Embed Size (px)
Citation preview
View online at
cioenergygov
Vision Leadership and CommitmenthellipEnabling the Future through Technology and Information
Strategic PlanOCIOFY 2012 - FY 2017
TransformationSustainability
Innovation
Teamwork Partnerships
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 3of25
tableofcontents
Table of Contents
Message from Michael Locatis Chief Information Officer 5
10 DOE Strategy Overview 6
11 Department of Energy Mission and Goals 6
12 Organization of the Department 6
20 OCIO Strategy Overview 7
21 Office of the Chief Information Officer Mission and Goals 7
22 The Vision of the Chief Information Officer 7
23 Goal Alignment 7
24 Target Opportunities 8
25 IT Investment Portfolio 8
30 OCIO Strategic Goals 9
31 Strategic Goal 1 Leverage Existing IT 10
32 Strategic Goal 2 Foster New and Emerging IT 13
33 Strategic Goal 3 IT Governance Policy and Oversight 15
34 Strategic Goal 4 Risk-Based Cybersecurity 18
Appendix A Strategic Initiatives 23
Appendix B List of Acronyms 25
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 5of25
messagefromthecio
Message from Michael Locatis Chief Information Officer
TheDepartmentofEnergy(DOE)OfficeoftheChiefInformationOfficer(OCIO)has forged valuable partnerships by bringing together internal informationtechnology(IT)resourcesourNationalLaboratoriesandstrategicnetworksmdashbothwithinandoutsideoftheDepartmentmdashtopromoteagency-wideinnovationandeffectiveoperations thatprovide tangiblepositivehigh-valueoutcomesforournationWehaveanaggressiveagendatoaccomplishandareoperatingwithurgencytoenabletheDepartmentalmission The ITstrategyhasbeentransformed to meet the Departmentrsquos demanding need The strategy isdesignedto Leverageexistinginformationtechnologyandexpertisetomaximizemissionaccomplishmentandreducecosts
Identifyandfosternewandemerginginformationtechnologytomaximizemissionaccomplishmentandreducecosts
ProvideDepartmentalITgovernancepolicyandoversightprocessestoensuresecureefficientandcost-effectiveuseofITresources
Ensureacceptablerisk-basedcybersecuritythroughenhancedenterprisesituationalawarenessdevelopmentofnearreal-timeriskmanagementandcombatingadvancedpersistentthreats
Tofurtherassistweareactivelyexecutingthe25PointImplementationPlantoReformFederalITManagementaspartofoureffortsandacriticalelementtoDOEmissionsuccessTheOCIO is committed to supporting the sharing of best practices acrossthe federal IT community Improving federal IT management requires notonly knowing what does not work but identifying what does workmdashandimplementing it LeadingtheDepartmentrsquos ITreforminitiatives isanexcitingprivilegeandweintendtobringaboutpositivetransformationtobetterachievetheDepartmentrsquosuniquemission
6of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
doestrategy overview
10 DOE Strategy Overview
11 Department of Energy Mission and Goals
ThemissionoftheDepartmentofEnergy(DOE)istoensureAmericarsquossecurityandprosperitybyaddressingitsenergyenvironmentalandnuclearchallengesthroughtransformativescienceandtechnologysolutionsGoal 1 Transform Our Energy Systems Catalyze the timely material and efficient transformation of the nationrsquos energy system and secure US
leadershipincleanenergytechnologies
Goal 2 The Science and Engineering Enterprise MaintainavibrantUSeffortinscienceandengineeringasacornerstoneofoureconomicprosperitywithclear
leadershipinstrategicareas
Goal 3 Secure Our Nation Enhancenuclearsecuritythroughdefensenonproliferationandenvironmentalefforts
Goal 4 Management and Operational Excellence Establish an operational and adaptable framework that combines the best wisdom of all Department
stakeholderstomaximizemissionsuccess
InFY2011theDepartmentupdateditsStrategicPlanTheDepartmenthasfurtherintegratedtheStrategicPlanrsquoslong-termand intermediategoals into itsannualperformancebudget ThisperformancestructureestablishesaconcretelinkbetweentheStrategicPlanrsquosgoalsandtheDepartmentrsquosannualbudgetperformancemetricsandperformancereporting
12 Organization of the Department
The mission of the Department is carried out by National Laboratories and technology centers Power MarketingAdministrationsProgramOfficesStaffOfficesoperationsandfieldorganizationstheEnergyInformationAdministrationandtheNationalNuclearSecurityAdministrationSupportingtheseentitiesareover100000federalemployeesandsupportcontractorsDOErsquosorganizationalstructureisdecentralizedandalignedwithitsmultiplemissionsDepartmentseniormanagementprovidesstrategicplansEAplansandguidancetoProgramOfficestoguideprogramplanningdecision-makingandinvesting ProgramOfficialsare responsible foracquiringand implementingapprovedprogramsand investments toachieveperformancegoalsInthiswaytheDepartmentensuresthatwithinthedecentralizedorganizationalstructurealldecisionsandactivitiescontinuetosupporttheoverallstrategicgoalsoftheorganization
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 7of25
ociostrategy overview
20 OCIO Strategy Overview
21 Office of the Chief Information Officer Mission and Goals
ThemissionoftheOfficeoftheChiefInformationOfficer(OCIO)istoenabletheDepartmentofEnergyrsquosurgentmissionsinenergyscienceandnuclearsecuritythroughthepowerofinformationandtechnologyinamannerthatbalancesriskwithrequiredoutcomesinprogramsthatspanfromopensciencetonationalsecurityDOEpromoteseffectiveoperationsbyencouragingperformance-basedmanagementandfacilitatingtherestructuringofmission-andbusiness-relatedprocesseswhereappropriatebeforemakingsignificantITinvestmentstoimprovetheperformanceandcost-effectivenessof theDepartmentrsquos informationmanagementactivities Inaddition theOCIOrsquosOfficeofCybersecurityimplementsandmaintainsacomprehensivecybersecurityprogramthatiseffectiveacrossDOErsquosdiversemissionsandlargearrayofinterdependentnetworksandinformationsystems
Strategic Goal 1 Leverage Existing IT Leverageexistinginformationtechnologyandexpertisetomaximizemissionaccomplishmentand
reducecosts
Strategic Goal 2 Foster New and Emerging IT Identifyandfosternewandemerginginformationtechnologytomaximizemissionaccomplishment
andreducecosts
Strategic Goal 3 IT Governance Policy and Oversight Processes ProvideDepartmentalITgovernancepolicyandoversightprocessestoensuresecureefficientand
cost-effectiveuseofITresources
Strategic Goal 4 Risk-Based Cybersecurity Strengthenenterprisesituationalawarenesstofosternear-real-timeriskmanagementandcombat
the advanced persistent threat forge interagency and sector partnerships to protect criticalinfrastructurepromoteinformationsharingandadvancetechnologiesforcyberdefenses
22 Vision
TheChiefInformationOfficerrsquos(CIO)visionistobetherecognizedpartnerthatbringstechnologyandprogramstogethertounleashthepowerofinformationinachievingtheDOEmission
23 Goal Alignment
InaccordancewithOMBCircularA-130theOCIOstrategicplansupportstheDepartmentrsquosstrategicgoalsanddirectionThetableonpage8showsthealignmentoftheOCIOstrategicgoalstotheDepartmentrsquosfourstrategicgoalsTheOCIOgoalsareeitherdirectlyalignedorasignificantenablerforeachstrategicgoalAdirectalignmentisbasedonaclearlinkagebetweenthecontributionofOCIOgoalstotheaccomplishmentofamissionandanindirectalignment(notedascrosscutting)reflectslinkageswhereOCIOgoalscreatethetechnologicalorinformationsharingenvironmentwithinwhichastrategicmissionorgoalisaccomplished
8of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
ociostrategy overview
AlignmentofOCIOStrategicGoalstoDOErsquosStrategicGoals
DOE Goals
OCIO Goals
Transform Our Energy Systems
The Science and Engineering
Enterprise
Secure Our Nation
Management and Operational
Excellence
Leverage Existing IT DirectCrosscutting
DirectCrosscutting
DirectCrosscutting Direct
Foster New and Emerging IT DirectCrosscutting
DirectCrosscutting
DirectCrosscutting Direct
IT Governance Policy and Oversight Processes
DirectCrosscutting
DirectCrosscutting
DirectCrosscutting Direct
Risk-Based Cybersecurity Direct Direct Direct Direct
24 Target Opportunities
TheOCIOusesstrategicplansandothermanagementtoolstoensurethatITdecisionsmanagementresponsibilitiesandaccountabilityarepositionedtomeettheDepartmentrsquospresentandfutureneedsCoordinated with strategic planning the OCIO uses Departmental processes such as Enterprise Architecture (EA)ITCapitalPlanningand InvestmentControl (CPIC)andtechnologyassessmentprogramsto identifyopportunities toleveragebothexistingandnewtechnologiestosupportDepartmentgoalsTheseprocessesaimtoreduceperformancegapsintheoverallITportfoliobyretiringobsoletesystemsdevelopingnewsolutionsthatprovideimprovedperformanceandsupportingthedevelopmentofreusableapplicationcomponentsThisOCIOStrategicPlanhighlightskey initiativesandthepathforwardWithsuccessful implementationtheactionsdescribedinthisplanwillenabletheDepartmenttobestselectalignandmaximizeitsITresourcestofulfillDOEmission
25 IT Investment Portfolio
EachyeartheDepartmentselectsITinvestmentsthatmeetmissionneedscloseperformancegapsalignwithEAplansandalignwithexternaldriverssuchasOMBrsquos25PointImplementationPlantoReformFederalInformationTechnologyManagementThetablebelowshowsthebreakoutofDOErsquosBudgetYear(BY)2012ITportfoliobasedonDOEstrategicgoals
DOETotalITPortfolioBY2012
DOE Strategic Goal
Total Portfolio Funding
Dollars (in Millions) Percentages
Transform Our Energy Systems 13851 74
The Science and Engineering Enterprise 59406 318
Secure Our Nation 113010 604
Management and Operational Excellence 798 04
Total 187064 1000
As indicatedabove100percentofDOErsquosBY2012portfoliodirectlysupports the fourDOEstrategicgoals The ITportfolioischaracterizedbyawidearrayofinitiativesranginginsizeandsophisticationallofwhichareaimedatmissionaccomplishmentimprovedoperationalefficiencyandsupportofcrosscuttingDepartmentprioritiessuchassustainability
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 9of25
strategicgoals
30 OCIO Strategic GoalsTheOCIOhasITstrategicgoalsandobjectivesthatdriveachievementinDOEmissionandstrategicgoalsupport
Strategic Goal 1 Leverage existing information technology and expertise to maximize mission accomplishment and reduce costs
Objective1 ImplementasecureDOEfederalinfrastructurebyimprovingITservicesintoa best-in-classproviderfrombothatechnicalandbusinessperspective
Objective2 Developacomprehensivebusinessmanagementandcontractingstrategytoreducethecomplexityandimprovetheagilityofinternalandexternalsupportcontracts
[25PointImplementationPlanforFederalITReform]
Objective3 GeneratesubstantialsavingswithinOCIOandacrossDOEthroughtheimplementationofacomprehensiveenterpriseITconsolidationandsustainabilityplan
[DOEStrategicSustainabilityPerformancePlanExecutiveOrder1351425PointImplementationPlanforFederalITReform]
Objective4 Establishthehumancapitalandorganizationalfoundationtocreateahigh-performingorganization [25PointImplementationPlanforFederalITReform]
Strategic Goal 2 Identify and foster new and emerging information technology to maximize mission accomplishment and reduce costs
Objective1 Establishaformalsustainablefederaltechnologydeploymentprogram
Objective2 Identifyandleverageinnovativeservicedeliverymethods [FederalCloudFirstPolicy25PointImplementationPlanforFederalITReform]
Objective3 Identifyandfosteruseofgreentechnologytosupportenergyusereductiongoals [DOEStrategicSustainabilityPerformancePlanExecutiveOrder13514]
Strategic Goal 3 Provide Departmental IT governance policy and oversight processes to ensure secure efficient and cost-effective use of IT resources
Objective1 ImplementandinstitutionalizeareformedintegratedinformationtechnologymanagementgovernanceprocessthattreatsMampOsdistinctivelydifferentthantruefederalentities
Objective2 EstablishandimplementrobustDepartmentalpolicyonITissuesandappropriateIToversightprocesses [Clinger-CohenActDOEOrder2001AOMBCircularsA-11amp130]
Objective3 Revitalizetherecordsmanagementprogramtoraisegeneralawarenessanddevelopplans [FederalRecordsActPaperworkReductionActDOEOrders2431amp243236CFRChapterXIISubchapterB]
Objective4 EstablishstrongcooperativeinternalandexternalpartnershipsthatleadtoeffectiveinformationsharingandamutuallysupportiverelationshiptoachievingtheDOEmissionandapplicablefederalgoals
Strategic Goal 4 Strengthen enterprise situational awareness to foster near-real-time risk management and combat the advanced persistent threat forge interagency and sector partnerships to protect critical infrastructure promote information sharing and advance technologies for cyber defenses
Objective1 Implementaproactivecyberriskmanagementprogramthatensuresappropriateand cost-effectivesecuritytoenablemissionsandmeetlegalOMBandregulatoryrequirements
[FederalInformationSecurityManagementActDOEOrder2051B]
Objective2 ImplementacyberincidentmanagementprogramthatenhancessecurityoffederalandMampOnetworksandprovidesenterprise-widecoordinationandresponse
[FederalInformationSecurityManagementActDOEOrder2051B]
Objective3 Implementanenterprisecontinuousmonitoringstrategytocultivateactionableintelligenceandrapidlyinformmanagementaction
[FederalInformationSecurityManagementActDOEOrder2051B]
Objective4 Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopment [NationalInitiativeforCybersecurityEducation]
10of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
31 Strategic Goal 1
Leverage existing information technology and expertise to maximize mission accomplishment and reduce costs
The OCIO has established comprehensive functions to address policy people and processes related to ITmanagementByworkingfromasoundorganizationalfoundationandfocusingoncontinuousimprovementtomeetnew challenges theOCIOwill leverage an array of existing resources including human capital contractual andorganizationalprocessestoensureeffectiveITmanagementandstrongmissionsupportthroughouttheDepartmentDescriptionsoftargetedoutcomesandactionsrelatedtothisgoalaredescribedbelow
Objective1ImplementasecureDOEfederalinfrastructurebyimprovingITservicesintoabest-in-classproviderfrombothatechnicalandbusinessperspectiveTheOCIOOfficeforEnergyITServices(EITS)hastheresponsibilitytoprovidesharedandcrosscuttingITinfrastructuretothefederal community including theDOE-wide network servers for application anddata hosting secure internet access e-mailservicesfederaldesktopsandhelpdesksupportTheEITSteamworkstoprovideefficientlowcostservicesconsistentwithservicelevelagreementsinplacewithcustomersfromacrosstheDepartmentEITSisfocusedonbecomingtheDOEcommodityservicesproviderofchoice
ESSENTIALACTIONS DevelopanddeployavirtualdesktopinfrastructurecapableofsupportingallDOEfederaldesktopsimprovingtheinterconnectivitybetweenfederalandMampOinformationresourcesandprovidingdevice-agnosticconnectivity
Developafive-yearenterprisetechnologyroadmapthatoutlinesanear-andlong-termtechnologymigrationpathforfutureEITSservices
TaRGETED OuTCOMES
AstandardizedsimplifiedfederalITinfrastructure Reducednumberofcomponentsrequiredtooperate Reducednumberofinfrastructuresitesandfacilities
Strengthenedcybersecurity Sharedservices Increasedoperabilityandefficiency
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 11of25
strategicgoals
Objective2DevelopacomprehensivebusinessmanagementandcontractingstrategytoreducethecomplexityandimprovetheagilityofinternalandexternalsupportcontractsTheOCIOrsquosbusinessmanagementandcontractingstrategywillhavetwomajorelementsestablishinganOperationalInformationTechnologyServices (OITS) contract by late FY (Fiscal Year) 2011and continuedoptimizationof the currentEnterpriseWideAgreements(EWA)ProgramAspartofanoverallITacquisitionframeworktheOCIOseekstoleveragethecostsavingsandmanagementefficienciesthatresultfromacquiringandmanagingcommodityITproductsandservicesaswellascommerciallyavailablesoftwareonagovernment-wide basis Contract administration efficiencies are achieved by reducingmultiple contracts to one and improved pricing isobtainedbyleveragingtheDepartmentrsquostotalbuyingpowerTheOITScontractwillbeestablishedinFY2011toconsolidateandoptimizecommodityITservicesthroughouttheDOEcomplexEmphasiswillbeplacedonmaximizinguseofthiscontracttodecreasetheDOErsquosITtotalcostofownershipThiscontractwillalsobestructuredtominimizesubcontractingThe OCIOrsquos EWA Program is a collection of optional-use strategic sourcing contracts for common-use software hardwareandservicesusedwithin ITorganizationsacross theDepartment TheEWAProgram isstructuredtoallowuseby theentireDOEcomplexincludingDOEProgramOfficesStaffOfficesFieldSitesNationalLaboratoriesandPowerAdministrationsandsupportsandcomplieswiththeEnergy-WideStrategicSourcing(EWSS)ProgramFederalSmartBUYinitiativeClinger-CohenActandotherlegislativeandDOEpolicies
ESSENTIALACTIONS DriveincreaseduseofboththeOITScontractandtheEWAProgramthroughanaggressive stakeholdercommunicationsandmanagementprogram
Reduceadministrativecostofadministeringcontractsbydocumentingandautomatingprocesses OptimizetheEWAprogramtocreatemorecosteffectiveoptionsforourcustomers AwardnewITsupportservicescontractforcurrentIT
TaRGETED OuTCOMES
MaximizedbuyingpowerandreducedtotalcostofITownershipbyattainingoptimalpricingthroughtheaggregationofsoftwarerequirements
