest savings from PMA and COE consolidation into advantageous missionsupport initiatives either by OA or, if applicable, enterprise-wide. Plan to reinvest savings into advantageous mission-support initiatives, such as Inter-modal Hazardous Materials DBMS Plan to reinvest savings into advantageous mission-support initiatives Plan to reinvest savings into advantageous mission-support initiatives Plan to reinvest savings into advantageous mission-support initiatives Improve the security of critical DOT networks and systems Date Present – FY 2009

Present – FY 2011

Safety

Enhance public health and safety by working toward the elimination of transportationrelated deaths and injuries. Reduce congestion and other impediments to using the Nation’s transportation system. Facilitate an international transportation system that promotes economic growth and development. Promote transportation solutions that enhance communities and protect the natural and built environment. Balance transportation security requirements with the safety, mobility and economic needs of the Nation and be prepared to respond to emergencies that affect the viability of the transportation sector.

Present – FY2011

Reduced Congestion Global Connectivity Environmental Stewardship Security, Preparedness, and Response

FY2006 – FY 2011 FY 2007FY 2011 FY 2008FY 2011 Present – FY 2011

September 2006

24

Information Resources Management Plan

FY 2006 – FY 2011

September 2006

25

Information Resources Management Plan 4.0 ENTERPRISE INITIATIVES AND SUPPORTING STANDARDS

FY 2006 – FY 2011

DOT strives to be a leader in the Federal government in taking a cross-cutting, integrated, streamlined, multi-Agency and enterprise-wide approach to IT management. DOT continues to update its Transition Plans. The Transition Plans outline DOT’s specific modernization goals which are directly aligned with the Secretary’s vision and mission of a safer, simpler, transportation system. This IRM plan highlights contributions to DOT enterprise solutions, eGovernment and Lines of Business investments that improve how DOT provides information and services to American citizens, businesses, other government entities and internally. These efforts, as well as the specific enterprise initiatives below, demonstrate how DOT is working toward the Secretary’s goal of developing a 21st century transportation system for all Americans. As part of DOT’s primary objective, to reduce duplicative spending and improve safety for citizens, DOT is reinvesting savings in the use of IT to advance DOT core missions – safety, mobility, security, global connectivity, environmental stewardship and organizational excellence through these enterprise solutions. Table 4 provides an outline of DOT’s strategic goals as they relate to DOT’s IT modernization strategy. Appendix A provides a summary of DOT's Enterprise Initiatives and the associated Federal Enterprise Architecture business areas. Table 4: DOT IT Modernization Strategy

September 2006

26

Information Resources Management Plan
DOT Strategic Goals Organizational Excellence Description Advance DOT’s ability to achieve the goals of the PMA.
Grants Management

FY 2006 – FY 2011
Modernization Strategy Target Enterprise Solution (ES) Look at e-Government and Line of Business Solutions as potential ES.
The action resulted in a single consolidated Business Case for Grants Management and an application to be Grants Management Consortia Lead. Both are reflected in the DOT FY08 IT Portfolio. The DOT/HUD approach is to build off of service oriented, commercial/government best practices that will be selected through a collaborative, business focused governance board comprised of the consortium members that is not a push down, purely vanilla solution, but a collaborative solution created by the consortium members, and members will have access to a variety of services to meet their specific business needs.

Continue to partner with agencies on e-Government and Line of Business investments.
The DOT IRB agreed that DOT and HUD will partner together as proposed Grants Management Consortium to: • Ensure optimal Grants Alignment driven by similar business requirements in the functional areas of shared statelocal constituencies, percentage of discretionary versus competitive grants, and the extended life cycle of construction grants; Promote a team of Grants and Service Provider Leaders that can focus on a service-oriented approach to a shared Grants Management Solution to be more responsive to specific business process needs; and Offer immediate value to Consortium members across the federal government.

IT Consolidation

Consolidate redundant infrastructure operations into a common operating environment (COE).

Eliminate redundant IT systems and services and reinvest those savings into mission support initiatives. Create enterprise solutions for these cross-cutting business processes/technologies. General IT consolidation was completed in June 2006. Incorporate IT Consolidation efforts and enterprise solutions efforts along with IRB and ARB governance and oversight.

New DOT Headquarters Building Infrastructure

Under Congressional direction, DOT will move to a new Headquarters building, and authorized GSA to obtain/build a new building of 1.35million sq ft. Current construction plans are for DOT to move during the second and third quarters of FY 2007. This investment also includes all other Infrastructure spending, including FAA and field sites. The DOT IRB is responding to FY05 OMB Passback language to reduce the number of recruitment systems.

