GSA Access Management System (GAMS) TechStat to ITEC | EA...
Transcript of GSA Access Management System (GAMS) TechStat to ITEC | EA...
January 24, 2011
Identity, Credential, and
Access Management Office (ICAMO)
GSA Access Management System
(GAMS)
TechStat to ITEC | EA Evaluation
- 2 -
GAMS Architectural Overview
GAMS Portfolio Snapshot
GAMS Programmatic Overview
Current Status and Next Steps
Agenda
GAMS Architectural Overview
- 4 -
GSA CIOTechStat Process
3 GSA CIOTechStat 2 IE Analysis 1 Real-time Data
Determine relevant data
Evaluate performance
Suggest improvements
Past performance
Performance objectives
Performance strategy
Systems
Investments
Business operations
GOALS
Adopt a data-driven management approach to IT management with continuous performance reviews of IT systems and investment
Address performance or other situations that merit discussion and analysis
Ask probing questions to address root causes, isolate issues, and generate decisions
Focus on problem solving to improve performance
- 5 -
Focus of EA Review
Alignment
– How and where does the investment fit within the GSA Architecture?
• How does the investment help realize strategic business capabilities?
• How does the investment align to GSA’s core EA values?
• How does the investment align to the target GSA IT architecture?
Synchronization
– What are the interdependencies with the investment?
• What are the dependencies and constraints on its
implementation?
• What risks need to be addressed and minimized?
• What opportunities could the investment help
realize?
- 6 -
EA Alignment: Strategic Business Capabilities Strategic Capabilities | Contributing Capabilities
Construct sustainable, LEED-certified buildings
Provide green, energy-efficient fleet
Provide real-time inventory and order tracking
Provide delivery solution
Develop one-point access to GSA offerings
Develop flexible acquisition solution
Develop smart workplace solutions
Enable global project management
Reform and streamline leasing
Enable citizen-centric government services
Provide government-wide technology platforms
Provide self-service to customers
Provide single point for integrated customer information
Enable succession planning and professional development
Enable automated records management
Enable data-driven, knowledge-based decision making
Modernize financial system
Enable strategic pricing and rate setting
Automate Performance Management Process
Enable mobile work experience
Enhance IT management services
Deliver unified communications
Optimize and consolidate IT infrastructure
Provide on-demand infrastructure
GAMS promotes anytime, anywhere access
by providing unified authentication
GAMS helps eliminate information system
silos by consolidating disparate logins
GAMS helps consolidate IT infrastructure
by providing a reusable service
- 7 -
EA Findings and Recommendations*
Conclusions
– GAMS is tightly aligned with the GAMS EA
– Significant interdependencies exist with GSA network upgrades and the A3
initiative
Recommendations
– Continue regular meetings among IO, A3, and IT Security
– Explore solutions to constraints on GSA’s “any device” vision imposed by
federal HSPD-12 regulations
– Clearly articulate – and commit to – network upgrade roadmap to improve
certainty of GAMS timetables
*Remaining slides provide additional details
GAMS Portfolio Snapshot
- 9 -
CPIC Performance Earned Value Management Results*
-6.00%
-5.00%
-4.00%
-3.00%
-2.00%
-1.00%
0.00%
1.00%
May-10 Jun-10 Jul-10 Aug-10 Sep-10 Oct-10 Nov-10
Cost Variance%
ScheduleVariance %
$5,000
$5,500
$6,000
$6,500
$7,000
$7,500
$8,000
May-10 Jun-10 Jul-10 Aug-10 Sep-10 Oct-10 Nov-10
Actual Costs
BAC
*$ in thousands
- 10 -
CPIC Performance and ICAM Points of Interest
Accelerated Logical Access Implementation Schedule
– SMT approved 3/2010
– Additional FY2010 DME funding applied
Consolidated ICAM and HSPD-12 Investments
– Reflects shared resources and inter-related activities
– Effective with GSA Passback submission
2010 Performance Goals
1. Develop detailed ICAM Implementation Plan – Achieved
2. ICAM implementation support and acquisition services – Achieved
3. At least one application integrated to ICAM infrastructure – Results Pending
4. Successful completion of C&A that results in ATO – Results Pending
5. Existence of ICAM infrastructure and application integration protocols that are
highly available for applications to consistently authenticate, authorize, and
audit – Results Pending
- 11 -
Current Cost and Scheduled Milestones* LACS SW/HW Acquisition
Planned Start: 4/1/2010 Planned Cost: $5,250 Planned End: 4/30/2010