StreamlinedacquisitionprocesstoincreaseITcontractadministrationefficienciesthroughconsolidationopportunitiesoflegacyITcontractsintosinglecontractvehiclesandenterpriselicenseagreements
Objective3GeneratesubstantialsavingswithinOCIOandacrossDOEthroughtheimplementationofacomprehensiveenterpriseITconsolidationandsustainabilityplanByconsolidatingITinfrastructureasdirectedintheFederalDataCenterConsolidationInitiative(FDCCI)andthroughthecontinuedimplementation and evolution of the Departmentrsquos Strategic Sustainability Performance Plan (SSPP) the Departmentwill cutcostswhilereducingitscontributionoffederalgreenhousegasesTheSSPPcontainselectronicstewardshipgoalsthatfocusonconsolidatingandreducingdatacentersandimplementingimprovementsintheenergyuseatdatacentersTheOCIOhasDepartmentalleadershipresponsibilityfortheseeffortsandispursuingactivitiestoconsolidateITservices
ESSENTIALACTIONS LeadaDepartment-wideefforttoidentifyandconsolidatecommodityITservices Developandimplementafederaldatacentermodernizationandconsolidationplan Reducethenumberoffederaldatacentersbysix(6)byFY2015
TaRGETED OuTCOMES
Reducednumberofdatacenters Reducedrealestatefootprint Reduceddatacentercosts
Realizedenergysavings Increasedresource-utilizationrates ReducedcostsofcommodityITservices
12of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Establishthehumancapitalandorganizationalfoundationtocreate ahigh-performingorganizationTheOCIOrecognizesthestrategicmanagementchallengerequiredtohireandretainahighly-skilledITworkforceandisworkingtoaddressthecriticalityofstrengtheninghumancapitalasadriverfororganizationaleffectivenessTheOfficeofManagementandBudget(OMB)hasidentifiedaspecifichuman-capitalinitiativethatisdirectedtowardaligningaprofessionalworkforceinsupportofaDepartmentrsquosmissiongoalsandstrategiesTheOCIOhasdevelopedrecruitmentrequirementstofocuseffortsonidentifyingqualifiedcandidateswhoareabletoeasilyadapttochangesbroughtaboutbynewtechnologiesandiscurrentlyidentifyinggapsinskillsandabilitiesofthecurrentworkforcedevelopinghiringplanscreatingtrainingandprofessionaldevelopmentplansanddocumentingnewefficientbusinessprocessesInadditioninitiativeshavebeenimplementedtofocusonmaximizingemployeeperformancebyinstitutingdevelopmentprogramsandenrichmentopportunitiesthatmotivateandinspireemployeesTheOCIOwillcontinuetorecruitandretainnewtalentforcriticalmanagementandmission-criticalpositionsinordertoachievekeyobjectivesAspartofitsstrategicplanningtheOCIOhasestablishedrolesandresponsibilitieshigh-levelprocessflowsandanorganizationstructuretopositionitselftobecomeahigh-performingorganization
ESSENTIALACTIONS Leveragepasteffectivenessefficiencyreviewsandneworganizationalandskillsassessmentstoidentifyplan andimplementchangestorolesresponsibilitiesandreportingrelationships
Re-alignexistingpersonnelresourcestomoreeffectivelymatchexistingskillstorequirements Rapidlyhiretop-qualitypersonnelasgapsareidentifiedparticularlyseniorstaffpositions Strengthenperformance-basedpersonnelmanagement Implementanewperformance-managementsystemtobetterrecognizeandrewardsuperiorperformance ensuringahigh-performingandaccountableworkforce
Implementaperformanceframeworkforaccountabilityattheemployeelevel Implementacomprehensivetrainingprogramtocloseskillgapsandsustaintechnicalcompetence
TaRGETED OuTCOMES
AlignedworkforceskillstoDOEmissionsandpriorities Increasedprofessionaldevelopmentwithin thefederalworkforce
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 13of25
strategicgoals
32 Strategic Goal 2
Identify and foster new and emerging information technology to maximize mission accomplishment and reduce costs
ThisstrategicgoalidentifiestheareasoffocusandtheprocessesbywhichnewandemergingtechnologyisassessedandcanbecomeanenablertoachievingtheDOEmissionTheOCIOrsquosroleinthisareaistosupportProgramsacrosstheDepartmenttoidentifyandfostertheacquisitionanduseofemergingITtoleveragenewcapabilitiesandrethinkhowtomanagecommunicateandinteractwithdepartmentalinformation
Objective1EstablishaformalsustainablefederaltechnologydeploymentprogramTheOCIOprovidesexpertiseand leadership topartnerorganizationsacross theDepartment in the identificationofnewandemergingtechnologythatisusefulinsupportingthemissionTosupportthisfunctionaChiefTechnologyOfficerhasbeenplacedandanOCIOOfficeofCorporateProjectshasbeenstooduptocoordinatepartnershipoutreachandtechnologyresearchefforts
ESSENTIALACTIONS Developandimplementatechnologyinnovationprocesstoensurewell-formedinputandhandoffs toITactivitiesacrosstheDepartment
DefineaprocessforeffectivelymanagingprojectswithintheOCIO RefinetheDOEITStrategicRoadmapprocess ExpandtheOCIOrsquostechnologyoutreachandleadershipviaaseriesofsummits
TaRGETED OuTCOMES
Reducedcostofmissionaccomplishmentsduetomoreproductivetoolsandprocesses
Improvedknowledgesharing
14of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2IdentifyandleverageinnovativeservicedeliverymethodsTheOCIOcontinuallymakesanefforttoprovidenecessarymissionsupportatthelowestpossiblecostandinthemosttransparentmannerByleveraginginnovativeservicedeliverymethodssuchason-demandinfrastructureviacloudcomputingtheDepartmentgainsflexibilityinmissionsupportatlowpredictablecostsTheDepartmentrsquoscloudcomputinginitiativeisfollowingtheFederalGovernmentrsquoscloudcomputingdirectionforpursuingcloudasthepreferredchoiceincapitalprojectsThisinitiativealsosupportstheFederalRiskandAuthorizationManagementProgram(FEDRAMP)certificationofprivatesectorcloudalternativesThisinitiativeiscloselylinkedtootherinitiativesincludingsustainabilityanddatacenterconsolidation
ESSENTIALACTIONS IdentifyandevaluateservicedeliverymethodsforuseatDOE Implementcloudcomputingservicedelivery Identifyandprovidebestpracticesincloudcomputingacquisition Developasourcingstrategyforinnovativeandemergingtechnologiessuchascloudcomputingvirtualizationmobilecomputingetc
TaRGETED OuTCOME
ReducedcostsofITcommodityservicesduetoincreaseduseofcloudcomputing andotherinnovativeservicedeliverymethods
Objective3IdentifyandfosteruseofgreentechnologytosupportenergyusereductiongoalsConsistentwiththeoverarchingstrategyofchangingthelandscapeofenergysupplyanddemandtheSecretaryhasestablishedenergyconsumptionreductiontargetsfortheagencyHistoricallyIToperationshavealwaysrequiredsignificantenergyinputsHowevernewtechnologiesandstrategiesareconstantlybeingdevelopedforenergyefficient ITserviceandoperations TheOCIOiscommittedtoidentifyingandleveragingnewtechnologyandtechniquestoensurethatITisasignificantcontributortothereductionofenergyconsumptionDepartment-wideTheOCIOispursuingactivitiestoimplementsoundITenergymanagementpracticesthatwillresultinreducedairconditioningcostsandsubstantialenergysavings
ESSENTIALACTIONS Promoteenergyconservationandpaperwastereductionbyraisingawarenessofpreferredalternativessuchassharedprintersandduplexprintingandtheuseofworkplacemulti-functiondevices
Reduce(metered)electricityconsumptiontoreflectofficeanddesktoppowermanagement ImproveDepartment-widepowermanagementofdesktopcomputersprintersetc IdentifyimproveddatacenterandspaceplanningthroughtheEnergySavingscontractandpublic-privatepartnerships
TaRGETED OuTCOME
ReducedDepartment-wideenergyconsumptionandintensitybyFY2015nolessthan30onaverageacrosstheentireDepartmentrelativetotheDepartmentrsquosenergyuseinFY2003
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 15of25
strategicgoals
33 Strategic Goal 3
Provide Departmental IT governance policy and oversight processes to ensure secure efficient and cost-effective use of IT resources
TheOCIOprovidesleadershipandcoordinationforDepartmentalITmanagementthrougheffectiveITgovernanceprovisioning of IT policy and the implementation of IT oversight processes related to enterprise architecture ITinvestmentmanagementandothercrosscuttingITfunctionsBypartneringwithDOEProgramsingovernanceandoversightprocessestheOCIOensuresthatITservicesandassetsremainalignedwithmissionneeds
Objective1ImplementandinstitutionalizeareformedintegratedinformationtechnologymanagementgovernanceprocessthattreatsMampOsdistinctivelydifferentthantruefederalentitiesTheOCIO is actively redesigning ITgovernancearound its strategicgoals andobjectivesanddoingawaywith thedisparateITgovernancemechanisms thatareoftenuncoordinatedand result inpoormanagement TheOCIO is rethinking itscurrentgovernancestructureandwill refocusandcoordinategovernancegroups toensureappropriateparticipationownershipandaccountability
ESSENTIALACTIONS ReviewandaddressITissuesusingtheappropriategovernancegroups IntegrateandalignexistinggovernancegroupsincludingtheInformationManagementGovernanceCouncilInformationTechnologyCouncilandassociatedworkinggroups
TaRGETED OuTCOME
Establishmentofcoordinatedgovernancegroupsandprocesseswithappropriateauthoritiesrolesandresponsibilities
16of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2EstablishandimplementrobustDepartmentalpolicyonITissues andappropriateIToversightprocessesAsadecentralizedDepartmentindividualProgramsandsitesacrosstheDOEcomplexperformtheacquisitionandmanagementofITresourcesTheOCIOisresponsibleforestablishingpolicyandstandardsandoverseeingDepartmentalITmanagementtotheappropriatedegreenecessarytoensureconsistencyinteroperabilityandsecurityImplementing IToversightprocessesensures that theDepartmentrsquosportfolioof IT investments fully addressDOErsquosbusinessneedsandstrategiesTheOCIOhassuccessfullyimplementedTechStataface-to-faceevidence-basedaccountabilityreviewofanITinvestmentresultinginconcreteactionstoevaluateITinvestmentsandtoaddressweaknessesandturnaroundtroubledinvestmentsTechStatisvitaltotheDepartmentrsquosabilitytoimproveline-of-sightbetweenteamsandseniormanagementandfacilitates closermanagement of IT project progresswith the ability to identify and address performance issues before theybecomecostlytofix
ESSENTIALACTIONS ReviewandupdateITpolicyandguidancetoaddresschangesinrequirements Identifyandaddressrequirementsfornewpolicyandguidanceinatimelymanner IdentifyHeadquarterandFieldinvestmentstobeincludedintheTechStatReviews ConductTechStatreviewsregularlyattheHeadquarterandProgramlevels MapOCIOpolicytointernalandexternalrequirements AddressgapstoensurethatasoundframeworkforITmanagementisestablished
TaRGETED OuTCOMES
Maintainedcompletedandup-to-datepolicyandguidanceonITacquisitionandmanagement EstablishedappropriateIToversightprocesses
IncreasedprecisionofongoingmeasurementofITinvestmenthealth Improvedaccountabilitywithfocusonconcreteactionstoimproveperformance
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 17of25
strategicgoals
Objective3RevitalizetherecordsmanagementprogramtoraisegeneralawarenessanddevelopplansTheDepartmenthasarenewedandreinvigoratedemphasisoncomprehensivefederalrecordsmanagementatDOEInaneraofrapidlychangingtechnologyrecordsarebeingcreatedandstoredinawidevarietyofformatsandmediaTraditionalprocessesofrecordsmanagementmustbeupdatedtoaddressthischangingenvironmentTheSecretaryofEnergyandtheDepartmentarededicatedtohavingacomprehensiverecordsmanagementprogramwherebythesystematiccontrolofthecreationmaintenancestorageanddispositionoffederalrecordsareensuredthroughtheestablishmentof andadherence to standardizedpoliciesprocesses and the trainingof federal staff andcontractors TheOCIOprovidesDepartmentalleadershipandcoordinationofthiseffort
ESSENTIALACTIONS DevelopaDepartmentRecordsManagementTacticalPlan Developarecordsinventoryanddispositionschedulelifecyclemanagementplan DevelopanddeployaDepartmentRecordsManagementTrainingcurriculum ProviderecommendationsfordocumentmanagementsystemsandRMAsystemscurrentlyavailable
TaRGETED OuTCOMES
EnsureduniformcompliancewithrecordsmanagementlawsandpracticesthroughDepartmentalrecordsmanagementgovernance UpdatedRecordsManagementpolicyviaanimprovedDOEOrder2431(B)thataddressespreviousshortcomingswithregardstorecordsmanagementandvitalrecordsgovernancemanagementandtraining
Developedcomprehensive(required)recordsmanagementtrainingthatensuresallDOEemployeesandcontractorsunderstandrecordmanagementrequirements ImplementRecordsManagementApplications(RMA) toensurethecontrolandmanagementofallldquopermanentrdquoandldquonon-permanentrdquorecordsacrosstheDepartmentincludinge-mail
Objective4EstablishstrongcooperativeinternalandexternalpartnershipsthatleadtoeffectiveinformationsharingandamutuallysupportiverelationshiptoachievingtheDOEmissionandapplicablefederalgoalsTheOCIOexercisesleadershipwithinandoutsidetheDepartmentthroughpartnershipsinsupportofAgencyandFederal-wideinitiativesSuchmutuallysupportivepartnershipsfostertrustandcommunicationandleadtotheidentificationofITmanagementbestpractices
ESSENTIALACTIONS EstablishmutuallysupportiverelationshipswithDOEProgramOfficesfunctionalmanagersandMampOCIOs Establishmutuallysupportiverelationshipswithotherfederalagencies
TaRGETED OuTCOMES
OCIOisarecognizedbusinesspartnerofDOEProgramOfficesfunctionalmanagersandMampOCIOs
ImprovedmanagementoffederalandprivatesectorpartnerinitiativessuchascloudcomputingIPv6andtheFederalRiskAuthorizationandManagementProgram(FedRAMP)
18of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
34 Strategic Goal 4
Strengthen Enterprise Situational Awareness to Foster Near-Real-Time Risk Management and Combat the Advanced Persistent Threat
Forge Interagency and Sector Partnerships to Protect Critical Infrastructure Promote Information Sharing and Advance Technologies for Cyber Defenses
TheDepartmentrsquosstrategicpathforwardforcybersecurityalignswithAdministrationprioritieswhichincludedeliveringsector-focusedcybersecuritysolutionstotheDefenseIndustrialBase(DIB)andprovidingleadershipintheexecutionoftheComprehensiveNationalCyberSecurityInitiative(CNCI)
We know that to achieve itsmissions DOEmust be forward-focused in defending its diverse infrastructure andbroadrangeofinformationassetsIncollaborationwithourNationalLaboratoriesandinter-agencypartnersweareleadingthetechnologicaladvancesnecessarytosecureoureconomicfutureanddefendGovernmentandcriticalinfrastructurefromincreasinglysophisticatedcyberattacks
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 19of25
strategicgoals
Objective1Implementaproactivecyberriskmanagementprogramthatensuresappropriateandcost-effectivesecuritytoenablemissionsandmeetlegalOMBandregulatoryrequirementsTheOCIOisleadingthedevelopmentoftheDepartmentrsquosRiskManagementApproach(RMA)fortheDepartmentrsquosCyberSecurityProgram(CSP)Thisapproachinstitutionalizesmission-focusedriskmanagementandlinemanagementaccountabilityforensuringappropriateprotectionofDOEinformationandinformationsystemsTheRMAandtheCSPrepresentanextensivecollaborativeeffortthatexemplifiestheDepartmentrsquosStrategicGoaltoldquoEstablishanoperationalandadaptableframeworkthatcombinesthebestwisdomofallDepartmentstakeholderstomaximizemissionsuccessrdquoTheRMAimplementsthefourcomponentsofriskmanagement(framingassessingrespondingandmonitoring)atallDOEorganizationlevelsTheOCIOpartnerswiththeOfficeofIntelligenceandCounterintelligence(IN)andtheIntelligenceCommunitytosharecriticalthreatinformationwiththeFederalcommunityacrosssecuritydomainsandrapidlyinformDOEprogramriskmanagementdecisionstoprotectagencyassetsTheOCIOwillcontinuetoexpandtheseeffortswhileleveragingadvancedresearchanddevelopmentcapabilitiestomitigatethefullspectrumofthreatsTheRMAdefinesgovernanceandprocessesfor assessingthreatsanalyzingrisksandsharingriskinformationthroughthecorporateriskexecutive informingrisk-baseddecisionsthatconsidermissionassuranceandcost-effectiveriskmitigationstrategiesprovidingtheappropriatebenefitfromavailablecybersecurityresourcesfirst
conveyingassuranceandconductingoversightand ensuringconsistencywithguidelinesfromtheNationalInstituteofStandardsandTechnology(NIST)andCommitteeonNationalSecuritySystems(CNSS)cyberrequirementsprocessesandprotections
TheRMAwillimplementautomatedenterpriseGovernanceRiskandCompliance(eGRC)capabilitiestoimprovedatacollectionaggregationand reportingThiseffortwill reducecosts re-direct resourcesandmanagement focus towardsoperationsandimproveOCIOcustomerservice
ESSENTIALACTIONS IdentifyanddocumentexistingRMAcapabilitiesincludingContractorAssuranceSystemssolutionsthatcouldbeleveragedinthetargetEnterprisecapability
FinalizeRMAmanagementplantoprograminputsfromSeniorDOEManagement ConductanddocumentRMAmaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimprovedRiskManagementdecisionsupport
TaRGETED OuTCOMES
Increasedresourceefficiencyandautomation Improvedsecuritypostureandenterprise situationalawareness
Increasedmissionassurancebetterinformed riskmanagementdecisions