Recruitment – One Stop/QuickHire

September 2006

The work generally is completed. DOT’s primary recruitment system – Quickhire – is in place and operational.

27

Information Resources Management Plan
DOT Strategic Goals Organizational Excellence Description Advance DOT’s ability to achieve the goals of the PMA. Enhance public health and safety by working toward the elimination of transportationrelated deaths and injuries. Inter-modal Hazmat Data Sharing Modernization Strategy Continue to partner with agencies on e-Government and Line of Business investments.

FY 2006 – FY 2011
Target Enterprise Solution (ES) Look at e-Government and Line of Business Solutions as potential ES.

Safety

Continue to partner with OAs, the IRB, and the ARB to reinvest savings into advantageous Safety missionsupport initiatives.
The DOT IRB determined that there should be common architectures for critical safety processes that builds on inspection, registration and penalty data captured and used by a number of OAs

Look at IT portfolio for redundancy and potential ES.

The actions result in a consolidated Business Case for a Hazmat Data Sharing system that is reflected in the DOT FY08 IT Portfolio.

4.1 e-Government and Line of Business Initiatives e-Gov and LOB initiatives listed in Appendix B are investments which directly support the Presidential Management Agenda. To advance Presidential management participation within DOT and provide high quality program and project management services based on industry and government best practices, DOT identified and assigned project managers to lead these initiatives and coordinate implementation efforts. The groups also participate in the cross-agency integrated project teams or are members of steering committees. These working groups provide guidance and leadership on an as needed basis within DOT. 4.2 Enterprise Solutions (Consolidated 300s) DOT Enterprise solutions listed in Table 5, are cross-functional multi-modal efforts in which a consolidated Exhibit 300 were submitted to OMB. The majority of the IRM Plan supports DOT’s Organizational Excellence strategic objective through the investment in, as well as development and implementation of e-Government and Line of Business and cross-cutting Department-wide business solutions. DOT identified streamlining opportunities by identifying business processes that were common across organizations. Specifically, DOT focused first on the major administrative functions. Such efforts can be seen in the FY07 IT Portfolio. DOT intends to expand the scope and reach of its crosscutting lines of business, in that it recognizes that Safety and Reducing Congestion are common business processes that are performed throughout DOT. DOT has taken the first steps toward enterprise solutions that promote tangible and direct benefits, beyond administrative activities, and furthers the accomplishment of the DOT mission and strategic objectives as reflected in the Fiscal Year 2008 IT investment portfolio. DOT will begin to actively engage business owners and enterprise architects throughout DOT and other agencies to define and refine the new crosscutting lines of business with a focus on FY07 and beyond.
September 2006

28

Information Resources Management Plan

FY 2006 – FY 2011

As part of this plan, the IRB reaffirmed system modernization priorities: Financial Management; Grants Management; Recruitment; Personnel/Payroll Systems; Procurement Management; and, Hazmat Data Sharing. Inter-modal teams have been established to write the business cases and establish associated time frames, and to execute agreed upon strategies. In many of these cases, planning is being done with federal-wide e-Government and Line of Business programs, such as e-Rulemaking, Grants Management and Geospatial initiatives. Table 5: DOT Enterprise Solutions/Consolidated 300s DOT Consolidated 300 IT Consolidation Description At the June 26, 2004 meeting of DOT-wide IRB, the IT Consolidation Program was presented and approved. In 2006, all OAs were consolidated into a DOT common network environment. Addresses the consolidation of core grants-management systems —FAA's SOAR, FHWA's FMIS, FTA's TEAM, NHTSA's GTS as part of a proposed grants management consortium, formed under the auspices of Grants Management Line of Business. The objective is to promote a team of Grants and Service Provider Leaders that can focus on a service-oriented approach to a shared Grants Management Solution to be more responsive to specific business process needs. Facilitates data sharing among all of DOT's modal hazmat programs and the US Coast Guard, and can be made accessible to other Federal program offices, such as EPA and DHS (a government-to-government solution). Also yields efficiency benefits inherent in better targeting of enforcement activities. Will allow targeting of resources to those shippers most-likely to cause serious hazardous materials, thus reducing the probability (and thus the number) of such occurrences.