Actual Start: 4/1/2010 Actual Cost: $5,406 Actual End: 4/30/2010
% Complete: 100%
LACS Implementation: Prepare Development & Production
Planned Start: 4/30/2010 Planned Cost: $711 Planned End: 9/27/2010
Actual Start: 4/30/2010 Actual Cost: $633 Actual End: Incomplete
% Complete: 89%
LACS Implementation: Pilot Integration
Planned Start: 7/28/2010 Planned Cost: $100 Planned End: 9/28/2010
Actual Start: 7/28/2010 Actual Cost: $35 Actual End: Incomplete
% Complete: 35%
Application Integration Support
Planned Start: 9/5/2010 Planned Cost: $1,259 Planned End: 9/4/2011
Actual Start: Actual Cost: $315 Actual End: Incomplete
% Complete: 25%
Upgrade Application Integration Support SW/HW
Planned Start: 9/1/2010 Planned Cost: $517 Planned End: 9/30/2010
Actual Start: 9/1/2010 Actual Cost: $517 Actual End: 9/30/2010
% Complete: 100%
*$ in thousands
GAMS Programmatic Overview
- 13 -
IAM is an industry-standard security and control platform that
empowers application administrators and users in managing digital
IDs and access to applications and resources
Infrastructure services include
Identity Management and Role Management
Authentication Support including GSA Access Card and GSA
Network Username and Password
Single Sign-On for GSA Applications
ICAM adds Credential Management to IAM in the Federal workspace
GAMS is GSA’s implementation of a COTS IAM system
Identity and Access Management (IAM)
- 14 -
GAMS History
Planning
Procurement
Infrastructure Buildout
Agency-wide Integrations
Before GAMS
Before GAMS
– 2006: GCIMS created to support HSPD-12
– 2007: GCIMS web enabled to support agency-wide
deployment
– 2007: Pilot IAM using Sun Access Manager and IdM
– 2008: Developed IAM roadmap based on needs and IAM
pilot
Planning
– January 2009: Business Case Published
– September 2009: GSA IT Strategic Plan for FY2010-2012
Published
– October 2009: Acquire ICAM Office Support Staff
Procurement
– December 2009: GAMS Software Requirements Completed
– February 2010: Selected the Oracle IAM Platform
– April 2010: Completed acquisition of hardware and software
– May 2010: Received hardware and software
Infrastructure Buildout
– May 2010: Began deploying
– July 2010: GSA Access Card Workstation
Enablement Roll Out Planned for Completion
– August 2010: Completed GAMS Application Tool Kit
– September 2010: GAMS Release 1 complete
– September 2010: Began GAMS C&A Activities and
completed integration build for GCIMS
– November 2010: Delivered the Application
Integration Schedule
– December 2010: GAMS Release 2 complete
Agency-wide Integrations
– December 2010: Three apps integrated into
Integration & Test
We are Here
- 15 -
GAMS Deployment Strategy
Rel Capability Rel Date Status
1 Centralized GSA Access Card Authentication,
Web Single Sign On (SSO), User Self Service,
Delegated User Administration, Enforcement
of Segregation of Duties
Q1 – FY10 Done
2 Desktop SSO Q1 – FY11 Done
3 Accessing Non-GSA apps using SAML 2.0,
GSA Access Card support for cloud apps
Q2 – FY11 In Progress
4 Identity Analytics, User Recertification, Role
Mining, Role Engineering
Q3 – FY11 Pending
5 Accepting Non-GSA Credentials using SAML
2.0
Q4 – FY11 Pending
6 Automated Employee In/Out Processing Q1 – FY12 Pending
- 16 -
GAMS FY2011 Scheduled Releases*
Q1: Simpler Sign-On & Legacy Desktop Sign-On
Q2: Strong authentication for Cloud-based Apps
Q3: Identity Analytics for enhanced role management, user certification, and security
Q4: Authenticate Non-GSA credentials Pilot Automatic User In/Out Processing
*May change based on actual completion date of network security redesign
- 17 -
GAMS FY2011 Activity Roadmap*
*May change following GSA Security Team’s recommendations
Current Status and Next Steps
- 19 -
GAMS Release 1 and 2 are ready for Go-Live, awaiting ATO
Network environment changed forcing redesign of network security
architecture (multi-tier security), articulating network upgrade roadmap
Expected date for ATO is May 2011
Application integrations to follow ATO, beginning with PBS Portal
Continue regular meetings among IO, A3, and IT Security
– Discuss A3 issues: devices supporting GSA Access Card logon, being FIPS 140-2 and
OMB 06-16 compliant, and storing government data on non-GFE
Development continuing on GAMS releases
– Would Go-Live at Release 3 in May
Options to accelerate move to multi-tier security for ATO:
– Accept “flat” network security architecture for now
• Increases time and cost to move to multi-tier
• Increases risk
– Accelerate network security implementation
GAMS Current Status and Next Steps