20of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2ImplementacyberincidentmanagementprogramthatenhancessecurityoffederalandMampOnetworksandprovidesenterprise-widecoordinationandresponseThe OCIO is partnering with the NNSA OCIO the NationalLaboratoriesand INtodeveloptheDepartmentrsquosnextgenerationincidentmanagementcapabilityThis initiativeknownastheJointCyberSecurityCoordinationCenter(JC3)willintegrateDepartmentalincidentmanagementcapabilitiesintoacoordinatedresponseentitytoprovidefrontlinecyberdefenseandDepartment-levelsituationalawareness JC3 will strengthen DOErsquos role as a leader in thenational-level cybersecurity community through the timely sharingof DOE-derived cyber threat information with other agenciesJC3 will facilitate the aggregation correlation and deconflictionof inputs fromDepartment-wide sensor networks and other datasourcesprovidescomputer forensicanalysisandconductattacktrending tracking and mitigation of Advanced Persistent ThreatJC3 will coordinate incident management activities (Fxhibit 1)includingpreventiondetectioncontainmentandrecoveryforDOEElementsandcoordinatecommunicationsonbehalfoftheagencyfor cybersecurity events and emergency responsewithUS-CERTandagencypartners
ESSENTIALACTIONS IdentifyanddocumentexistingDOEIncidentManagementcapabilitiesincludingMampO-sponsoredsolutionsthatcouldbeleveragedintheJC3
DevelopJC3governancemodeltoincludeviableout-yearfundingmodel FinalizeprogrammanagementimplementationplanincludeplanforcoordinationofManagementExecutiveCouncil-DOECyberResearchandDevelopment(RampD)AdvanceTechnologiesinitiative
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimproveddecisionsupport
TaRGETED OuTCOMES
DocumentedenterprisebaselineofrequirementsmapexistingcapabilitiesincludingNationalLaboratoriesrsquoresourcesandexpertise ImprovedDOEenterpriseandGovernment-widecoordinationforresponsetosignificantcyberevents andAdvancedPersistentThreat
Improvedenterprise-wideeventmanagementreporting ImprovedleveragingofRampDandadvancedtechnologiestodetectandpreventcyberattacks
Preparationamp Prevention
Recover Era
dicat
e
ContainDet
ect
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
Figure1IncidentManagementLifecycle
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 21of25
strategicgoals
Objective3ImplementanenterprisecontinuousmonitoringstrategytocultivateactionableintelligenceandrapidlyinformmanagementactionOMBandFederalagencieshave increasingly recognized the limitedvalueofpoint-in-timesecurityauthorization for informingriskdecisionsandachievingeffectiveriskmanagementTheOCIOisleadingagencyeffortstodevelopContinuousMonitoring(CM)strategiesthatmoreeffectivelydirectandutilizeresourcesinprotectingagencyassetsThisCMprogramwillleveragetheRMAandshareOCIOeGRCcapabilitiestocultivateactionableintelligenceandenhancedecisionsupportfortheDOEanditsstakeholdersInimplementingtheCMprogramtheOCIOwill Identifyenterprise-levelCMinputsnecessarytobuildenterprisesituationalawarenessandinformriskmanagementdecisionsinnear-realtime(egthreatinformationstakeholdercommunicationflowsmissiondataetc)
Definetheprocessandperiodicityforreviewingandupdatingpoliciesstandardsandprocedurestomaintaincompliancewithcurrentstatutoryandregulatorydrivers
DescribehowCMdatawillbeaggregatedcorrelatedandanalyzedtoproduceactionableintelligenceandinformriskdecisionsincludingreporting
DevelopaCMImplementationPlanthat leveragesexistingresourcesfirst deploysinphasestocapturevaluequickly describesknowledgechainsandvaluepointsfororganization
AssessandmeasureprogrammaturitydevelopprocessesforcontinuousprogramimprovementtoincludeinnovationthroughRampDandadvancedtechnologiesoptimizationandlifecycleintegration
ESSENTIALACTIONS Identifyanddocumentgovernancecompliancerequirementsmodelsandprocessesthatimpactandcontributetocontinuousmonitoring
DevelopenterpriseCMStrategytoincludeincorporationofadvancedtechnologiesandinformationsharingwithinDOEorganizationsandexternallytotheFederalcommunity
ConductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyofCMStrategy
TaRGETED OuTCOMES
Integratedmulti-tiercontinuousmonitoringstrategythataddressesgovernanceenterpriseservicesandsystem-levelimplementation
AutomatedcommonreportingprocessforDOEHeadquartersProgramandSiteOffices InformedriskdecisionsusingcriticaldataflowsthatareidentifiedandincorporatedintoCMplans
22of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopmentNational workforce education and development initiatives such as the National Initiative for Cybersecurity Education (NICE)continue to underscore the critical importanceofwell-trained and capable cybersecurityworkforce to execute theprogramsthat support risk management and enable mission operations The OCIO is leading the enhancement of the Departmentrsquoscybersecurity trainingandworkforcedevelopmentprogram includingpartneringwithDepartmentofDefense to reducecostsbyleveragingtrainingresourcesThiseffortincludesamultiyearmulti-prongedapproachtowarddevelopingandmaintainingatrainingrepositorythatmapstrainingtocriticalcybersecurityrolesandindividualswithsignificantsecurityresponsibilitiesTheprogramiscentrallymanagedthroughtheOCIOandwillprovideafullscopeofadvancedtrainingresourcesandcapabilitiestoassistallDOEElements
ESSENTIALACTIONS DevelopenterpriseCybersecurityTrainingImplementationPlan Establishcommunicationsplantoensurecriticalrolesaremappedtoindividualsindividualtrainingplansareestablishedandcompletionratesaretracked
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyoftrainingprogram
TaRGETED OuTCOMES
Increasedworkforceawarenessandcapability improvedmitigationofinsiderthreat Improvedsecuritypostureandworkforcealignment withmissionpriorities
Identificationofkeycybersecurityroleswithineachorganizationincludingdocumentationofindividuals withsignificantsecurityresponsibility
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 23of25
appendix
Appendix A Strategic Initiatives
IdentityCredentialampAccessManagement(ICAM)This initiative establishes a framework for implementation of a variety ofidentity verification and access management capabilities It addressesrequirements related to HSPD-12 and enhances existing Public KeyInfrastructure (PKI) capabilities These key technologies enable theexchangeoftrustedidentitiesacrossDOEandwithotheragencypartnersHSPD-12 - This investment brings the Department in compliance withHomeland Security Presidential Directive 12 The initiative provides anenterprisestandards-basedauthenticationandauthorizationinfrastructurethatofferssecureseamlessbusinesstransactionsandinformationexchangewithinDOEandacrossmanydisparateagenciesandorganizationsTheprogramwillreduceexistinglogicalandphysicalsecurityvulnerabilitiesandmitigate risks toestablish theprerequisite levelofsecurity forcriticalenterprisebusinessfunctionsBoththetechnologysolutionsandongoingsupport providedby the initiativewill enableDOE to ensure that systemusers are who they claim to be (authentication) allow effective use ofdigitalsignatures(dataintegrityandaccountability)andrestrictaccesstoappropriatelyauthorizedusers(accesscontrol)PKI -ThemissionofPKISupportServicesistoprovideelectronicservicesrelated to authentication confidentiality privacy data integrity and non-repudiationthroughtheuseofdigitalidentitiesdigitalsignaturesandtwo-factorauthenticationtokensTheseservicesareavailabletoallcustomersthathaveavalidbusinessneedtosecureandtransmitsensitiveDepartmentdataandortherequirementtopositivelyidentifythemselvestoDepartmentresources
TaRGETED OuTCOMES ProvideastandardizedDOEIDCardcompliantwithHSPD-12andcapableofsupportingphysicalandlogicalaccessrequirementssuchascryptographicstorageofdigitalcredentialsintegratedstandards-basedbuildingproximitysupportandaprintedformatthatcomplieswithfederalIDcardrequirements EnhanceapublickeyinfrastructuresolutionthatcomplieswithfederalstandardsandsupportsDOErequirementsforconfidentialityintegrityandauthenticity ImplementanIIdentityCredentialandAccessManagementsolutionthatservesasthebasisofacommonsecurityinfrastructurethatcansupportdiversesystems EnsureDOEpublicexternalfacingserversand(web-enabled)servicestouseIPv6bytheendofFY2012
SustainabilityandFederalDataCenterConsolidationInitiativeThis initiative addresses requirements under the Federal Data CenterConsolidation Initiative (FDCCI) anOMB led initiative to consolidate andreducethenumberoffederaldatacentersItalsosupportsDepartmentalenergy reduction and sustainability goals as documented in the DOEStrategicSustainabilityPerformancePlanDatacenterreductiongoalswillbeachievedthroughincreasedefficienciessuchastheuseofvirtualizationconsolidation of requirements and implementation of increased use ofcloudcomputinginfrastructureasaservice
TaRGETED OuTCOMES ReducethenumberofDOEfederaldatacentersby6by2015
PerformanceManagementDashboardsThePerformanceManagementDashboards initiativeworkswithProgramOffices to develop business intelligence systems that inform seniorDOEmanagement about the effectiveness and efficiency of its program andfinancials This initiative also includes the development of Science ampTechnology in Americarsquos Reinvestment Metrics (STAR METRICS) formeasuring the effect of research on innovation competitiveness andscienceWhilethisinitiativeisintheearlystagesthegoalistouseProgramOfficeintelligencesystemstoleveragecontractorassurancesystemsandimprovethetransparencyofMampOcontractorperformance ThiswillprovideDOESenior Management visibility into contractor project performance muchearlierenablingimprovedperformancemanagement
TaRGETED OuTCOMES EstablishDOEintelligencesystemsthatprovidetransparencyandvisibilityintoprogramandfinancialperformance ProvideSeniorDOEManagementtimelyperformanceinformationtosupportdecision-makingviathePerformanceDashboards
24of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
appendix
FinancialAssistanceThe US Department of Energy (DOE) provides a significant amount offinancialassistancetosupportinnovationandprogressforAmericarsquosenergyscientificandnationalsecurityneedsevaluatingthousandsofapplicationseachyearandawardingbillionsofdollarsinfinancialassistanceDuetotheimportanceofDOErsquosinvestmentsandtheimpactofourresearchportfolioinsupportingournationalobjectivesandDOErsquosstrategicplantheDOEDeputySecretaryandOperationsManagementCouncildirectedtheOCIOtoconductanevaluationoffinancialassistancesystemswithinDOEto determine the scope of the opportunity to modernize the underlyingsystemsand services in support of financial assistanceprogramsat theDepartmentCurrentlyDOEreliesonamixofsystemsandprocessestoadministerfinancialassistanceawardsrangingfromin-housetooutsourcedproducts and has no single system or tool tomanageDOErsquos completeinvestmentportfolioAsaresulttheOCIOhasevaluatedfinancialassistancetechnologysolutionstoidentifyanoptimalapproachcontinuingourroleofprovidingtechnologyleadershippromotinginnovationandeffectiveoperationsacrossDOETherecommendationspromoteamoreintegratedenvironmentforcoordinatingexecutive insight into thefinancialassistanceactivitiesat thedepartmentandenablegreatertransparencyIn addition the effort promotes DOErsquos federal leadership initiatives suchas the STAR METRICS program which provides a common empiricalframeworktoidentifyoutcomesofresearchinvestmentsandpromotestheDepartmentrsquoscommitmenttoscienceandinnovation
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)TransitionThe IPv6 Transition initiative ensures DOE infrastructure and applicationlifecyclemanagement is aligned with the technical imperative and OMBdirectiontopreparefederalagenciestouseInternetProtocolVersion6by2014(OMBMemorandum92810)Agencydeadlinesinclude Upgradepublicexternalfacingserversandservices bytheendofFY2012
UpgradeinternalclientapplicationsbytheendofFY2014
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummitsTheOCIOhostsaseriesofsummitsfocusedonadvancedtechnologyandinnovationeffortsacrosstheDepartmentanditspartnerstohighlightwaysinwhichtheseactivitieshelpussucceedinourmissionandcontributetosuccessoftheNationrsquosgoalsandgrandchallengesThiseffortcontinuestheOCIOrsquosroleofpromotinginnovationshowcasingtechnologyleadershipandidentifyingopportunitiestomodernizeservicesandleveragethepowerof itThrough these types of forums opportunities are communicated anddiscussedinanopencollaborativeenvironmentandinitiativesacrossDOEcanbebroughttogethertopromotecollaborationandinformationsharingIndividuallysummitsprovidetopical-baseddiscussionsusecasesandbestpractices thatare linkedtoDOEandtheOCIOrsquoscontinualmodernizationandtechnologyreuseinitiativesandcreategreaterawarenessofthewaysweengageinourmissionOrganizationsparticipate fromacross theDOEenterprise includingotherfederalagenciesaswellaspublicandprivatepartnersandthesediscussionsprovide an opportunity to share stores and success helping identifycommonalitiesaswell asanunderstandingof theuniquecircumstancesencounteredbyindividualmissionsandoffices
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 25of25
appendix
FinancialAssistance
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)Transition
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummits
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
Appendix B List of Acronyms
ARB ArchitectureReviewBoardBRM BusinessReferenceModelCAM CorporateAssetManagementCampA CertificationandAccreditationCFO ChiefFinancialOfficerCIO ChiefInformationOfficerCHRIS CorporateHumanResource
InformationSystemCNCI ComprehensiveNational
CybersecurityInitiativeCNSS CommitteeforNationalSecuritySystemsCOTS CommercialOfftheShelfCPIC CapitalPlanningandInvestmentControlCRB CorporateReviewBudgetDIB DefenseIndustrialBaseDoe Department of energyEA EnterpriseArchitectureEATP EnterpriseArchitectureTransitionPlanEAWG EnterpriseArchitectureWorkingGroupEITS EnergyITServicesESNet EnergyScienceNetworkEVM EarnedValueManagementEWA EnterpriseWideAgreementEWSS Energy-WideStrategicSourcingFDCCI FederalDataCenterConsolidationInitiativeFEA FederalEnterpriseArchitectureFEDRAMP FederalRiskandAuthorization
ManagementProgramFFP FirmFixedPriceFGDC FederalGeographicDataCommitteeFISMA FederalInformationSecurity
ManagementActGLoB GeospatialLineofBusinessGPEA GovernmentPaperworkEliminationActGSA GeneralServicesAdministrationGSP GeospatialScienceProgramHSPD HomelandSecurityPresidentialDirectiveIDEA InnovativeDepartmentofEnergy
E-GovernmentApplicationsICAM IdentityCredentialampAccessManagementICPT IntegratedContractorPurchasingTeamIM InformationManagementI-MANAGE IntegratedManagementNavigationSystemIOAampT InfrastructureOfficeAutomation
andTelecommunicationsIPT IntegratedProjectTeamIPv6 InternetProtocolVersion6IRM InformationResourcesManagementIT InformationTechnologyLOB LineofBusinessMampO ManagementandOperatingNICE NationalInitiativefor
CybersecurityEducationNIST NationalInstituteofStandards
andTechnologyNNSA NationalNuclearSecurityAdministrationOCIO OfficeoftheChiefInformationOfficerOMB OfficeofManagementandBudgetOampM OperationsandMaintenancePKI PublicKeyInfrastructurePOAampM PlanofActionandMilestonesRMA RecordsManagementApplicationSPI SpectrumPolicyInitiativeSSP SharedServiceProviderSTAR ScienceampTechnologyin
AmericarsquosReinvestment
TransformationSustainability
Innovation
Teamwork Partnerships
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 3of25
tableofcontents
Table of Contents
Message from Michael Locatis Chief Information Officer 5
10 DOE Strategy Overview 6
11 Department of Energy Mission and Goals 6
12 Organization of the Department 6
20 OCIO Strategy Overview 7
21 Office of the Chief Information Officer Mission and Goals 7
22 The Vision of the Chief Information Officer 7
23 Goal Alignment 7
24 Target Opportunities 8
25 IT Investment Portfolio 8
30 OCIO Strategic Goals 9
31 Strategic Goal 1 Leverage Existing IT 10
32 Strategic Goal 2 Foster New and Emerging IT 13
33 Strategic Goal 3 IT Governance Policy and Oversight 15
34 Strategic Goal 4 Risk-Based Cybersecurity 18
Appendix A Strategic Initiatives 23
Appendix B List of Acronyms 25
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 5of25
messagefromthecio
Message from Michael Locatis Chief Information Officer
TheDepartmentofEnergy(DOE)OfficeoftheChiefInformationOfficer(OCIO)has forged valuable partnerships by bringing together internal informationtechnology(IT)resourcesourNationalLaboratoriesandstrategicnetworksmdashbothwithinandoutsideoftheDepartmentmdashtopromoteagency-wideinnovationandeffectiveoperations thatprovide tangiblepositivehigh-valueoutcomesforournationWehaveanaggressiveagendatoaccomplishandareoperatingwithurgencytoenabletheDepartmentalmission The ITstrategyhasbeentransformed to meet the Departmentrsquos demanding need The strategy isdesignedto Leverageexistinginformationtechnologyandexpertisetomaximizemissionaccomplishmentandreducecosts
Identifyandfosternewandemerginginformationtechnologytomaximizemissionaccomplishmentandreducecosts
ProvideDepartmentalITgovernancepolicyandoversightprocessestoensuresecureefficientandcost-effectiveuseofITresources
Ensureacceptablerisk-basedcybersecuritythroughenhancedenterprisesituationalawarenessdevelopmentofnearreal-timeriskmanagementandcombatingadvancedpersistentthreats
Tofurtherassistweareactivelyexecutingthe25PointImplementationPlantoReformFederalITManagementaspartofoureffortsandacriticalelementtoDOEmissionsuccessTheOCIO is committed to supporting the sharing of best practices acrossthe federal IT community Improving federal IT management requires notonly knowing what does not work but identifying what does workmdashandimplementing it LeadingtheDepartmentrsquos ITreforminitiatives isanexcitingprivilegeandweintendtobringaboutpositivetransformationtobetterachievetheDepartmentrsquosuniquemission