DOT eGrants Consolidation

Inter-modal Hazardous Materials DBMS

4.3 Internet Protocol Version 6 (IPv6) Foundational to all of these initiatives as well as other current and future Departmental investments is a robust, and highly reliable infrastructure that addresses emerging and established federal and industry standards, most notably Internet Protocol Version 6 (IPv6). The previous Internet addressing standard (IPv4) has been used over the past twenty years. IPv4 has been an important part of DOT’s use of the Internet to serve the citizens. However, besides some problems with IPv4, there is a growing shortage of IPv4 addresses. Addresses are needed by all new machines added to the Internet. IPv6 fixes IPv4 problems, and significantly expands the number of available addresses, increases security capabilities, and improved methods for deploying Quality of Service features. IPv6 also improves routing and network auto configuration. DOT expects IPv6 to gradually replace IPv4, with IPv4 and IPv6 coexisting for several years during the transition.
September 2006

29

Information Resources Management Plan

FY 2006 – FY 2011

DOT has begun reviewing network and application requirements to support the evaluation and implementation of IPv6 technologies. One of the primary requirements identified for the new DOT headquarters building is that the infrastructure equipment must support IPv6 addressing capabilities. All new infrastructure components (e.g., routers, switches, and firewalls), workstations, servers, and other network centric devices will also require capabilities to support the added features of IPv6. While some of the existing devices are capable of support IPv6 standards, more of the existing network connected devices will require an upgrade over the next several years to enable IPv6 support across the entire computing infrastructure. The use of IPv6 will be monitored via capital planning and acquisition activities consistent with a previously issued memorandum, signed October 1, 2004 by DOT’s CIO and the Deputy Chief Acquisition Officer. The memorandum, “Guidelines for Information Technology (IT) Purchases,” states that all commercial software, hardware and telecommunications being procured will be determined to be in compliance with the DOT TRM by each Operating Administration CIO prior to acquisition efforts. In effect, the use will be monitored through the acquisition process, the design of the new infrastructure environment for the DOT’s headquarters building and through the DOT Capital Planning and Investment Control (CPIC) process. The most significant challenges DOT will face over the next couple of years to address IPv6, include: • Forward and backward compatibility of systems – IPv6 is backward compatible with IPv4 systems by design. IPv4 hosts must be able to communicate over IPv6 networks, which should represent minimum problems, given IPv6's design. The reverse presents a bit more involved examination. IPv6 must be able to communicate over an IPv4 connection and retain enough information to transition back to an IPV6 network, or through gateways communicate directly to an IPV4 network. • Transition existing applications – The magnitude of accomplishing a change from IPv4 to IPv6 will entail a significant project management effort and coordination with internal and external resources. • Providing IP mobility – IPV6 states it will allow for more secure network interaction and connectivity. This will permit DOT employees access to secure resources within the DOT network. Enabling IPv6 mobility will also provide the additional capability to support more robust remote access and telecommuting. • Procuring equipment to support IPv6 natively – Devices/equipment will have to have dual capability in order to enable the smooth transition to IPv6 - future procurements will need to ensure this dual capability, support backward compatibility. • Training the technical staff to implement – Training in the basic understanding of the standard and its capabilities is important now, as well as in the transition strategies. DOT will develop a transition plan that has some flexibility to change as technology and best practices emerge. • Having COTS applications that support IPv6 features – Microsoft COTS products are predominant on DOT desktops and, to a lesser degree as server and database software. Microsoft has ensured that existing applications that support IPv4 will be able to run under IPv6 but without all the functionality/benefits of the new standards.
September 2006

30

Information Resources Management Plan •

FY 2006 – FY 2011

Other application vendors will also be required to provide IPV6 support for any network centric application that will connect using the IP protocols.

4.4 Homeland Security Presidential Directive 12 (HSPD-12) President Bush signed (HPSD-12), “Policy for a Common Identification Standard for Federal Employees and Contractors” on August 27, 2004. HSPD-12 requires all Heads of Departments and Agencies to issue identification credentials that can be authenticated electronically to gain access to Federal facilities and information systems. HSPD-12 implementation is intended to: • • • • Enhance Security Increase Government Efficiency Reduce Identity Fraud Protect Personal Privacy

On January 28, 2005, DOT issued the “DOT Implementation of Homeland Security Presidential Directive 12, Policy for a Common Identification Standard for Federal Employees for Employees and Contractors”. DOT memorandum established the DOT Common Identification Standards (CIS) Steering Committee with the responsibility to provide strategic direction and oversight to the DOT CIS Program Management Office (PMO). DOT is designing the DOT Common Identification System (CIS) to ensure compliance with HSPD-12, the Federal Information Processing Standard 201 (FIPS 201), Personal Identity Verification of Federal Employees and Contractors and the FIPS 201 companion NIST Special Publications. The charter established the functions, membership, responsibilities and procedures for the DOT CIS Executive Steering Committee. The CIS Executive Steering Committee provides strategic direction and guidance to develop and implement HSPD-12 within the DOT via a collaborative forum. The DOT CIS benefits the DOT and Operating Administrations (OAs) by ensuring more secure access to DOT facilities through use of a single identification badge and will provide both physical and logical access to all DOT facilities. The logical access will provide encryption and digital signature that will confirm the identity of users, ensure the integrity of electronic transactions and provide interoperability with other federal agencies. 4.5 Networx Networx is the follow-on acquisition to FTS2001 and subsequent Crossover contracts. Networx is a 10-year Indefinite Delivery Indefinite Quantity (IDIQ) with a 4-year base period and three 2year options. Networx provides as increased breath of services: • Telecommunications Services • Management and Application Services • Security Services • Special Services • Wireless Services
September 2006

31

Information Resources Management Plan

FY 2006 – FY 2011

• Access Services Networx consists of two separate acquisitions-Universal and Enterprise, to be awarded near simultaneously. GSA anticipates award of Networx Universal in March 2007 and May 2007 for Networx Enterprise. The Universal acquisition is designed to provide agencies with a comprehensive range of full service contracts and will assure continuity of service. The Enterprise acquisition is designed to provide alternative service providers with innovative approaches to providing specialized services. The U.S. General Services Administration Federal Acquisition Service has awarded a sole source contract to Sprint and Verizon Business to continue to provide all telecommunications services currently being offered on the FTS2001 Contract. The current FTS2001 Contracts with MCI WorldCom Communications, Inc. (now Verizon Business) and Sprint Communications, L.P., will expire at midnight on January 10, 2007, and December 17, 2006, respectively. The sole source contracts are for continued performance for a 24-month period beginning January 11, 2007, and ending January 10, 2009, for Verizon Business, and beginning December 18, 2006, and ending December 17, 2008, for Sprint. The contracts will also contain options to provide performance beyond January 10, 2009 (Verizon Business) and December 17, 2008 (Sprint) for three additional six-month periods in the event that additional time is needed to successfully transition all Government Agencies to the Networx program. The Transition Strategy Management Plan (TSMP) is being created by GSA. GSA is to provide assistance to Agencies affected by the Networx transition. The TSMP discusses activities related to the planning and execution of Networx transition efforts. 5.0 SUMMARY

DOT has developed and substantially implemented comprehensive IT strategies designed to enable the accomplishment of DOT’s mission and the President’s Management Agenda. These strategies are designed to ensure DOT contributes to and leverages the broader Federal community resources to improve delivery of services to citizens. The strategies are also designed to ensure that DOT, acting in a unified manner, improves the efficiency and effectiveness of its IT support operations. To implement these strategies DOT has identified specific performance measures and actions plans. The Office of the Secretary will ensure that these implementation activities are conducted in an integrated manner across all major CIO functions and will continue coordination with key oversight entities to ensure the strategies are aligned with the overall Federal direction as it evolves.

September 2006

32

Information Resources Management Plan

FY 2006 – FY 2011

Appendix A:
Summary of Enterprise-wide Initiatives

September 2006

33

Information Resources Management Plan

FY 2006 – FY 2011

SUMMARY OF ENTERPRISE-WIDE INITIATIVES Category DOT Initiative
e- Rulemaking GeoSpatial One-Stop Business Gateway Disaster Management e-Training e-Authentication e-Travel e-Payroll Recruitment One Stop Grants.gov e-Records Management Recreation One-Stop

BRM Business Area
Support Delivery of Services Support Delivery of Services Services to Citizens Services to Citizens Internal Operations/Infrastructure Management of Government Resources Management of Government Resources Internal Operations/Infrastructure Internal Operations/Infrastructure Support Delivery of Services Support Delivery of Services Services to Citizens Internal Operations/Infrastructure Management of Government Resources Management of Government Resources