6of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
doestrategy overview
10 DOE Strategy Overview
11 Department of Energy Mission and Goals
ThemissionoftheDepartmentofEnergy(DOE)istoensureAmericarsquossecurityandprosperitybyaddressingitsenergyenvironmentalandnuclearchallengesthroughtransformativescienceandtechnologysolutionsGoal 1 Transform Our Energy Systems Catalyze the timely material and efficient transformation of the nationrsquos energy system and secure US
leadershipincleanenergytechnologies
Goal 2 The Science and Engineering Enterprise MaintainavibrantUSeffortinscienceandengineeringasacornerstoneofoureconomicprosperitywithclear
leadershipinstrategicareas
Goal 3 Secure Our Nation Enhancenuclearsecuritythroughdefensenonproliferationandenvironmentalefforts
Goal 4 Management and Operational Excellence Establish an operational and adaptable framework that combines the best wisdom of all Department
stakeholderstomaximizemissionsuccess
InFY2011theDepartmentupdateditsStrategicPlanTheDepartmenthasfurtherintegratedtheStrategicPlanrsquoslong-termand intermediategoals into itsannualperformancebudget ThisperformancestructureestablishesaconcretelinkbetweentheStrategicPlanrsquosgoalsandtheDepartmentrsquosannualbudgetperformancemetricsandperformancereporting
12 Organization of the Department
The mission of the Department is carried out by National Laboratories and technology centers Power MarketingAdministrationsProgramOfficesStaffOfficesoperationsandfieldorganizationstheEnergyInformationAdministrationandtheNationalNuclearSecurityAdministrationSupportingtheseentitiesareover100000federalemployeesandsupportcontractorsDOErsquosorganizationalstructureisdecentralizedandalignedwithitsmultiplemissionsDepartmentseniormanagementprovidesstrategicplansEAplansandguidancetoProgramOfficestoguideprogramplanningdecision-makingandinvesting ProgramOfficialsare responsible foracquiringand implementingapprovedprogramsand investments toachieveperformancegoalsInthiswaytheDepartmentensuresthatwithinthedecentralizedorganizationalstructurealldecisionsandactivitiescontinuetosupporttheoverallstrategicgoalsoftheorganization
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 7of25
ociostrategy overview
20 OCIO Strategy Overview
21 Office of the Chief Information Officer Mission and Goals
ThemissionoftheOfficeoftheChiefInformationOfficer(OCIO)istoenabletheDepartmentofEnergyrsquosurgentmissionsinenergyscienceandnuclearsecuritythroughthepowerofinformationandtechnologyinamannerthatbalancesriskwithrequiredoutcomesinprogramsthatspanfromopensciencetonationalsecurityDOEpromoteseffectiveoperationsbyencouragingperformance-basedmanagementandfacilitatingtherestructuringofmission-andbusiness-relatedprocesseswhereappropriatebeforemakingsignificantITinvestmentstoimprovetheperformanceandcost-effectivenessof theDepartmentrsquos informationmanagementactivities Inaddition theOCIOrsquosOfficeofCybersecurityimplementsandmaintainsacomprehensivecybersecurityprogramthatiseffectiveacrossDOErsquosdiversemissionsandlargearrayofinterdependentnetworksandinformationsystems
Strategic Goal 1 Leverage Existing IT Leverageexistinginformationtechnologyandexpertisetomaximizemissionaccomplishmentand
reducecosts
Strategic Goal 2 Foster New and Emerging IT Identifyandfosternewandemerginginformationtechnologytomaximizemissionaccomplishment
andreducecosts
Strategic Goal 3 IT Governance Policy and Oversight Processes ProvideDepartmentalITgovernancepolicyandoversightprocessestoensuresecureefficientand
cost-effectiveuseofITresources
Strategic Goal 4 Risk-Based Cybersecurity Strengthenenterprisesituationalawarenesstofosternear-real-timeriskmanagementandcombat
the advanced persistent threat forge interagency and sector partnerships to protect criticalinfrastructurepromoteinformationsharingandadvancetechnologiesforcyberdefenses
22 Vision
TheChiefInformationOfficerrsquos(CIO)visionistobetherecognizedpartnerthatbringstechnologyandprogramstogethertounleashthepowerofinformationinachievingtheDOEmission
23 Goal Alignment
InaccordancewithOMBCircularA-130theOCIOstrategicplansupportstheDepartmentrsquosstrategicgoalsanddirectionThetableonpage8showsthealignmentoftheOCIOstrategicgoalstotheDepartmentrsquosfourstrategicgoalsTheOCIOgoalsareeitherdirectlyalignedorasignificantenablerforeachstrategicgoalAdirectalignmentisbasedonaclearlinkagebetweenthecontributionofOCIOgoalstotheaccomplishmentofamissionandanindirectalignment(notedascrosscutting)reflectslinkageswhereOCIOgoalscreatethetechnologicalorinformationsharingenvironmentwithinwhichastrategicmissionorgoalisaccomplished
8of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
ociostrategy overview
AlignmentofOCIOStrategicGoalstoDOErsquosStrategicGoals
DOE Goals
OCIO Goals
Transform Our Energy Systems
The Science and Engineering
Enterprise
Secure Our Nation
Management and Operational
Excellence
Leverage Existing IT DirectCrosscutting
DirectCrosscutting
DirectCrosscutting Direct
Foster New and Emerging IT DirectCrosscutting
DirectCrosscutting
DirectCrosscutting Direct
IT Governance Policy and Oversight Processes
DirectCrosscutting
DirectCrosscutting
DirectCrosscutting Direct
Risk-Based Cybersecurity Direct Direct Direct Direct
24 Target Opportunities
TheOCIOusesstrategicplansandothermanagementtoolstoensurethatITdecisionsmanagementresponsibilitiesandaccountabilityarepositionedtomeettheDepartmentrsquospresentandfutureneedsCoordinated with strategic planning the OCIO uses Departmental processes such as Enterprise Architecture (EA)ITCapitalPlanningand InvestmentControl (CPIC)andtechnologyassessmentprogramsto identifyopportunities toleveragebothexistingandnewtechnologiestosupportDepartmentgoalsTheseprocessesaimtoreduceperformancegapsintheoverallITportfoliobyretiringobsoletesystemsdevelopingnewsolutionsthatprovideimprovedperformanceandsupportingthedevelopmentofreusableapplicationcomponentsThisOCIOStrategicPlanhighlightskey initiativesandthepathforwardWithsuccessful implementationtheactionsdescribedinthisplanwillenabletheDepartmenttobestselectalignandmaximizeitsITresourcestofulfillDOEmission
25 IT Investment Portfolio
EachyeartheDepartmentselectsITinvestmentsthatmeetmissionneedscloseperformancegapsalignwithEAplansandalignwithexternaldriverssuchasOMBrsquos25PointImplementationPlantoReformFederalInformationTechnologyManagementThetablebelowshowsthebreakoutofDOErsquosBudgetYear(BY)2012ITportfoliobasedonDOEstrategicgoals
DOETotalITPortfolioBY2012
DOE Strategic Goal
Total Portfolio Funding
Dollars (in Millions) Percentages
Transform Our Energy Systems 13851 74
The Science and Engineering Enterprise 59406 318
Secure Our Nation 113010 604
Management and Operational Excellence 798 04
Total 187064 1000
As indicatedabove100percentofDOErsquosBY2012portfoliodirectlysupports the fourDOEstrategicgoals The ITportfolioischaracterizedbyawidearrayofinitiativesranginginsizeandsophisticationallofwhichareaimedatmissionaccomplishmentimprovedoperationalefficiencyandsupportofcrosscuttingDepartmentprioritiessuchassustainability
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 9of25
strategicgoals
30 OCIO Strategic GoalsTheOCIOhasITstrategicgoalsandobjectivesthatdriveachievementinDOEmissionandstrategicgoalsupport
Strategic Goal 1 Leverage existing information technology and expertise to maximize mission accomplishment and reduce costs
Objective1 ImplementasecureDOEfederalinfrastructurebyimprovingITservicesintoa best-in-classproviderfrombothatechnicalandbusinessperspective
Objective2 Developacomprehensivebusinessmanagementandcontractingstrategytoreducethecomplexityandimprovetheagilityofinternalandexternalsupportcontracts
[25PointImplementationPlanforFederalITReform]
Objective3 GeneratesubstantialsavingswithinOCIOandacrossDOEthroughtheimplementationofacomprehensiveenterpriseITconsolidationandsustainabilityplan
[DOEStrategicSustainabilityPerformancePlanExecutiveOrder1351425PointImplementationPlanforFederalITReform]
Objective4 Establishthehumancapitalandorganizationalfoundationtocreateahigh-performingorganization [25PointImplementationPlanforFederalITReform]
Strategic Goal 2 Identify and foster new and emerging information technology to maximize mission accomplishment and reduce costs
Objective1 Establishaformalsustainablefederaltechnologydeploymentprogram
Objective2 Identifyandleverageinnovativeservicedeliverymethods [FederalCloudFirstPolicy25PointImplementationPlanforFederalITReform]
Objective3 Identifyandfosteruseofgreentechnologytosupportenergyusereductiongoals [DOEStrategicSustainabilityPerformancePlanExecutiveOrder13514]
Strategic Goal 3 Provide Departmental IT governance policy and oversight processes to ensure secure efficient and cost-effective use of IT resources
Objective1 ImplementandinstitutionalizeareformedintegratedinformationtechnologymanagementgovernanceprocessthattreatsMampOsdistinctivelydifferentthantruefederalentities
Objective2 EstablishandimplementrobustDepartmentalpolicyonITissuesandappropriateIToversightprocesses [Clinger-CohenActDOEOrder2001AOMBCircularsA-11amp130]
Objective3 Revitalizetherecordsmanagementprogramtoraisegeneralawarenessanddevelopplans [FederalRecordsActPaperworkReductionActDOEOrders2431amp243236CFRChapterXIISubchapterB]
Objective4 EstablishstrongcooperativeinternalandexternalpartnershipsthatleadtoeffectiveinformationsharingandamutuallysupportiverelationshiptoachievingtheDOEmissionandapplicablefederalgoals
Strategic Goal 4 Strengthen enterprise situational awareness to foster near-real-time risk management and combat the advanced persistent threat forge interagency and sector partnerships to protect critical infrastructure promote information sharing and advance technologies for cyber defenses
Objective1 Implementaproactivecyberriskmanagementprogramthatensuresappropriateand cost-effectivesecuritytoenablemissionsandmeetlegalOMBandregulatoryrequirements
[FederalInformationSecurityManagementActDOEOrder2051B]
Objective2 ImplementacyberincidentmanagementprogramthatenhancessecurityoffederalandMampOnetworksandprovidesenterprise-widecoordinationandresponse
[FederalInformationSecurityManagementActDOEOrder2051B]
Objective3 Implementanenterprisecontinuousmonitoringstrategytocultivateactionableintelligenceandrapidlyinformmanagementaction
[FederalInformationSecurityManagementActDOEOrder2051B]
Objective4 Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopment [NationalInitiativeforCybersecurityEducation]
10of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
31 Strategic Goal 1
Leverage existing information technology and expertise to maximize mission accomplishment and reduce costs
The OCIO has established comprehensive functions to address policy people and processes related to ITmanagementByworkingfromasoundorganizationalfoundationandfocusingoncontinuousimprovementtomeetnew challenges theOCIOwill leverage an array of existing resources including human capital contractual andorganizationalprocessestoensureeffectiveITmanagementandstrongmissionsupportthroughouttheDepartmentDescriptionsoftargetedoutcomesandactionsrelatedtothisgoalaredescribedbelow
Objective1ImplementasecureDOEfederalinfrastructurebyimprovingITservicesintoabest-in-classproviderfrombothatechnicalandbusinessperspectiveTheOCIOOfficeforEnergyITServices(EITS)hastheresponsibilitytoprovidesharedandcrosscuttingITinfrastructuretothefederal community including theDOE-wide network servers for application anddata hosting secure internet access e-mailservicesfederaldesktopsandhelpdesksupportTheEITSteamworkstoprovideefficientlowcostservicesconsistentwithservicelevelagreementsinplacewithcustomersfromacrosstheDepartmentEITSisfocusedonbecomingtheDOEcommodityservicesproviderofchoice
ESSENTIALACTIONS DevelopanddeployavirtualdesktopinfrastructurecapableofsupportingallDOEfederaldesktopsimprovingtheinterconnectivitybetweenfederalandMampOinformationresourcesandprovidingdevice-agnosticconnectivity
Developafive-yearenterprisetechnologyroadmapthatoutlinesanear-andlong-termtechnologymigrationpathforfutureEITSservices
TaRGETED OuTCOMES
AstandardizedsimplifiedfederalITinfrastructure Reducednumberofcomponentsrequiredtooperate Reducednumberofinfrastructuresitesandfacilities
Strengthenedcybersecurity Sharedservices Increasedoperabilityandefficiency
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 11of25
strategicgoals
Objective2DevelopacomprehensivebusinessmanagementandcontractingstrategytoreducethecomplexityandimprovetheagilityofinternalandexternalsupportcontractsTheOCIOrsquosbusinessmanagementandcontractingstrategywillhavetwomajorelementsestablishinganOperationalInformationTechnologyServices (OITS) contract by late FY (Fiscal Year) 2011and continuedoptimizationof the currentEnterpriseWideAgreements(EWA)ProgramAspartofanoverallITacquisitionframeworktheOCIOseekstoleveragethecostsavingsandmanagementefficienciesthatresultfromacquiringandmanagingcommodityITproductsandservicesaswellascommerciallyavailablesoftwareonagovernment-wide basis Contract administration efficiencies are achieved by reducingmultiple contracts to one and improved pricing isobtainedbyleveragingtheDepartmentrsquostotalbuyingpowerTheOITScontractwillbeestablishedinFY2011toconsolidateandoptimizecommodityITservicesthroughouttheDOEcomplexEmphasiswillbeplacedonmaximizinguseofthiscontracttodecreasetheDOErsquosITtotalcostofownershipThiscontractwillalsobestructuredtominimizesubcontractingThe OCIOrsquos EWA Program is a collection of optional-use strategic sourcing contracts for common-use software hardwareandservicesusedwithin ITorganizationsacross theDepartment TheEWAProgram isstructuredtoallowuseby theentireDOEcomplexincludingDOEProgramOfficesStaffOfficesFieldSitesNationalLaboratoriesandPowerAdministrationsandsupportsandcomplieswiththeEnergy-WideStrategicSourcing(EWSS)ProgramFederalSmartBUYinitiativeClinger-CohenActandotherlegislativeandDOEpolicies
ESSENTIALACTIONS DriveincreaseduseofboththeOITScontractandtheEWAProgramthroughanaggressive stakeholdercommunicationsandmanagementprogram
Reduceadministrativecostofadministeringcontractsbydocumentingandautomatingprocesses OptimizetheEWAprogramtocreatemorecosteffectiveoptionsforourcustomers AwardnewITsupportservicescontractforcurrentIT
TaRGETED OuTCOMES
MaximizedbuyingpowerandreducedtotalcostofITownershipbyattainingoptimalpricingthroughtheaggregationofsoftwarerequirements
StreamlinedacquisitionprocesstoincreaseITcontractadministrationefficienciesthroughconsolidationopportunitiesoflegacyITcontractsintosinglecontractvehiclesandenterpriselicenseagreements
Objective3GeneratesubstantialsavingswithinOCIOandacrossDOEthroughtheimplementationofacomprehensiveenterpriseITconsolidationandsustainabilityplanByconsolidatingITinfrastructureasdirectedintheFederalDataCenterConsolidationInitiative(FDCCI)andthroughthecontinuedimplementation and evolution of the Departmentrsquos Strategic Sustainability Performance Plan (SSPP) the Departmentwill cutcostswhilereducingitscontributionoffederalgreenhousegasesTheSSPPcontainselectronicstewardshipgoalsthatfocusonconsolidatingandreducingdatacentersandimplementingimprovementsintheenergyuseatdatacentersTheOCIOhasDepartmentalleadershipresponsibilityfortheseeffortsandispursuingactivitiestoconsolidateITservices
ESSENTIALACTIONS LeadaDepartment-wideefforttoidentifyandconsolidatecommodityITservices Developandimplementafederaldatacentermodernizationandconsolidationplan Reducethenumberoffederaldatacentersbysix(6)byFY2015
TaRGETED OuTCOMES
Reducednumberofdatacenters Reducedrealestatefootprint Reduceddatacentercosts
Realizedenergysavings Increasedresource-utilizationrates ReducedcostsofcommodityITservices
12of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Establishthehumancapitalandorganizationalfoundationtocreate ahigh-performingorganizationTheOCIOrecognizesthestrategicmanagementchallengerequiredtohireandretainahighly-skilledITworkforceandisworkingtoaddressthecriticalityofstrengtheninghumancapitalasadriverfororganizationaleffectivenessTheOfficeofManagementandBudget(OMB)hasidentifiedaspecifichuman-capitalinitiativethatisdirectedtowardaligningaprofessionalworkforceinsupportofaDepartmentrsquosmissiongoalsandstrategiesTheOCIOhasdevelopedrecruitmentrequirementstofocuseffortsonidentifyingqualifiedcandidateswhoareabletoeasilyadapttochangesbroughtaboutbynewtechnologiesandiscurrentlyidentifyinggapsinskillsandabilitiesofthecurrentworkforcedevelopinghiringplanscreatingtrainingandprofessionaldevelopmentplansanddocumentingnewefficientbusinessprocessesInadditioninitiativeshavebeenimplementedtofocusonmaximizingemployeeperformancebyinstitutingdevelopmentprogramsandenrichmentopportunitiesthatmotivateandinspireemployeesTheOCIOwillcontinuetorecruitandretainnewtalentforcriticalmanagementandmission-criticalpositionsinordertoachievekeyobjectivesAspartofitsstrategicplanningtheOCIOhasestablishedrolesandresponsibilitieshigh-levelprocessflowsandanorganizationstructuretopositionitselftobecomeahigh-performingorganization