BRM Line of Business
Regulatory Management Business Management of Information Domestic Economy Regulated Activity Approvals Disaster Management Human Resources Administration Administration Human Resources Human Resources Federal Financial Assistance Business Management of Information Recreation and National Resources Supply Chain Management Information and Technology Management Human Resource Management

e-Gov & LOB Initiatives

Integrated Acquisition Environment International Trade Data System Enterprise HR Integration e-QIP Federal Asset Sales Gov Benefits USA Services Geospatial LOB Budget Formulation & Execution Financial Mgmt. LOB HR LOB Grants Management LOB Information Security LOB IT Infrastructure Optimization LOB Case Management LOB New DOT Headquarters Building Infrastructure DOT Financial System Consolidation DOT eGrants Consolidation IT Consolidation Recruitment – Roads/QuickHire Inter-modal Hazardous Materials DBMS

Management of Government Resources Management of Government Resources Management of Government Resources Management of Government Resources Management of Government Resources Management of Government Resources

Information and Technology Management Accounting Federal Financial Assistance Information and Technology Management Human Resource Management Controls and Oversight

IntraDepartmental Enterprise Solutions

September 2006

34

Information Resources Management Plan

FY 2006 – FY 2011

Appendix B:
e-Government & Line of Business Initiatives

September 2006

35

Information Resources Management Plan

FY 2006 – FY 2011

Description Business Gateway To create a Business Gateway and e-forms portal. The eForms catalog would be an index of government forms and would link to the agencies websites that have their forms on-line. DisasterHelp.gov provides citizens with a single location for obtaining publicly available information on disaster preparedness and response. Disaster Management Interoperability Services (DMIS) is the complementary partner to DisasterHelp.Gov. DMIS provides information interoperability services to the responder community. To produce a simple, unified “storefront” for all customers of Federal grants to electronically find opportunities, apply, and manage grants. Improved citizen access to the regulatory issues being considered, to comment on such issues, and to all other public comments. Improved ability for agencies to analyze and aggregate all public comments when considering a regulation. This initiative focuses on unifying, simplifying, and increasing access to high quality e-Training products and services Federal-wide through offering easy, one-stop access to a robust, high quality e-Training environment. To provide fast, low cost, reliable access to Geospatial Data needed for Federal, State, Tribal and local government operations. To create and implement an integrated, Federal system for the electronic collection, use and sharing of international trade and transportation data. To provide a seamless, one-stop recruiting portal for all Federal jobs. USAJOBS will include on-line job posting and job searching, resume warehousing, on-line application, automated eligibility and status feedback, and integration with sophisticated automated assessment tools.

Managing Partner SBA

DOT Modal Lead OST

Disaster Management

DHS/FEMA

OST

Grants.gov

HHS

OST

e-Rulemaking

EPA

OST

e-Training

OPM

OST

Geospatial One-Stop

DOI

RITA

International Trade Data System (ITDS) Recruitment OneStop

DHS/ Customs OPM

RITA

OST

e-Authentication e-Payroll

To stand up a common, unified authentication service across the Federal landscape. Consolidate 22 Federal payroll systems to simplify and standardize federal human resources/payroll policies and procedures to better integrate payroll, human resources, and finance functions.

GSA OPM

OST OST

September 2006

36

Information Resources Management Plan
Description e-Records Management To integrate e-records management concepts and practices, and tools for agencies to access e-records for as long as required and to transfer permanent e-records to NARA for preservation and future use by government and citizens. Provides a government-wide web-based service that applies world-class travel management practices to consolidate federal travel, minimize cost and produce superior customer satisfaction. EHRI streamlines and automates the exchange of Federal HR data, replaces official paper employee records, and provides significantly improved capability for comprehensive knowledge management, and workforce analysis, forecasting and reporting across the Executive Branch. Create a simpler, common, integrated business process for buyers and sellers that promotes competition, transparency, and integrity and to deploy a single point of registration and validation of supplier data. To provide a user-friendly, web-based resource to citizens, offering a single point of access to information about recreational opportunities nationwide. The e-Clearance initiative will consolidate systems into the electronic Questionnaire for Investigations Processing (eQIP), automating the National Security Positions Questionnaire and Standard Form 86. The Federal Asset Sales (FAS) Initiative is a one-stop online marketplace for Federal agencies to sell retail, underutilized, non-utilized, seized, and forfeited Federal assets. GovBenefits.gov features an easy-to-use online screening tool to help individuals or caseworkers quickly determine potential eligibility for benefit programs. USA Services uses the existing infrastructure of the Federal Citizen Information Center and the FirstGov.gov portal to develop citizen-centric solutions that improve the ease with which citizens can interact with the government. Lines of Business Geospatial LOB The Geospatial LOB will provide productive intergovernmental collaboration for geospatial-related activities and investments across all sectors and levels of government.