ESSENTIALACTIONS Leveragepasteffectivenessefficiencyreviewsandneworganizationalandskillsassessmentstoidentifyplan andimplementchangestorolesresponsibilitiesandreportingrelationships
Re-alignexistingpersonnelresourcestomoreeffectivelymatchexistingskillstorequirements Rapidlyhiretop-qualitypersonnelasgapsareidentifiedparticularlyseniorstaffpositions Strengthenperformance-basedpersonnelmanagement Implementanewperformance-managementsystemtobetterrecognizeandrewardsuperiorperformance ensuringahigh-performingandaccountableworkforce
Implementaperformanceframeworkforaccountabilityattheemployeelevel Implementacomprehensivetrainingprogramtocloseskillgapsandsustaintechnicalcompetence
TaRGETED OuTCOMES
AlignedworkforceskillstoDOEmissionsandpriorities Increasedprofessionaldevelopmentwithin thefederalworkforce
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 13of25
strategicgoals
32 Strategic Goal 2
Identify and foster new and emerging information technology to maximize mission accomplishment and reduce costs
ThisstrategicgoalidentifiestheareasoffocusandtheprocessesbywhichnewandemergingtechnologyisassessedandcanbecomeanenablertoachievingtheDOEmissionTheOCIOrsquosroleinthisareaistosupportProgramsacrosstheDepartmenttoidentifyandfostertheacquisitionanduseofemergingITtoleveragenewcapabilitiesandrethinkhowtomanagecommunicateandinteractwithdepartmentalinformation
Objective1EstablishaformalsustainablefederaltechnologydeploymentprogramTheOCIOprovidesexpertiseand leadership topartnerorganizationsacross theDepartment in the identificationofnewandemergingtechnologythatisusefulinsupportingthemissionTosupportthisfunctionaChiefTechnologyOfficerhasbeenplacedandanOCIOOfficeofCorporateProjectshasbeenstooduptocoordinatepartnershipoutreachandtechnologyresearchefforts
ESSENTIALACTIONS Developandimplementatechnologyinnovationprocesstoensurewell-formedinputandhandoffs toITactivitiesacrosstheDepartment
DefineaprocessforeffectivelymanagingprojectswithintheOCIO RefinetheDOEITStrategicRoadmapprocess ExpandtheOCIOrsquostechnologyoutreachandleadershipviaaseriesofsummits
TaRGETED OuTCOMES
Reducedcostofmissionaccomplishmentsduetomoreproductivetoolsandprocesses
Improvedknowledgesharing
14of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2IdentifyandleverageinnovativeservicedeliverymethodsTheOCIOcontinuallymakesanefforttoprovidenecessarymissionsupportatthelowestpossiblecostandinthemosttransparentmannerByleveraginginnovativeservicedeliverymethodssuchason-demandinfrastructureviacloudcomputingtheDepartmentgainsflexibilityinmissionsupportatlowpredictablecostsTheDepartmentrsquoscloudcomputinginitiativeisfollowingtheFederalGovernmentrsquoscloudcomputingdirectionforpursuingcloudasthepreferredchoiceincapitalprojectsThisinitiativealsosupportstheFederalRiskandAuthorizationManagementProgram(FEDRAMP)certificationofprivatesectorcloudalternativesThisinitiativeiscloselylinkedtootherinitiativesincludingsustainabilityanddatacenterconsolidation
ESSENTIALACTIONS IdentifyandevaluateservicedeliverymethodsforuseatDOE Implementcloudcomputingservicedelivery Identifyandprovidebestpracticesincloudcomputingacquisition Developasourcingstrategyforinnovativeandemergingtechnologiessuchascloudcomputingvirtualizationmobilecomputingetc
TaRGETED OuTCOME
ReducedcostsofITcommodityservicesduetoincreaseduseofcloudcomputing andotherinnovativeservicedeliverymethods
Objective3IdentifyandfosteruseofgreentechnologytosupportenergyusereductiongoalsConsistentwiththeoverarchingstrategyofchangingthelandscapeofenergysupplyanddemandtheSecretaryhasestablishedenergyconsumptionreductiontargetsfortheagencyHistoricallyIToperationshavealwaysrequiredsignificantenergyinputsHowevernewtechnologiesandstrategiesareconstantlybeingdevelopedforenergyefficient ITserviceandoperations TheOCIOiscommittedtoidentifyingandleveragingnewtechnologyandtechniquestoensurethatITisasignificantcontributortothereductionofenergyconsumptionDepartment-wideTheOCIOispursuingactivitiestoimplementsoundITenergymanagementpracticesthatwillresultinreducedairconditioningcostsandsubstantialenergysavings
ESSENTIALACTIONS Promoteenergyconservationandpaperwastereductionbyraisingawarenessofpreferredalternativessuchassharedprintersandduplexprintingandtheuseofworkplacemulti-functiondevices
Reduce(metered)electricityconsumptiontoreflectofficeanddesktoppowermanagement ImproveDepartment-widepowermanagementofdesktopcomputersprintersetc IdentifyimproveddatacenterandspaceplanningthroughtheEnergySavingscontractandpublic-privatepartnerships
TaRGETED OuTCOME
ReducedDepartment-wideenergyconsumptionandintensitybyFY2015nolessthan30onaverageacrosstheentireDepartmentrelativetotheDepartmentrsquosenergyuseinFY2003
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 15of25
strategicgoals
33 Strategic Goal 3
Provide Departmental IT governance policy and oversight processes to ensure secure efficient and cost-effective use of IT resources
TheOCIOprovidesleadershipandcoordinationforDepartmentalITmanagementthrougheffectiveITgovernanceprovisioning of IT policy and the implementation of IT oversight processes related to enterprise architecture ITinvestmentmanagementandothercrosscuttingITfunctionsBypartneringwithDOEProgramsingovernanceandoversightprocessestheOCIOensuresthatITservicesandassetsremainalignedwithmissionneeds
Objective1ImplementandinstitutionalizeareformedintegratedinformationtechnologymanagementgovernanceprocessthattreatsMampOsdistinctivelydifferentthantruefederalentitiesTheOCIO is actively redesigning ITgovernancearound its strategicgoals andobjectivesanddoingawaywith thedisparateITgovernancemechanisms thatareoftenuncoordinatedand result inpoormanagement TheOCIO is rethinking itscurrentgovernancestructureandwill refocusandcoordinategovernancegroups toensureappropriateparticipationownershipandaccountability
ESSENTIALACTIONS ReviewandaddressITissuesusingtheappropriategovernancegroups IntegrateandalignexistinggovernancegroupsincludingtheInformationManagementGovernanceCouncilInformationTechnologyCouncilandassociatedworkinggroups
TaRGETED OuTCOME
Establishmentofcoordinatedgovernancegroupsandprocesseswithappropriateauthoritiesrolesandresponsibilities
16of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2EstablishandimplementrobustDepartmentalpolicyonITissues andappropriateIToversightprocessesAsadecentralizedDepartmentindividualProgramsandsitesacrosstheDOEcomplexperformtheacquisitionandmanagementofITresourcesTheOCIOisresponsibleforestablishingpolicyandstandardsandoverseeingDepartmentalITmanagementtotheappropriatedegreenecessarytoensureconsistencyinteroperabilityandsecurityImplementing IToversightprocessesensures that theDepartmentrsquosportfolioof IT investments fully addressDOErsquosbusinessneedsandstrategiesTheOCIOhassuccessfullyimplementedTechStataface-to-faceevidence-basedaccountabilityreviewofanITinvestmentresultinginconcreteactionstoevaluateITinvestmentsandtoaddressweaknessesandturnaroundtroubledinvestmentsTechStatisvitaltotheDepartmentrsquosabilitytoimproveline-of-sightbetweenteamsandseniormanagementandfacilitates closermanagement of IT project progresswith the ability to identify and address performance issues before theybecomecostlytofix
ESSENTIALACTIONS ReviewandupdateITpolicyandguidancetoaddresschangesinrequirements Identifyandaddressrequirementsfornewpolicyandguidanceinatimelymanner IdentifyHeadquarterandFieldinvestmentstobeincludedintheTechStatReviews ConductTechStatreviewsregularlyattheHeadquarterandProgramlevels MapOCIOpolicytointernalandexternalrequirements AddressgapstoensurethatasoundframeworkforITmanagementisestablished
TaRGETED OuTCOMES
Maintainedcompletedandup-to-datepolicyandguidanceonITacquisitionandmanagement EstablishedappropriateIToversightprocesses
IncreasedprecisionofongoingmeasurementofITinvestmenthealth Improvedaccountabilitywithfocusonconcreteactionstoimproveperformance
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 17of25
strategicgoals
Objective3RevitalizetherecordsmanagementprogramtoraisegeneralawarenessanddevelopplansTheDepartmenthasarenewedandreinvigoratedemphasisoncomprehensivefederalrecordsmanagementatDOEInaneraofrapidlychangingtechnologyrecordsarebeingcreatedandstoredinawidevarietyofformatsandmediaTraditionalprocessesofrecordsmanagementmustbeupdatedtoaddressthischangingenvironmentTheSecretaryofEnergyandtheDepartmentarededicatedtohavingacomprehensiverecordsmanagementprogramwherebythesystematiccontrolofthecreationmaintenancestorageanddispositionoffederalrecordsareensuredthroughtheestablishmentof andadherence to standardizedpoliciesprocesses and the trainingof federal staff andcontractors TheOCIOprovidesDepartmentalleadershipandcoordinationofthiseffort
ESSENTIALACTIONS DevelopaDepartmentRecordsManagementTacticalPlan Developarecordsinventoryanddispositionschedulelifecyclemanagementplan DevelopanddeployaDepartmentRecordsManagementTrainingcurriculum ProviderecommendationsfordocumentmanagementsystemsandRMAsystemscurrentlyavailable
TaRGETED OuTCOMES
EnsureduniformcompliancewithrecordsmanagementlawsandpracticesthroughDepartmentalrecordsmanagementgovernance UpdatedRecordsManagementpolicyviaanimprovedDOEOrder2431(B)thataddressespreviousshortcomingswithregardstorecordsmanagementandvitalrecordsgovernancemanagementandtraining
Developedcomprehensive(required)recordsmanagementtrainingthatensuresallDOEemployeesandcontractorsunderstandrecordmanagementrequirements ImplementRecordsManagementApplications(RMA) toensurethecontrolandmanagementofallldquopermanentrdquoandldquonon-permanentrdquorecordsacrosstheDepartmentincludinge-mail
Objective4EstablishstrongcooperativeinternalandexternalpartnershipsthatleadtoeffectiveinformationsharingandamutuallysupportiverelationshiptoachievingtheDOEmissionandapplicablefederalgoalsTheOCIOexercisesleadershipwithinandoutsidetheDepartmentthroughpartnershipsinsupportofAgencyandFederal-wideinitiativesSuchmutuallysupportivepartnershipsfostertrustandcommunicationandleadtotheidentificationofITmanagementbestpractices
ESSENTIALACTIONS EstablishmutuallysupportiverelationshipswithDOEProgramOfficesfunctionalmanagersandMampOCIOs Establishmutuallysupportiverelationshipswithotherfederalagencies
TaRGETED OuTCOMES
OCIOisarecognizedbusinesspartnerofDOEProgramOfficesfunctionalmanagersandMampOCIOs
ImprovedmanagementoffederalandprivatesectorpartnerinitiativessuchascloudcomputingIPv6andtheFederalRiskAuthorizationandManagementProgram(FedRAMP)
18of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
34 Strategic Goal 4
Strengthen Enterprise Situational Awareness to Foster Near-Real-Time Risk Management and Combat the Advanced Persistent Threat
Forge Interagency and Sector Partnerships to Protect Critical Infrastructure Promote Information Sharing and Advance Technologies for Cyber Defenses
TheDepartmentrsquosstrategicpathforwardforcybersecurityalignswithAdministrationprioritieswhichincludedeliveringsector-focusedcybersecuritysolutionstotheDefenseIndustrialBase(DIB)andprovidingleadershipintheexecutionoftheComprehensiveNationalCyberSecurityInitiative(CNCI)
We know that to achieve itsmissions DOEmust be forward-focused in defending its diverse infrastructure andbroadrangeofinformationassetsIncollaborationwithourNationalLaboratoriesandinter-agencypartnersweareleadingthetechnologicaladvancesnecessarytosecureoureconomicfutureanddefendGovernmentandcriticalinfrastructurefromincreasinglysophisticatedcyberattacks
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 19of25
strategicgoals
Objective1Implementaproactivecyberriskmanagementprogramthatensuresappropriateandcost-effectivesecuritytoenablemissionsandmeetlegalOMBandregulatoryrequirementsTheOCIOisleadingthedevelopmentoftheDepartmentrsquosRiskManagementApproach(RMA)fortheDepartmentrsquosCyberSecurityProgram(CSP)Thisapproachinstitutionalizesmission-focusedriskmanagementandlinemanagementaccountabilityforensuringappropriateprotectionofDOEinformationandinformationsystemsTheRMAandtheCSPrepresentanextensivecollaborativeeffortthatexemplifiestheDepartmentrsquosStrategicGoaltoldquoEstablishanoperationalandadaptableframeworkthatcombinesthebestwisdomofallDepartmentstakeholderstomaximizemissionsuccessrdquoTheRMAimplementsthefourcomponentsofriskmanagement(framingassessingrespondingandmonitoring)atallDOEorganizationlevelsTheOCIOpartnerswiththeOfficeofIntelligenceandCounterintelligence(IN)andtheIntelligenceCommunitytosharecriticalthreatinformationwiththeFederalcommunityacrosssecuritydomainsandrapidlyinformDOEprogramriskmanagementdecisionstoprotectagencyassetsTheOCIOwillcontinuetoexpandtheseeffortswhileleveragingadvancedresearchanddevelopmentcapabilitiestomitigatethefullspectrumofthreatsTheRMAdefinesgovernanceandprocessesfor assessingthreatsanalyzingrisksandsharingriskinformationthroughthecorporateriskexecutive informingrisk-baseddecisionsthatconsidermissionassuranceandcost-effectiveriskmitigationstrategiesprovidingtheappropriatebenefitfromavailablecybersecurityresourcesfirst
conveyingassuranceandconductingoversightand ensuringconsistencywithguidelinesfromtheNationalInstituteofStandardsandTechnology(NIST)andCommitteeonNationalSecuritySystems(CNSS)cyberrequirementsprocessesandprotections
TheRMAwillimplementautomatedenterpriseGovernanceRiskandCompliance(eGRC)capabilitiestoimprovedatacollectionaggregationand reportingThiseffortwill reducecosts re-direct resourcesandmanagement focus towardsoperationsandimproveOCIOcustomerservice
ESSENTIALACTIONS IdentifyanddocumentexistingRMAcapabilitiesincludingContractorAssuranceSystemssolutionsthatcouldbeleveragedinthetargetEnterprisecapability
FinalizeRMAmanagementplantoprograminputsfromSeniorDOEManagement ConductanddocumentRMAmaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimprovedRiskManagementdecisionsupport
TaRGETED OuTCOMES
Increasedresourceefficiencyandautomation Improvedsecuritypostureandenterprise situationalawareness
Increasedmissionassurancebetterinformed riskmanagementdecisions
20of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2ImplementacyberincidentmanagementprogramthatenhancessecurityoffederalandMampOnetworksandprovidesenterprise-widecoordinationandresponseThe OCIO is partnering with the NNSA OCIO the NationalLaboratoriesand INtodeveloptheDepartmentrsquosnextgenerationincidentmanagementcapabilityThis initiativeknownastheJointCyberSecurityCoordinationCenter(JC3)willintegrateDepartmentalincidentmanagementcapabilitiesintoacoordinatedresponseentitytoprovidefrontlinecyberdefenseandDepartment-levelsituationalawareness JC3 will strengthen DOErsquos role as a leader in thenational-level cybersecurity community through the timely sharingof DOE-derived cyber threat information with other agenciesJC3 will facilitate the aggregation correlation and deconflictionof inputs fromDepartment-wide sensor networks and other datasourcesprovidescomputer forensicanalysisandconductattacktrending tracking and mitigation of Advanced Persistent ThreatJC3 will coordinate incident management activities (Fxhibit 1)includingpreventiondetectioncontainmentandrecoveryforDOEElementsandcoordinatecommunicationsonbehalfoftheagencyfor cybersecurity events and emergency responsewithUS-CERTandagencypartners
ESSENTIALACTIONS IdentifyanddocumentexistingDOEIncidentManagementcapabilitiesincludingMampO-sponsoredsolutionsthatcouldbeleveragedintheJC3
DevelopJC3governancemodeltoincludeviableout-yearfundingmodel FinalizeprogrammanagementimplementationplanincludeplanforcoordinationofManagementExecutiveCouncil-DOECyberResearchandDevelopment(RampD)AdvanceTechnologiesinitiative
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimproveddecisionsupport
TaRGETED OuTCOMES
DocumentedenterprisebaselineofrequirementsmapexistingcapabilitiesincludingNationalLaboratoriesrsquoresourcesandexpertise ImprovedDOEenterpriseandGovernment-widecoordinationforresponsetosignificantcyberevents andAdvancedPersistentThreat
Improvedenterprise-wideeventmanagementreporting ImprovedleveragingofRampDandadvancedtechnologiestodetectandpreventcyberattacks
Preparationamp Prevention
Recover Era
dicat
e
ContainDet
ect
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
Figure1IncidentManagementLifecycle
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 21of25
strategicgoals
Objective3ImplementanenterprisecontinuousmonitoringstrategytocultivateactionableintelligenceandrapidlyinformmanagementactionOMBandFederalagencieshave increasingly recognized the limitedvalueofpoint-in-timesecurityauthorization for informingriskdecisionsandachievingeffectiveriskmanagementTheOCIOisleadingagencyeffortstodevelopContinuousMonitoring(CM)strategiesthatmoreeffectivelydirectandutilizeresourcesinprotectingagencyassetsThisCMprogramwillleveragetheRMAandshareOCIOeGRCcapabilitiestocultivateactionableintelligenceandenhancedecisionsupportfortheDOEanditsstakeholdersInimplementingtheCMprogramtheOCIOwill Identifyenterprise-levelCMinputsnecessarytobuildenterprisesituationalawarenessandinformriskmanagementdecisionsinnear-realtime(egthreatinformationstakeholdercommunicationflowsmissiondataetc)
Definetheprocessandperiodicityforreviewingandupdatingpoliciesstandardsandprocedurestomaintaincompliancewithcurrentstatutoryandregulatorydrivers
DescribehowCMdatawillbeaggregatedcorrelatedandanalyzedtoproduceactionableintelligenceandinformriskdecisionsincludingreporting
DevelopaCMImplementationPlanthat leveragesexistingresourcesfirst deploysinphasestocapturevaluequickly describesknowledgechainsandvaluepointsfororganization
AssessandmeasureprogrammaturitydevelopprocessesforcontinuousprogramimprovementtoincludeinnovationthroughRampDandadvancedtechnologiesoptimizationandlifecycleintegration
ESSENTIALACTIONS Identifyanddocumentgovernancecompliancerequirementsmodelsandprocessesthatimpactandcontributetocontinuousmonitoring
DevelopenterpriseCMStrategytoincludeincorporationofadvancedtechnologiesandinformationsharingwithinDOEorganizationsandexternallytotheFederalcommunity
ConductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyofCMStrategy
TaRGETED OuTCOMES
Integratedmulti-tiercontinuousmonitoringstrategythataddressesgovernanceenterpriseservicesandsystem-levelimplementation
AutomatedcommonreportingprocessforDOEHeadquartersProgramandSiteOffices InformedriskdecisionsusingcriticaldataflowsthatareidentifiedandincorporatedintoCMplans
22of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopmentNational workforce education and development initiatives such as the National Initiative for Cybersecurity Education (NICE)continue to underscore the critical importanceofwell-trained and capable cybersecurityworkforce to execute theprogramsthat support risk management and enable mission operations The OCIO is leading the enhancement of the Departmentrsquoscybersecurity trainingandworkforcedevelopmentprogram includingpartneringwithDepartmentofDefense to reducecostsbyleveragingtrainingresourcesThiseffortincludesamultiyearmulti-prongedapproachtowarddevelopingandmaintainingatrainingrepositorythatmapstrainingtocriticalcybersecurityrolesandindividualswithsignificantsecurityresponsibilitiesTheprogramiscentrallymanagedthroughtheOCIOandwillprovideafullscopeofadvancedtrainingresourcesandcapabilitiestoassistallDOEElements
ESSENTIALACTIONS DevelopenterpriseCybersecurityTrainingImplementationPlan Establishcommunicationsplantoensurecriticalrolesaremappedtoindividualsindividualtrainingplansareestablishedandcompletionratesaretracked
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyoftrainingprogram
TaRGETED OuTCOMES
Increasedworkforceawarenessandcapability improvedmitigationofinsiderthreat Improvedsecuritypostureandworkforcealignment withmissionpriorities
Identificationofkeycybersecurityroleswithineachorganizationincludingdocumentationofindividuals withsignificantsecurityresponsibility
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 23of25
appendix
Appendix A Strategic Initiatives
IdentityCredentialampAccessManagement(ICAM)This initiative establishes a framework for implementation of a variety ofidentity verification and access management capabilities It addressesrequirements related to HSPD-12 and enhances existing Public KeyInfrastructure (PKI) capabilities These key technologies enable theexchangeoftrustedidentitiesacrossDOEandwithotheragencypartnersHSPD-12 - This investment brings the Department in compliance withHomeland Security Presidential Directive 12 The initiative provides anenterprisestandards-basedauthenticationandauthorizationinfrastructurethatofferssecureseamlessbusinesstransactionsandinformationexchangewithinDOEandacrossmanydisparateagenciesandorganizationsTheprogramwillreduceexistinglogicalandphysicalsecurityvulnerabilitiesandmitigate risks toestablish theprerequisite levelofsecurity forcriticalenterprisebusinessfunctionsBoththetechnologysolutionsandongoingsupport providedby the initiativewill enableDOE to ensure that systemusers are who they claim to be (authentication) allow effective use ofdigitalsignatures(dataintegrityandaccountability)andrestrictaccesstoappropriatelyauthorizedusers(accesscontrol)PKI -ThemissionofPKISupportServicesistoprovideelectronicservicesrelated to authentication confidentiality privacy data integrity and non-repudiationthroughtheuseofdigitalidentitiesdigitalsignaturesandtwo-factorauthenticationtokensTheseservicesareavailabletoallcustomersthathaveavalidbusinessneedtosecureandtransmitsensitiveDepartmentdataandortherequirementtopositivelyidentifythemselvestoDepartmentresources
TaRGETED OuTCOMES ProvideastandardizedDOEIDCardcompliantwithHSPD-12andcapableofsupportingphysicalandlogicalaccessrequirementssuchascryptographicstorageofdigitalcredentialsintegratedstandards-basedbuildingproximitysupportandaprintedformatthatcomplieswithfederalIDcardrequirements EnhanceapublickeyinfrastructuresolutionthatcomplieswithfederalstandardsandsupportsDOErequirementsforconfidentialityintegrityandauthenticity ImplementanIIdentityCredentialandAccessManagementsolutionthatservesasthebasisofacommonsecurityinfrastructurethatcansupportdiversesystems EnsureDOEpublicexternalfacingserversand(web-enabled)servicestouseIPv6bytheendofFY2012
SustainabilityandFederalDataCenterConsolidationInitiativeThis initiative addresses requirements under the Federal Data CenterConsolidation Initiative (FDCCI) anOMB led initiative to consolidate andreducethenumberoffederaldatacentersItalsosupportsDepartmentalenergy reduction and sustainability goals as documented in the DOEStrategicSustainabilityPerformancePlanDatacenterreductiongoalswillbeachievedthroughincreasedefficienciessuchastheuseofvirtualizationconsolidation of requirements and implementation of increased use ofcloudcomputinginfrastructureasaservice
TaRGETED OuTCOMES ReducethenumberofDOEfederaldatacentersby6by2015
PerformanceManagementDashboardsThePerformanceManagementDashboards initiativeworkswithProgramOffices to develop business intelligence systems that inform seniorDOEmanagement about the effectiveness and efficiency of its program andfinancials This initiative also includes the development of Science ampTechnology in Americarsquos Reinvestment Metrics (STAR METRICS) formeasuring the effect of research on innovation competitiveness andscienceWhilethisinitiativeisintheearlystagesthegoalistouseProgramOfficeintelligencesystemstoleveragecontractorassurancesystemsandimprovethetransparencyofMampOcontractorperformance ThiswillprovideDOESenior Management visibility into contractor project performance muchearlierenablingimprovedperformancemanagement
TaRGETED OuTCOMES EstablishDOEintelligencesystemsthatprovidetransparencyandvisibilityintoprogramandfinancialperformance ProvideSeniorDOEManagementtimelyperformanceinformationtosupportdecision-makingviathePerformanceDashboards
24of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
appendix
FinancialAssistanceThe US Department of Energy (DOE) provides a significant amount offinancialassistancetosupportinnovationandprogressforAmericarsquosenergyscientificandnationalsecurityneedsevaluatingthousandsofapplicationseachyearandawardingbillionsofdollarsinfinancialassistanceDuetotheimportanceofDOErsquosinvestmentsandtheimpactofourresearchportfolioinsupportingournationalobjectivesandDOErsquosstrategicplantheDOEDeputySecretaryandOperationsManagementCouncildirectedtheOCIOtoconductanevaluationoffinancialassistancesystemswithinDOEto determine the scope of the opportunity to modernize the underlyingsystemsand services in support of financial assistanceprogramsat theDepartmentCurrentlyDOEreliesonamixofsystemsandprocessestoadministerfinancialassistanceawardsrangingfromin-housetooutsourcedproducts and has no single system or tool tomanageDOErsquos completeinvestmentportfolioAsaresulttheOCIOhasevaluatedfinancialassistancetechnologysolutionstoidentifyanoptimalapproachcontinuingourroleofprovidingtechnologyleadershippromotinginnovationandeffectiveoperationsacrossDOETherecommendationspromoteamoreintegratedenvironmentforcoordinatingexecutive insight into thefinancialassistanceactivitiesat thedepartmentandenablegreatertransparencyIn addition the effort promotes DOErsquos federal leadership initiatives suchas the STAR METRICS program which provides a common empiricalframeworktoidentifyoutcomesofresearchinvestmentsandpromotestheDepartmentrsquoscommitmenttoscienceandinnovation
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)TransitionThe IPv6 Transition initiative ensures DOE infrastructure and applicationlifecyclemanagement is aligned with the technical imperative and OMBdirectiontopreparefederalagenciestouseInternetProtocolVersion6by2014(OMBMemorandum92810)Agencydeadlinesinclude Upgradepublicexternalfacingserversandservices bytheendofFY2012
UpgradeinternalclientapplicationsbytheendofFY2014
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummitsTheOCIOhostsaseriesofsummitsfocusedonadvancedtechnologyandinnovationeffortsacrosstheDepartmentanditspartnerstohighlightwaysinwhichtheseactivitieshelpussucceedinourmissionandcontributetosuccessoftheNationrsquosgoalsandgrandchallengesThiseffortcontinuestheOCIOrsquosroleofpromotinginnovationshowcasingtechnologyleadershipandidentifyingopportunitiestomodernizeservicesandleveragethepowerof itThrough these types of forums opportunities are communicated anddiscussedinanopencollaborativeenvironmentandinitiativesacrossDOEcanbebroughttogethertopromotecollaborationandinformationsharingIndividuallysummitsprovidetopical-baseddiscussionsusecasesandbestpractices thatare linkedtoDOEandtheOCIOrsquoscontinualmodernizationandtechnologyreuseinitiativesandcreategreaterawarenessofthewaysweengageinourmissionOrganizationsparticipate fromacross theDOEenterprise includingotherfederalagenciesaswellaspublicandprivatepartnersandthesediscussionsprovide an opportunity to share stores and success helping identifycommonalitiesaswell asanunderstandingof theuniquecircumstancesencounteredbyindividualmissionsandoffices
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 25of25
appendix
FinancialAssistance
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)Transition
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummits
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
Appendix B List of Acronyms
ARB ArchitectureReviewBoardBRM BusinessReferenceModelCAM CorporateAssetManagementCampA CertificationandAccreditationCFO ChiefFinancialOfficerCIO ChiefInformationOfficerCHRIS CorporateHumanResource
InformationSystemCNCI ComprehensiveNational
CybersecurityInitiativeCNSS CommitteeforNationalSecuritySystemsCOTS CommercialOfftheShelfCPIC CapitalPlanningandInvestmentControlCRB CorporateReviewBudgetDIB DefenseIndustrialBaseDoe Department of energyEA EnterpriseArchitectureEATP EnterpriseArchitectureTransitionPlanEAWG EnterpriseArchitectureWorkingGroupEITS EnergyITServicesESNet EnergyScienceNetworkEVM EarnedValueManagementEWA EnterpriseWideAgreementEWSS Energy-WideStrategicSourcingFDCCI FederalDataCenterConsolidationInitiativeFEA FederalEnterpriseArchitectureFEDRAMP FederalRiskandAuthorization
ManagementProgramFFP FirmFixedPriceFGDC FederalGeographicDataCommitteeFISMA FederalInformationSecurity
ManagementActGLoB GeospatialLineofBusinessGPEA GovernmentPaperworkEliminationActGSA GeneralServicesAdministrationGSP GeospatialScienceProgramHSPD HomelandSecurityPresidentialDirectiveIDEA InnovativeDepartmentofEnergy
E-GovernmentApplicationsICAM IdentityCredentialampAccessManagementICPT IntegratedContractorPurchasingTeamIM InformationManagementI-MANAGE IntegratedManagementNavigationSystemIOAampT InfrastructureOfficeAutomation
andTelecommunicationsIPT IntegratedProjectTeamIPv6 InternetProtocolVersion6IRM InformationResourcesManagementIT InformationTechnologyLOB LineofBusinessMampO ManagementandOperatingNICE NationalInitiativefor
CybersecurityEducationNIST NationalInstituteofStandards
andTechnologyNNSA NationalNuclearSecurityAdministrationOCIO OfficeoftheChiefInformationOfficerOMB OfficeofManagementandBudgetOampM OperationsandMaintenancePKI PublicKeyInfrastructurePOAampM PlanofActionandMilestonesRMA RecordsManagementApplicationSPI SpectrumPolicyInitiativeSSP SharedServiceProviderSTAR ScienceampTechnologyin
AmericarsquosReinvestment
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 3of25
tableofcontents
Table of Contents
Message from Michael Locatis Chief Information Officer 5
10 DOE Strategy Overview 6
11 Department of Energy Mission and Goals 6
12 Organization of the Department 6
20 OCIO Strategy Overview 7
21 Office of the Chief Information Officer Mission and Goals 7
22 The Vision of the Chief Information Officer 7
23 Goal Alignment 7
24 Target Opportunities 8
25 IT Investment Portfolio 8
30 OCIO Strategic Goals 9
31 Strategic Goal 1 Leverage Existing IT 10
32 Strategic Goal 2 Foster New and Emerging IT 13
33 Strategic Goal 3 IT Governance Policy and Oversight 15
34 Strategic Goal 4 Risk-Based Cybersecurity 18
Appendix A Strategic Initiatives 23
Appendix B List of Acronyms 25
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 5of25
messagefromthecio
Message from Michael Locatis Chief Information Officer
TheDepartmentofEnergy(DOE)OfficeoftheChiefInformationOfficer(OCIO)has forged valuable partnerships by bringing together internal informationtechnology(IT)resourcesourNationalLaboratoriesandstrategicnetworksmdashbothwithinandoutsideoftheDepartmentmdashtopromoteagency-wideinnovationandeffectiveoperations thatprovide tangiblepositivehigh-valueoutcomesforournationWehaveanaggressiveagendatoaccomplishandareoperatingwithurgencytoenabletheDepartmentalmission The ITstrategyhasbeentransformed to meet the Departmentrsquos demanding need The strategy isdesignedto Leverageexistinginformationtechnologyandexpertisetomaximizemissionaccomplishmentandreducecosts
Identifyandfosternewandemerginginformationtechnologytomaximizemissionaccomplishmentandreducecosts
ProvideDepartmentalITgovernancepolicyandoversightprocessestoensuresecureefficientandcost-effectiveuseofITresources
Ensureacceptablerisk-basedcybersecuritythroughenhancedenterprisesituationalawarenessdevelopmentofnearreal-timeriskmanagementandcombatingadvancedpersistentthreats
Tofurtherassistweareactivelyexecutingthe25PointImplementationPlantoReformFederalITManagementaspartofoureffortsandacriticalelementtoDOEmissionsuccessTheOCIO is committed to supporting the sharing of best practices acrossthe federal IT community Improving federal IT management requires notonly knowing what does not work but identifying what does workmdashandimplementing it LeadingtheDepartmentrsquos ITreforminitiatives isanexcitingprivilegeandweintendtobringaboutpositivetransformationtobetterachievetheDepartmentrsquosuniquemission
6of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
doestrategy overview
10 DOE Strategy Overview
11 Department of Energy Mission and Goals
ThemissionoftheDepartmentofEnergy(DOE)istoensureAmericarsquossecurityandprosperitybyaddressingitsenergyenvironmentalandnuclearchallengesthroughtransformativescienceandtechnologysolutionsGoal 1 Transform Our Energy Systems Catalyze the timely material and efficient transformation of the nationrsquos energy system and secure US
leadershipincleanenergytechnologies
Goal 2 The Science and Engineering Enterprise MaintainavibrantUSeffortinscienceandengineeringasacornerstoneofoureconomicprosperitywithclear
leadershipinstrategicareas
Goal 3 Secure Our Nation Enhancenuclearsecuritythroughdefensenonproliferationandenvironmentalefforts
Goal 4 Management and Operational Excellence Establish an operational and adaptable framework that combines the best wisdom of all Department
stakeholderstomaximizemissionsuccess
InFY2011theDepartmentupdateditsStrategicPlanTheDepartmenthasfurtherintegratedtheStrategicPlanrsquoslong-termand intermediategoals into itsannualperformancebudget ThisperformancestructureestablishesaconcretelinkbetweentheStrategicPlanrsquosgoalsandtheDepartmentrsquosannualbudgetperformancemetricsandperformancereporting
12 Organization of the Department
The mission of the Department is carried out by National Laboratories and technology centers Power MarketingAdministrationsProgramOfficesStaffOfficesoperationsandfieldorganizationstheEnergyInformationAdministrationandtheNationalNuclearSecurityAdministrationSupportingtheseentitiesareover100000federalemployeesandsupportcontractorsDOErsquosorganizationalstructureisdecentralizedandalignedwithitsmultiplemissionsDepartmentseniormanagementprovidesstrategicplansEAplansandguidancetoProgramOfficestoguideprogramplanningdecision-makingandinvesting ProgramOfficialsare responsible foracquiringand implementingapprovedprogramsand investments toachieveperformancegoalsInthiswaytheDepartmentensuresthatwithinthedecentralizedorganizationalstructurealldecisionsandactivitiescontinuetosupporttheoverallstrategicgoalsoftheorganization
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 7of25
ociostrategy overview
20 OCIO Strategy Overview
21 Office of the Chief Information Officer Mission and Goals