FY 2006 – FY 2011
Managing Partner NARA DOT Modal Lead OST

e-Travel

GSA

OST

Enterprise HR Integration

OPM

OST

Integrated Acquisition Environment

GSA

OST

Recreation One-Stop

DOI

FHWA

e-QIP (e-Clearance)

OPM

OST

Federal Asset Sales

GSA

OST

Gov Benefits

DOL

OST

USA Services

GSA

OST

DOI

RITA

September 2006

37

Information Resources Management Plan
Description Budget Formulation and Execution The Budget Formulation LOB will improve the efficiency and effectiveness of agency & central processes for formulating and executing the Federal Budget, and it will improve the integration and standardized exchange of budget formulation, execution, planning, performance measurement, and financial management information and activities across government The FM LOB supports efficient and improved business performance while ensuring integrity in accountability, financial controls and mission effectiveness. DOT’s Enterprise Service Center (ESC) is one of 4 current Federal Financial Management Centers of Excellence. The Human Resources (HR) Line of Business provides government-wide interoperable HR solutions that support the strategic management of Human Capital and reduce duplicative and redundant HR systems and processes across the Federal government. The Grants Management LOB supports end-to-end grants management activities promoting citizen access, customer service, and agency financial and technical stewardship. The Federal Government’s information systems security program enables agencies’ mission objectives through a comprehensive and consistently implemented set of riskbased, cost-effective controls and measures that adequately protects information contained in Federal Government information systems. The IT Infrastructure LOB will promote an effective and efficient IT infrastructure enabling government-wide customer-centric services. The Case Management LOB enables case management data to be shared efficiently within and across agencies. The initiative improves the effectiveness and efficiency of law enforcement, investigation, and civil and criminal litigation case management business processes.

FY 2006 – FY 2011
Managing Partner OMB DOT Modal Lead OST

GSA

OST

Financial Management LOB Human Resources LOB

OPM

OST

Grants Management LOB

NSF&HHS

OST

Information Security LOB

OMB, DHS & NSA

OST

IT Infrastructure Optimization LOB

GSA

OST

Case Management LOB

DOJ

OST

September 2006

38

Information Resources Management Plan

FY 2006 – FY 2011

Appendix C:
Information Technology Performance Measures

September 2006

39

Information Resources Management Plan

FY 2006 – FY 2011

Key Activities
e-Government and Lines of Business •

FY 2007
100% of all major new administrative IT investments are crosscutting or in partnership with other government agencies. DOT will continue to migrate/implement applicable e-Gov and LOB initiatives 100% of all major new IT investments will be managed by qualified project managers. All DOT strategic and performance plans include the use of Information Technology initiatives to assist in meeting mission objectives. 100% of DOT Web sites are Section 508 compliant. DOT further reduces paperwork burden on the American public through the application of Information Technology, through the grants.gov initiative by use of shared forms with other government agencies, and an ongoing DOT-wide burden reduction initiative as reflected in our annual Paperwork Reduction Act report to OMB. Review DOT’s Digital Signature Capability. •

FY 2008
100% of all major new administrative IT investments are crosscutting or in partnership with other government agencies. DOT will continue to migrate/implement applicable e-Gov and LOB initiatives 100% of all major new IT investments will be managed by qualified project managers. All DOT strategic and performance plans include the use of Information Technology initiatives to assist in meeting mission objectives. 100% of DOT Web sites are Section 508 compliant. DOT further reduces paperwork burden on the American public through the application of Information Technology, through the grants.gov initiative by use of shared forms with other government agencies, and an ongoing DOT-wide burden reduction initiative as reflected in our annual Paperwork Reduction Act report to OMB. OA status update on DOT’s Digital Signature Capability. Ensure that 100% of all major IT projects are within 10% of cost/schedule/performance goals and objectives, or have a documented corrective action plan in place and are reviewed quarterly by DOT Investment Review Board. All major IT investment business cases are scored as passing reflecting that they have adequate •

FY 2009
100% of all major new administrative IT investments are crosscutting or in partnership with other government agencies. DOT will continue to migrate/implement applicable e-Gov and LOB initiatives 100% of all major new IT investments will be managed by qualified project managers. All DOT strategic and performance plans include the use of Information Technology initiatives to assist in meeting mission objectives. 100% of DOT Web sites are Section 508 compliant. DOT further reduces paperwork burden on the American public through the application of Information Technology, through the grants.gov initiative by use of shared forms with other government agencies, and an ongoing DOT-wide burden reduction initiative as reflected in our annual Paperwork Reduction Act report to OMB. OA status update on DOT’s Digital Signature Capability. Ensure that 100% of all major IT projects are within 10% of cost/schedule/performance goals and objectives, or have a documented corrective action plan in place and are reviewed quarterly by DOT Investment Review Board. All major IT investment business cases are scored as passing reflecting that they have adequate management

Strategic Management

• •

• •

• •

IT Capital Planning and Investment Control

Ensure that 100% of all major IT projects are within 10% of cost/schedule/performance goals and objectives, or have a documented corrective action plan in place and are reviewed quarterly by DOT Investment Review Board. All major IT investment business cases are scored as passing reflecting that they have adequate management

September 2006

40

Information Resources Management Plan
Key Activities FY 2007
controls in place and are meeting cost, schedule and performance goals. Enterprise Architecture • Implement Departmentwide enterprise licenses for 25% of standard products within the common operating environment to eliminate redundant contracting processes and costs of IT purchases. Reduce redundant telecommunications infrastructure in at least two geographical locations, in conjunction with consolidation, to significantly reduce the costs, complexity and security vulnerabilities of managing and maintaining this critical IT asset. Ensure that all major IT initiatives are in compliance with the DOT common operating environment standards and products. •

FY 2006 – FY 2011
FY 2008
management controls in place and are meeting cost, schedule and performance goals. Implement Departmentwide enterprise licenses for 25% of standard products within the common operating environment to eliminate redundant contracting processes and costs of IT purchases. Reduce redundant telecommunications infrastructure in at least two geographical locations, in conjunction with consolidation, to significantly reduce the costs, complexity and security vulnerabilities of managing and maintaining this critical IT asset. Ensure that all major IT initiatives are in compliance with the DOT common operating environment standards and products.

FY 2009
controls in place and are meeting cost, schedule and performance goals. • Implement Departmentwide enterprise licenses for 25% of standard products within the common operating environment to eliminate redundant contracting processes and costs of IT purchases. Reduce redundant telecommunications infrastructure in at least two geographical locations, in conjunction with consolidation, to significantly reduce the costs, complexity and security vulnerabilities of managing and maintaining this critical IT asset. Ensure that all major IT initiatives are in compliance with the DOT common operating environment standards and products.

Information Assurance and IT Security and Privacy

Ensure that DOT citizen services, such as providing commercial drivers license (CDL) web services, are available on a continuous basis by decreasing successful cyber attacks on DOT’s infrastructure by 75%. Begin Eliminate redundant monitoring operations and software by 50% across DOT by employing a single access security solution. Purchase all security products through enterprise licensing, which will result in cost avoidance across DOT of over $1.5 million a year. Address material weaknesses within the Information Assurance

• •

Ensure that DOT citizen services are available on a continuous basis by continuing to decrease successful cyber attacks. Continue Eliminating redundant monitoring operations and software across DOT by employing a single access security solution. Purchase all security products through enterprise licensing. Address material weaknesses within the Information Assurance program by ensuring 99.9% uptime of DOT computers through the implementation of an enterprise-wide software solution. Decrease Personally

• •

Ensure that DOT citizen services are available on a continuous basis by continuing to decrease successful cyber attacks. Complete the Elimination of redundant monitoring operations and software across DOT by employing a single access security solution. Purchase all security products through enterprise licensing. Address material weaknesses within the Information Assurance program by ensuring 99.9% uptime of DOT computers through the implementation of an enterprise-wide software solution. Decrease Personally Identifiable Information, logical and physical

September 2006

41

Information Resources Management Plan
Key Activities FY 2007 program by ensuring 99.9% uptime of DOT computers through the implementation of an enterprise-wide software solution. Decrease Personally Identifiable Information, logical and physical security violations by at least 80%. Begin to apply enhanced logical access controls to at least one major safety application. 100% of legislatively required security reviews of DOT’s 400+ systems will be conducted at approximately 50% of the cost of performing these reviews in a decentralized manner. 100% of required security and privacy training for DOT employees will be completed. 100% of all DOT systems will be assessed to ensure compliance with statutory requirements. Begin leveraging HSPD12 compliant smart cards to enable DOT employees to conduct logical access and two factor authentication in department IT systems. Ensure cyber protection to all the department’s area networks. Ensure zero cyber events having a significant negative impact on the DOT’s critical business systems
By the end of FY 2007, complete the transition to the new HQ Building complex including PBX, application hosting and storage array. Evaluate enterprise voice