ThemissionoftheOfficeoftheChiefInformationOfficer(OCIO)istoenabletheDepartmentofEnergyrsquosurgentmissionsinenergyscienceandnuclearsecuritythroughthepowerofinformationandtechnologyinamannerthatbalancesriskwithrequiredoutcomesinprogramsthatspanfromopensciencetonationalsecurityDOEpromoteseffectiveoperationsbyencouragingperformance-basedmanagementandfacilitatingtherestructuringofmission-andbusiness-relatedprocesseswhereappropriatebeforemakingsignificantITinvestmentstoimprovetheperformanceandcost-effectivenessof theDepartmentrsquos informationmanagementactivities Inaddition theOCIOrsquosOfficeofCybersecurityimplementsandmaintainsacomprehensivecybersecurityprogramthatiseffectiveacrossDOErsquosdiversemissionsandlargearrayofinterdependentnetworksandinformationsystems
Strategic Goal 1 Leverage Existing IT Leverageexistinginformationtechnologyandexpertisetomaximizemissionaccomplishmentand
reducecosts
Strategic Goal 2 Foster New and Emerging IT Identifyandfosternewandemerginginformationtechnologytomaximizemissionaccomplishment
andreducecosts
Strategic Goal 3 IT Governance Policy and Oversight Processes ProvideDepartmentalITgovernancepolicyandoversightprocessestoensuresecureefficientand
cost-effectiveuseofITresources
Strategic Goal 4 Risk-Based Cybersecurity Strengthenenterprisesituationalawarenesstofosternear-real-timeriskmanagementandcombat
the advanced persistent threat forge interagency and sector partnerships to protect criticalinfrastructurepromoteinformationsharingandadvancetechnologiesforcyberdefenses
22 Vision
TheChiefInformationOfficerrsquos(CIO)visionistobetherecognizedpartnerthatbringstechnologyandprogramstogethertounleashthepowerofinformationinachievingtheDOEmission
23 Goal Alignment
InaccordancewithOMBCircularA-130theOCIOstrategicplansupportstheDepartmentrsquosstrategicgoalsanddirectionThetableonpage8showsthealignmentoftheOCIOstrategicgoalstotheDepartmentrsquosfourstrategicgoalsTheOCIOgoalsareeitherdirectlyalignedorasignificantenablerforeachstrategicgoalAdirectalignmentisbasedonaclearlinkagebetweenthecontributionofOCIOgoalstotheaccomplishmentofamissionandanindirectalignment(notedascrosscutting)reflectslinkageswhereOCIOgoalscreatethetechnologicalorinformationsharingenvironmentwithinwhichastrategicmissionorgoalisaccomplished
8of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
ociostrategy overview
AlignmentofOCIOStrategicGoalstoDOErsquosStrategicGoals
DOE Goals
OCIO Goals
Transform Our Energy Systems
The Science and Engineering
Enterprise
Secure Our Nation
Management and Operational
Excellence
Leverage Existing IT DirectCrosscutting
DirectCrosscutting
DirectCrosscutting Direct
Foster New and Emerging IT DirectCrosscutting
DirectCrosscutting
DirectCrosscutting Direct
IT Governance Policy and Oversight Processes
DirectCrosscutting
DirectCrosscutting
DirectCrosscutting Direct
Risk-Based Cybersecurity Direct Direct Direct Direct
24 Target Opportunities
TheOCIOusesstrategicplansandothermanagementtoolstoensurethatITdecisionsmanagementresponsibilitiesandaccountabilityarepositionedtomeettheDepartmentrsquospresentandfutureneedsCoordinated with strategic planning the OCIO uses Departmental processes such as Enterprise Architecture (EA)ITCapitalPlanningand InvestmentControl (CPIC)andtechnologyassessmentprogramsto identifyopportunities toleveragebothexistingandnewtechnologiestosupportDepartmentgoalsTheseprocessesaimtoreduceperformancegapsintheoverallITportfoliobyretiringobsoletesystemsdevelopingnewsolutionsthatprovideimprovedperformanceandsupportingthedevelopmentofreusableapplicationcomponentsThisOCIOStrategicPlanhighlightskey initiativesandthepathforwardWithsuccessful implementationtheactionsdescribedinthisplanwillenabletheDepartmenttobestselectalignandmaximizeitsITresourcestofulfillDOEmission
25 IT Investment Portfolio
EachyeartheDepartmentselectsITinvestmentsthatmeetmissionneedscloseperformancegapsalignwithEAplansandalignwithexternaldriverssuchasOMBrsquos25PointImplementationPlantoReformFederalInformationTechnologyManagementThetablebelowshowsthebreakoutofDOErsquosBudgetYear(BY)2012ITportfoliobasedonDOEstrategicgoals
DOETotalITPortfolioBY2012
DOE Strategic Goal
Total Portfolio Funding
Dollars (in Millions) Percentages
Transform Our Energy Systems 13851 74
The Science and Engineering Enterprise 59406 318
Secure Our Nation 113010 604
Management and Operational Excellence 798 04
Total 187064 1000
As indicatedabove100percentofDOErsquosBY2012portfoliodirectlysupports the fourDOEstrategicgoals The ITportfolioischaracterizedbyawidearrayofinitiativesranginginsizeandsophisticationallofwhichareaimedatmissionaccomplishmentimprovedoperationalefficiencyandsupportofcrosscuttingDepartmentprioritiessuchassustainability
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 9of25
strategicgoals
30 OCIO Strategic GoalsTheOCIOhasITstrategicgoalsandobjectivesthatdriveachievementinDOEmissionandstrategicgoalsupport
Strategic Goal 1 Leverage existing information technology and expertise to maximize mission accomplishment and reduce costs
Objective1 ImplementasecureDOEfederalinfrastructurebyimprovingITservicesintoa best-in-classproviderfrombothatechnicalandbusinessperspective
Objective2 Developacomprehensivebusinessmanagementandcontractingstrategytoreducethecomplexityandimprovetheagilityofinternalandexternalsupportcontracts
[25PointImplementationPlanforFederalITReform]
Objective3 GeneratesubstantialsavingswithinOCIOandacrossDOEthroughtheimplementationofacomprehensiveenterpriseITconsolidationandsustainabilityplan
[DOEStrategicSustainabilityPerformancePlanExecutiveOrder1351425PointImplementationPlanforFederalITReform]
Objective4 Establishthehumancapitalandorganizationalfoundationtocreateahigh-performingorganization [25PointImplementationPlanforFederalITReform]
Strategic Goal 2 Identify and foster new and emerging information technology to maximize mission accomplishment and reduce costs
Objective1 Establishaformalsustainablefederaltechnologydeploymentprogram
Objective2 Identifyandleverageinnovativeservicedeliverymethods [FederalCloudFirstPolicy25PointImplementationPlanforFederalITReform]
Objective3 Identifyandfosteruseofgreentechnologytosupportenergyusereductiongoals [DOEStrategicSustainabilityPerformancePlanExecutiveOrder13514]
Strategic Goal 3 Provide Departmental IT governance policy and oversight processes to ensure secure efficient and cost-effective use of IT resources
Objective1 ImplementandinstitutionalizeareformedintegratedinformationtechnologymanagementgovernanceprocessthattreatsMampOsdistinctivelydifferentthantruefederalentities
Objective2 EstablishandimplementrobustDepartmentalpolicyonITissuesandappropriateIToversightprocesses [Clinger-CohenActDOEOrder2001AOMBCircularsA-11amp130]
Objective3 Revitalizetherecordsmanagementprogramtoraisegeneralawarenessanddevelopplans [FederalRecordsActPaperworkReductionActDOEOrders2431amp243236CFRChapterXIISubchapterB]
Objective4 EstablishstrongcooperativeinternalandexternalpartnershipsthatleadtoeffectiveinformationsharingandamutuallysupportiverelationshiptoachievingtheDOEmissionandapplicablefederalgoals
Strategic Goal 4 Strengthen enterprise situational awareness to foster near-real-time risk management and combat the advanced persistent threat forge interagency and sector partnerships to protect critical infrastructure promote information sharing and advance technologies for cyber defenses
Objective1 Implementaproactivecyberriskmanagementprogramthatensuresappropriateand cost-effectivesecuritytoenablemissionsandmeetlegalOMBandregulatoryrequirements
[FederalInformationSecurityManagementActDOEOrder2051B]
Objective2 ImplementacyberincidentmanagementprogramthatenhancessecurityoffederalandMampOnetworksandprovidesenterprise-widecoordinationandresponse
[FederalInformationSecurityManagementActDOEOrder2051B]
Objective3 Implementanenterprisecontinuousmonitoringstrategytocultivateactionableintelligenceandrapidlyinformmanagementaction
[FederalInformationSecurityManagementActDOEOrder2051B]
Objective4 Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopment [NationalInitiativeforCybersecurityEducation]
10of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
31 Strategic Goal 1
Leverage existing information technology and expertise to maximize mission accomplishment and reduce costs
The OCIO has established comprehensive functions to address policy people and processes related to ITmanagementByworkingfromasoundorganizationalfoundationandfocusingoncontinuousimprovementtomeetnew challenges theOCIOwill leverage an array of existing resources including human capital contractual andorganizationalprocessestoensureeffectiveITmanagementandstrongmissionsupportthroughouttheDepartmentDescriptionsoftargetedoutcomesandactionsrelatedtothisgoalaredescribedbelow
Objective1ImplementasecureDOEfederalinfrastructurebyimprovingITservicesintoabest-in-classproviderfrombothatechnicalandbusinessperspectiveTheOCIOOfficeforEnergyITServices(EITS)hastheresponsibilitytoprovidesharedandcrosscuttingITinfrastructuretothefederal community including theDOE-wide network servers for application anddata hosting secure internet access e-mailservicesfederaldesktopsandhelpdesksupportTheEITSteamworkstoprovideefficientlowcostservicesconsistentwithservicelevelagreementsinplacewithcustomersfromacrosstheDepartmentEITSisfocusedonbecomingtheDOEcommodityservicesproviderofchoice
ESSENTIALACTIONS DevelopanddeployavirtualdesktopinfrastructurecapableofsupportingallDOEfederaldesktopsimprovingtheinterconnectivitybetweenfederalandMampOinformationresourcesandprovidingdevice-agnosticconnectivity
Developafive-yearenterprisetechnologyroadmapthatoutlinesanear-andlong-termtechnologymigrationpathforfutureEITSservices
TaRGETED OuTCOMES
AstandardizedsimplifiedfederalITinfrastructure Reducednumberofcomponentsrequiredtooperate Reducednumberofinfrastructuresitesandfacilities
Strengthenedcybersecurity Sharedservices Increasedoperabilityandefficiency
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 11of25
strategicgoals
Objective2DevelopacomprehensivebusinessmanagementandcontractingstrategytoreducethecomplexityandimprovetheagilityofinternalandexternalsupportcontractsTheOCIOrsquosbusinessmanagementandcontractingstrategywillhavetwomajorelementsestablishinganOperationalInformationTechnologyServices (OITS) contract by late FY (Fiscal Year) 2011and continuedoptimizationof the currentEnterpriseWideAgreements(EWA)ProgramAspartofanoverallITacquisitionframeworktheOCIOseekstoleveragethecostsavingsandmanagementefficienciesthatresultfromacquiringandmanagingcommodityITproductsandservicesaswellascommerciallyavailablesoftwareonagovernment-wide basis Contract administration efficiencies are achieved by reducingmultiple contracts to one and improved pricing isobtainedbyleveragingtheDepartmentrsquostotalbuyingpowerTheOITScontractwillbeestablishedinFY2011toconsolidateandoptimizecommodityITservicesthroughouttheDOEcomplexEmphasiswillbeplacedonmaximizinguseofthiscontracttodecreasetheDOErsquosITtotalcostofownershipThiscontractwillalsobestructuredtominimizesubcontractingThe OCIOrsquos EWA Program is a collection of optional-use strategic sourcing contracts for common-use software hardwareandservicesusedwithin ITorganizationsacross theDepartment TheEWAProgram isstructuredtoallowuseby theentireDOEcomplexincludingDOEProgramOfficesStaffOfficesFieldSitesNationalLaboratoriesandPowerAdministrationsandsupportsandcomplieswiththeEnergy-WideStrategicSourcing(EWSS)ProgramFederalSmartBUYinitiativeClinger-CohenActandotherlegislativeandDOEpolicies
ESSENTIALACTIONS DriveincreaseduseofboththeOITScontractandtheEWAProgramthroughanaggressive stakeholdercommunicationsandmanagementprogram
Reduceadministrativecostofadministeringcontractsbydocumentingandautomatingprocesses OptimizetheEWAprogramtocreatemorecosteffectiveoptionsforourcustomers AwardnewITsupportservicescontractforcurrentIT
TaRGETED OuTCOMES
MaximizedbuyingpowerandreducedtotalcostofITownershipbyattainingoptimalpricingthroughtheaggregationofsoftwarerequirements
StreamlinedacquisitionprocesstoincreaseITcontractadministrationefficienciesthroughconsolidationopportunitiesoflegacyITcontractsintosinglecontractvehiclesandenterpriselicenseagreements
Objective3GeneratesubstantialsavingswithinOCIOandacrossDOEthroughtheimplementationofacomprehensiveenterpriseITconsolidationandsustainabilityplanByconsolidatingITinfrastructureasdirectedintheFederalDataCenterConsolidationInitiative(FDCCI)andthroughthecontinuedimplementation and evolution of the Departmentrsquos Strategic Sustainability Performance Plan (SSPP) the Departmentwill cutcostswhilereducingitscontributionoffederalgreenhousegasesTheSSPPcontainselectronicstewardshipgoalsthatfocusonconsolidatingandreducingdatacentersandimplementingimprovementsintheenergyuseatdatacentersTheOCIOhasDepartmentalleadershipresponsibilityfortheseeffortsandispursuingactivitiestoconsolidateITservices
ESSENTIALACTIONS LeadaDepartment-wideefforttoidentifyandconsolidatecommodityITservices Developandimplementafederaldatacentermodernizationandconsolidationplan Reducethenumberoffederaldatacentersbysix(6)byFY2015
TaRGETED OuTCOMES
Reducednumberofdatacenters Reducedrealestatefootprint Reduceddatacentercosts
Realizedenergysavings Increasedresource-utilizationrates ReducedcostsofcommodityITservices
12of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Establishthehumancapitalandorganizationalfoundationtocreate ahigh-performingorganizationTheOCIOrecognizesthestrategicmanagementchallengerequiredtohireandretainahighly-skilledITworkforceandisworkingtoaddressthecriticalityofstrengtheninghumancapitalasadriverfororganizationaleffectivenessTheOfficeofManagementandBudget(OMB)hasidentifiedaspecifichuman-capitalinitiativethatisdirectedtowardaligningaprofessionalworkforceinsupportofaDepartmentrsquosmissiongoalsandstrategiesTheOCIOhasdevelopedrecruitmentrequirementstofocuseffortsonidentifyingqualifiedcandidateswhoareabletoeasilyadapttochangesbroughtaboutbynewtechnologiesandiscurrentlyidentifyinggapsinskillsandabilitiesofthecurrentworkforcedevelopinghiringplanscreatingtrainingandprofessionaldevelopmentplansanddocumentingnewefficientbusinessprocessesInadditioninitiativeshavebeenimplementedtofocusonmaximizingemployeeperformancebyinstitutingdevelopmentprogramsandenrichmentopportunitiesthatmotivateandinspireemployeesTheOCIOwillcontinuetorecruitandretainnewtalentforcriticalmanagementandmission-criticalpositionsinordertoachievekeyobjectivesAspartofitsstrategicplanningtheOCIOhasestablishedrolesandresponsibilitieshigh-levelprocessflowsandanorganizationstructuretopositionitselftobecomeahigh-performingorganization
ESSENTIALACTIONS Leveragepasteffectivenessefficiencyreviewsandneworganizationalandskillsassessmentstoidentifyplan andimplementchangestorolesresponsibilitiesandreportingrelationships
Re-alignexistingpersonnelresourcestomoreeffectivelymatchexistingskillstorequirements Rapidlyhiretop-qualitypersonnelasgapsareidentifiedparticularlyseniorstaffpositions Strengthenperformance-basedpersonnelmanagement Implementanewperformance-managementsystemtobetterrecognizeandrewardsuperiorperformance ensuringahigh-performingandaccountableworkforce
Implementaperformanceframeworkforaccountabilityattheemployeelevel Implementacomprehensivetrainingprogramtocloseskillgapsandsustaintechnicalcompetence
TaRGETED OuTCOMES
AlignedworkforceskillstoDOEmissionsandpriorities Increasedprofessionaldevelopmentwithin thefederalworkforce
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 13of25
strategicgoals
32 Strategic Goal 2
Identify and foster new and emerging information technology to maximize mission accomplishment and reduce costs
ThisstrategicgoalidentifiestheareasoffocusandtheprocessesbywhichnewandemergingtechnologyisassessedandcanbecomeanenablertoachievingtheDOEmissionTheOCIOrsquosroleinthisareaistosupportProgramsacrosstheDepartmenttoidentifyandfostertheacquisitionanduseofemergingITtoleveragenewcapabilitiesandrethinkhowtomanagecommunicateandinteractwithdepartmentalinformation
Objective1EstablishaformalsustainablefederaltechnologydeploymentprogramTheOCIOprovidesexpertiseand leadership topartnerorganizationsacross theDepartment in the identificationofnewandemergingtechnologythatisusefulinsupportingthemissionTosupportthisfunctionaChiefTechnologyOfficerhasbeenplacedandanOCIOOfficeofCorporateProjectshasbeenstooduptocoordinatepartnershipoutreachandtechnologyresearchefforts
ESSENTIALACTIONS Developandimplementatechnologyinnovationprocesstoensurewell-formedinputandhandoffs toITactivitiesacrosstheDepartment
DefineaprocessforeffectivelymanagingprojectswithintheOCIO RefinetheDOEITStrategicRoadmapprocess ExpandtheOCIOrsquostechnologyoutreachandleadershipviaaseriesofsummits
TaRGETED OuTCOMES
Reducedcostofmissionaccomplishmentsduetomoreproductivetoolsandprocesses
Improvedknowledgesharing