FY 2006 – FY 2011
FY 2008 Identifiable Information, logical and physical security violations. Apply enhanced logical access controls to at least one major safety or security application. 100% of legislatively required security reviews of DOT’s 400+ systems will be conducted at approximately 50% of the cost of performing these reviews in a decentralized manner. 100% of required security and privacy training for DOT employees will be completed. 100% of all DOT systems will be assessed to ensure compliance with statutory requirements. Continue leveraging HSPD-12 compliant smart cards to enable DOT employees to conduct logical access and two factor authentication in department IT systems. Ensure cyber protection to all the department’s area networks. Ensure zero cyber events having a significant negative impact on the DOT’s critical business systems FY 2009 security violations. Apply enhanced logical access controls to at least one major safety or security application. 100% of legislatively required security reviews of DOT’s 400+ systems will be conducted at approximately 50% of the cost of performing these reviews in a decentralized manner. 100% of required security and privacy training for DOT employees will be completed. 100% of all DOT systems will be assessed to ensure compliance with statutory requirements. Continue leveraging HSPD-12 compliant smart cards to enable DOT employees to conduct logical access and two factor authentication in department IT systems, making this technology and business practice a routine matter for access to all of the DOT’s information systems. Ensure cyber protection to all the department’s area networks. Ensure zero cyber events having a significant negative impact on the DOT’s critical business systems

IT Consolidation and Major IT Infrastructure Migration Activities (COE plus other Enterprise IT Infrastructure Systems

By the end of FY2008, complete network consolidation thus reducing the total number of discrete networks to no more than two (FAA and all other organizations).

• •

By the end of FY2009, implement data consolidation. Migrate to the new/refined COOP/DR IT infrastructure supporting all critical business needs of the

September 2006

42

Information Resources Management Plan
Key Activities
and Components)

FY 2006 – FY 2011
FY 2008 FY 2009
• Department. Implement a Virtualization Proof of Concept to validate recommended processes and configuration(s).

FY 2007
and data communications and recommend a Department-wide consolidation of wide-area network resources. Consolidate directory services into a single authoritative environment (Directory Forest). Evaluate methods and structure in order to provide consistent, efficient and effective IT customer service to 100% of DOT customers nation-wide (less FAA).

IPv6

• • •

Begin testing and trials of IPv6 deployment at testing facilities. Link test beds at major data centers. Provide proof of concept to internally connected DOT hosts (application connectivity) Procure Internet Service Providers (ISP) that have native IPv6 in operation

Implement and maintain an IT Services support environment that is consistent, efficient and effective supporting the entire DOT enterprise (less FAA). • Evaluate and recommend a refined COOP/DR IT infrastructure supporting all critical business needs of the Department. • Analyze the use of Virtualization to reduce the number of IT hardware platforms. • Define data consolidation requirements and transition strategies. •Cut over DOT backbone networks to new IPv6 standard.

September 2006

43

Information Resources Management Plan

FY 2006 – FY 2011

Appendix D: Glossary of Terms

September 2006

44

Information Resources Management Plan

FY 2006 – FY 2011

CIO CPIC CTO DHS DOT EA EIT EPA EPPMO FAA FEA FHWA FISMA GPEA GPRA IRB IRM IT ITDS LAN NHTSA OA OCIO OIG
September 2006

Chief Information Officer IT Capital Planning and Investment Control Chief Technology Officer Department of Homeland Security Department of Transportation Enterprise Architecture (DOT) Electronic Information Technology Environmental Protection Agency Enterprise Projects Program Management Office Federal Aviation Administration Federal Enterprise Architecture Federal Highway Administration Federal Information Security Management Act Government Paperwork Elimination Act Government Performance Results Act Investment Review Board (DOT) Information Resources Management Information Technology International Trade Data System Local Area Network National Highway Traffic Safety Administration Operating Administration Office of the Chief Information Officer Office of the Inspector General 45

Information Resources Management Plan OMB PMA TRM WAN WCF Office of Management and Budget President’s Management Agenda Technology Reference Model Wide Area Network Working Capital Fund

FY 2006 – FY 2011

September 2006

46