14of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2IdentifyandleverageinnovativeservicedeliverymethodsTheOCIOcontinuallymakesanefforttoprovidenecessarymissionsupportatthelowestpossiblecostandinthemosttransparentmannerByleveraginginnovativeservicedeliverymethodssuchason-demandinfrastructureviacloudcomputingtheDepartmentgainsflexibilityinmissionsupportatlowpredictablecostsTheDepartmentrsquoscloudcomputinginitiativeisfollowingtheFederalGovernmentrsquoscloudcomputingdirectionforpursuingcloudasthepreferredchoiceincapitalprojectsThisinitiativealsosupportstheFederalRiskandAuthorizationManagementProgram(FEDRAMP)certificationofprivatesectorcloudalternativesThisinitiativeiscloselylinkedtootherinitiativesincludingsustainabilityanddatacenterconsolidation
ESSENTIALACTIONS IdentifyandevaluateservicedeliverymethodsforuseatDOE Implementcloudcomputingservicedelivery Identifyandprovidebestpracticesincloudcomputingacquisition Developasourcingstrategyforinnovativeandemergingtechnologiessuchascloudcomputingvirtualizationmobilecomputingetc
TaRGETED OuTCOME
ReducedcostsofITcommodityservicesduetoincreaseduseofcloudcomputing andotherinnovativeservicedeliverymethods
Objective3IdentifyandfosteruseofgreentechnologytosupportenergyusereductiongoalsConsistentwiththeoverarchingstrategyofchangingthelandscapeofenergysupplyanddemandtheSecretaryhasestablishedenergyconsumptionreductiontargetsfortheagencyHistoricallyIToperationshavealwaysrequiredsignificantenergyinputsHowevernewtechnologiesandstrategiesareconstantlybeingdevelopedforenergyefficient ITserviceandoperations TheOCIOiscommittedtoidentifyingandleveragingnewtechnologyandtechniquestoensurethatITisasignificantcontributortothereductionofenergyconsumptionDepartment-wideTheOCIOispursuingactivitiestoimplementsoundITenergymanagementpracticesthatwillresultinreducedairconditioningcostsandsubstantialenergysavings
ESSENTIALACTIONS Promoteenergyconservationandpaperwastereductionbyraisingawarenessofpreferredalternativessuchassharedprintersandduplexprintingandtheuseofworkplacemulti-functiondevices
Reduce(metered)electricityconsumptiontoreflectofficeanddesktoppowermanagement ImproveDepartment-widepowermanagementofdesktopcomputersprintersetc IdentifyimproveddatacenterandspaceplanningthroughtheEnergySavingscontractandpublic-privatepartnerships
TaRGETED OuTCOME
ReducedDepartment-wideenergyconsumptionandintensitybyFY2015nolessthan30onaverageacrosstheentireDepartmentrelativetotheDepartmentrsquosenergyuseinFY2003
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 15of25
strategicgoals
33 Strategic Goal 3
Provide Departmental IT governance policy and oversight processes to ensure secure efficient and cost-effective use of IT resources
TheOCIOprovidesleadershipandcoordinationforDepartmentalITmanagementthrougheffectiveITgovernanceprovisioning of IT policy and the implementation of IT oversight processes related to enterprise architecture ITinvestmentmanagementandothercrosscuttingITfunctionsBypartneringwithDOEProgramsingovernanceandoversightprocessestheOCIOensuresthatITservicesandassetsremainalignedwithmissionneeds
Objective1ImplementandinstitutionalizeareformedintegratedinformationtechnologymanagementgovernanceprocessthattreatsMampOsdistinctivelydifferentthantruefederalentitiesTheOCIO is actively redesigning ITgovernancearound its strategicgoals andobjectivesanddoingawaywith thedisparateITgovernancemechanisms thatareoftenuncoordinatedand result inpoormanagement TheOCIO is rethinking itscurrentgovernancestructureandwill refocusandcoordinategovernancegroups toensureappropriateparticipationownershipandaccountability
ESSENTIALACTIONS ReviewandaddressITissuesusingtheappropriategovernancegroups IntegrateandalignexistinggovernancegroupsincludingtheInformationManagementGovernanceCouncilInformationTechnologyCouncilandassociatedworkinggroups
TaRGETED OuTCOME
Establishmentofcoordinatedgovernancegroupsandprocesseswithappropriateauthoritiesrolesandresponsibilities
16of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2EstablishandimplementrobustDepartmentalpolicyonITissues andappropriateIToversightprocessesAsadecentralizedDepartmentindividualProgramsandsitesacrosstheDOEcomplexperformtheacquisitionandmanagementofITresourcesTheOCIOisresponsibleforestablishingpolicyandstandardsandoverseeingDepartmentalITmanagementtotheappropriatedegreenecessarytoensureconsistencyinteroperabilityandsecurityImplementing IToversightprocessesensures that theDepartmentrsquosportfolioof IT investments fully addressDOErsquosbusinessneedsandstrategiesTheOCIOhassuccessfullyimplementedTechStataface-to-faceevidence-basedaccountabilityreviewofanITinvestmentresultinginconcreteactionstoevaluateITinvestmentsandtoaddressweaknessesandturnaroundtroubledinvestmentsTechStatisvitaltotheDepartmentrsquosabilitytoimproveline-of-sightbetweenteamsandseniormanagementandfacilitates closermanagement of IT project progresswith the ability to identify and address performance issues before theybecomecostlytofix
ESSENTIALACTIONS ReviewandupdateITpolicyandguidancetoaddresschangesinrequirements Identifyandaddressrequirementsfornewpolicyandguidanceinatimelymanner IdentifyHeadquarterandFieldinvestmentstobeincludedintheTechStatReviews ConductTechStatreviewsregularlyattheHeadquarterandProgramlevels MapOCIOpolicytointernalandexternalrequirements AddressgapstoensurethatasoundframeworkforITmanagementisestablished
TaRGETED OuTCOMES
Maintainedcompletedandup-to-datepolicyandguidanceonITacquisitionandmanagement EstablishedappropriateIToversightprocesses
IncreasedprecisionofongoingmeasurementofITinvestmenthealth Improvedaccountabilitywithfocusonconcreteactionstoimproveperformance
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 17of25
strategicgoals
Objective3RevitalizetherecordsmanagementprogramtoraisegeneralawarenessanddevelopplansTheDepartmenthasarenewedandreinvigoratedemphasisoncomprehensivefederalrecordsmanagementatDOEInaneraofrapidlychangingtechnologyrecordsarebeingcreatedandstoredinawidevarietyofformatsandmediaTraditionalprocessesofrecordsmanagementmustbeupdatedtoaddressthischangingenvironmentTheSecretaryofEnergyandtheDepartmentarededicatedtohavingacomprehensiverecordsmanagementprogramwherebythesystematiccontrolofthecreationmaintenancestorageanddispositionoffederalrecordsareensuredthroughtheestablishmentof andadherence to standardizedpoliciesprocesses and the trainingof federal staff andcontractors TheOCIOprovidesDepartmentalleadershipandcoordinationofthiseffort
ESSENTIALACTIONS DevelopaDepartmentRecordsManagementTacticalPlan Developarecordsinventoryanddispositionschedulelifecyclemanagementplan DevelopanddeployaDepartmentRecordsManagementTrainingcurriculum ProviderecommendationsfordocumentmanagementsystemsandRMAsystemscurrentlyavailable
TaRGETED OuTCOMES
EnsureduniformcompliancewithrecordsmanagementlawsandpracticesthroughDepartmentalrecordsmanagementgovernance UpdatedRecordsManagementpolicyviaanimprovedDOEOrder2431(B)thataddressespreviousshortcomingswithregardstorecordsmanagementandvitalrecordsgovernancemanagementandtraining
Developedcomprehensive(required)recordsmanagementtrainingthatensuresallDOEemployeesandcontractorsunderstandrecordmanagementrequirements ImplementRecordsManagementApplications(RMA) toensurethecontrolandmanagementofallldquopermanentrdquoandldquonon-permanentrdquorecordsacrosstheDepartmentincludinge-mail
Objective4EstablishstrongcooperativeinternalandexternalpartnershipsthatleadtoeffectiveinformationsharingandamutuallysupportiverelationshiptoachievingtheDOEmissionandapplicablefederalgoalsTheOCIOexercisesleadershipwithinandoutsidetheDepartmentthroughpartnershipsinsupportofAgencyandFederal-wideinitiativesSuchmutuallysupportivepartnershipsfostertrustandcommunicationandleadtotheidentificationofITmanagementbestpractices
ESSENTIALACTIONS EstablishmutuallysupportiverelationshipswithDOEProgramOfficesfunctionalmanagersandMampOCIOs Establishmutuallysupportiverelationshipswithotherfederalagencies
TaRGETED OuTCOMES
OCIOisarecognizedbusinesspartnerofDOEProgramOfficesfunctionalmanagersandMampOCIOs
ImprovedmanagementoffederalandprivatesectorpartnerinitiativessuchascloudcomputingIPv6andtheFederalRiskAuthorizationandManagementProgram(FedRAMP)
18of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
34 Strategic Goal 4
Strengthen Enterprise Situational Awareness to Foster Near-Real-Time Risk Management and Combat the Advanced Persistent Threat
Forge Interagency and Sector Partnerships to Protect Critical Infrastructure Promote Information Sharing and Advance Technologies for Cyber Defenses
TheDepartmentrsquosstrategicpathforwardforcybersecurityalignswithAdministrationprioritieswhichincludedeliveringsector-focusedcybersecuritysolutionstotheDefenseIndustrialBase(DIB)andprovidingleadershipintheexecutionoftheComprehensiveNationalCyberSecurityInitiative(CNCI)
We know that to achieve itsmissions DOEmust be forward-focused in defending its diverse infrastructure andbroadrangeofinformationassetsIncollaborationwithourNationalLaboratoriesandinter-agencypartnersweareleadingthetechnologicaladvancesnecessarytosecureoureconomicfutureanddefendGovernmentandcriticalinfrastructurefromincreasinglysophisticatedcyberattacks
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 19of25
strategicgoals
Objective1Implementaproactivecyberriskmanagementprogramthatensuresappropriateandcost-effectivesecuritytoenablemissionsandmeetlegalOMBandregulatoryrequirementsTheOCIOisleadingthedevelopmentoftheDepartmentrsquosRiskManagementApproach(RMA)fortheDepartmentrsquosCyberSecurityProgram(CSP)Thisapproachinstitutionalizesmission-focusedriskmanagementandlinemanagementaccountabilityforensuringappropriateprotectionofDOEinformationandinformationsystemsTheRMAandtheCSPrepresentanextensivecollaborativeeffortthatexemplifiestheDepartmentrsquosStrategicGoaltoldquoEstablishanoperationalandadaptableframeworkthatcombinesthebestwisdomofallDepartmentstakeholderstomaximizemissionsuccessrdquoTheRMAimplementsthefourcomponentsofriskmanagement(framingassessingrespondingandmonitoring)atallDOEorganizationlevelsTheOCIOpartnerswiththeOfficeofIntelligenceandCounterintelligence(IN)andtheIntelligenceCommunitytosharecriticalthreatinformationwiththeFederalcommunityacrosssecuritydomainsandrapidlyinformDOEprogramriskmanagementdecisionstoprotectagencyassetsTheOCIOwillcontinuetoexpandtheseeffortswhileleveragingadvancedresearchanddevelopmentcapabilitiestomitigatethefullspectrumofthreatsTheRMAdefinesgovernanceandprocessesfor assessingthreatsanalyzingrisksandsharingriskinformationthroughthecorporateriskexecutive informingrisk-baseddecisionsthatconsidermissionassuranceandcost-effectiveriskmitigationstrategiesprovidingtheappropriatebenefitfromavailablecybersecurityresourcesfirst
conveyingassuranceandconductingoversightand ensuringconsistencywithguidelinesfromtheNationalInstituteofStandardsandTechnology(NIST)andCommitteeonNationalSecuritySystems(CNSS)cyberrequirementsprocessesandprotections
TheRMAwillimplementautomatedenterpriseGovernanceRiskandCompliance(eGRC)capabilitiestoimprovedatacollectionaggregationand reportingThiseffortwill reducecosts re-direct resourcesandmanagement focus towardsoperationsandimproveOCIOcustomerservice
ESSENTIALACTIONS IdentifyanddocumentexistingRMAcapabilitiesincludingContractorAssuranceSystemssolutionsthatcouldbeleveragedinthetargetEnterprisecapability
FinalizeRMAmanagementplantoprograminputsfromSeniorDOEManagement ConductanddocumentRMAmaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimprovedRiskManagementdecisionsupport
TaRGETED OuTCOMES
Increasedresourceefficiencyandautomation Improvedsecuritypostureandenterprise situationalawareness
Increasedmissionassurancebetterinformed riskmanagementdecisions
20of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2ImplementacyberincidentmanagementprogramthatenhancessecurityoffederalandMampOnetworksandprovidesenterprise-widecoordinationandresponseThe OCIO is partnering with the NNSA OCIO the NationalLaboratoriesand INtodeveloptheDepartmentrsquosnextgenerationincidentmanagementcapabilityThis initiativeknownastheJointCyberSecurityCoordinationCenter(JC3)willintegrateDepartmentalincidentmanagementcapabilitiesintoacoordinatedresponseentitytoprovidefrontlinecyberdefenseandDepartment-levelsituationalawareness JC3 will strengthen DOErsquos role as a leader in thenational-level cybersecurity community through the timely sharingof DOE-derived cyber threat information with other agenciesJC3 will facilitate the aggregation correlation and deconflictionof inputs fromDepartment-wide sensor networks and other datasourcesprovidescomputer forensicanalysisandconductattacktrending tracking and mitigation of Advanced Persistent ThreatJC3 will coordinate incident management activities (Fxhibit 1)includingpreventiondetectioncontainmentandrecoveryforDOEElementsandcoordinatecommunicationsonbehalfoftheagencyfor cybersecurity events and emergency responsewithUS-CERTandagencypartners
ESSENTIALACTIONS IdentifyanddocumentexistingDOEIncidentManagementcapabilitiesincludingMampO-sponsoredsolutionsthatcouldbeleveragedintheJC3
DevelopJC3governancemodeltoincludeviableout-yearfundingmodel FinalizeprogrammanagementimplementationplanincludeplanforcoordinationofManagementExecutiveCouncil-DOECyberResearchandDevelopment(RampD)AdvanceTechnologiesinitiative
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimproveddecisionsupport
TaRGETED OuTCOMES
DocumentedenterprisebaselineofrequirementsmapexistingcapabilitiesincludingNationalLaboratoriesrsquoresourcesandexpertise ImprovedDOEenterpriseandGovernment-widecoordinationforresponsetosignificantcyberevents andAdvancedPersistentThreat
Improvedenterprise-wideeventmanagementreporting ImprovedleveragingofRampDandadvancedtechnologiestodetectandpreventcyberattacks
Preparationamp Prevention
Recover Era
dicat
e
ContainDet
ect
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
Figure1IncidentManagementLifecycle
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 21of25
strategicgoals
Objective3ImplementanenterprisecontinuousmonitoringstrategytocultivateactionableintelligenceandrapidlyinformmanagementactionOMBandFederalagencieshave increasingly recognized the limitedvalueofpoint-in-timesecurityauthorization for informingriskdecisionsandachievingeffectiveriskmanagementTheOCIOisleadingagencyeffortstodevelopContinuousMonitoring(CM)strategiesthatmoreeffectivelydirectandutilizeresourcesinprotectingagencyassetsThisCMprogramwillleveragetheRMAandshareOCIOeGRCcapabilitiestocultivateactionableintelligenceandenhancedecisionsupportfortheDOEanditsstakeholdersInimplementingtheCMprogramtheOCIOwill Identifyenterprise-levelCMinputsnecessarytobuildenterprisesituationalawarenessandinformriskmanagementdecisionsinnear-realtime(egthreatinformationstakeholdercommunicationflowsmissiondataetc)
Definetheprocessandperiodicityforreviewingandupdatingpoliciesstandardsandprocedurestomaintaincompliancewithcurrentstatutoryandregulatorydrivers
DescribehowCMdatawillbeaggregatedcorrelatedandanalyzedtoproduceactionableintelligenceandinformriskdecisionsincludingreporting
DevelopaCMImplementationPlanthat leveragesexistingresourcesfirst deploysinphasestocapturevaluequickly describesknowledgechainsandvaluepointsfororganization
AssessandmeasureprogrammaturitydevelopprocessesforcontinuousprogramimprovementtoincludeinnovationthroughRampDandadvancedtechnologiesoptimizationandlifecycleintegration
ESSENTIALACTIONS Identifyanddocumentgovernancecompliancerequirementsmodelsandprocessesthatimpactandcontributetocontinuousmonitoring
DevelopenterpriseCMStrategytoincludeincorporationofadvancedtechnologiesandinformationsharingwithinDOEorganizationsandexternallytotheFederalcommunity
ConductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyofCMStrategy
TaRGETED OuTCOMES
Integratedmulti-tiercontinuousmonitoringstrategythataddressesgovernanceenterpriseservicesandsystem-levelimplementation
AutomatedcommonreportingprocessforDOEHeadquartersProgramandSiteOffices InformedriskdecisionsusingcriticaldataflowsthatareidentifiedandincorporatedintoCMplans
22of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopmentNational workforce education and development initiatives such as the National Initiative for Cybersecurity Education (NICE)continue to underscore the critical importanceofwell-trained and capable cybersecurityworkforce to execute theprogramsthat support risk management and enable mission operations The OCIO is leading the enhancement of the Departmentrsquoscybersecurity trainingandworkforcedevelopmentprogram includingpartneringwithDepartmentofDefense to reducecostsbyleveragingtrainingresourcesThiseffortincludesamultiyearmulti-prongedapproachtowarddevelopingandmaintainingatrainingrepositorythatmapstrainingtocriticalcybersecurityrolesandindividualswithsignificantsecurityresponsibilitiesTheprogramiscentrallymanagedthroughtheOCIOandwillprovideafullscopeofadvancedtrainingresourcesandcapabilitiestoassistallDOEElements
ESSENTIALACTIONS DevelopenterpriseCybersecurityTrainingImplementationPlan Establishcommunicationsplantoensurecriticalrolesaremappedtoindividualsindividualtrainingplansareestablishedandcompletionratesaretracked
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyoftrainingprogram
TaRGETED OuTCOMES
Increasedworkforceawarenessandcapability improvedmitigationofinsiderthreat Improvedsecuritypostureandworkforcealignment withmissionpriorities
Identificationofkeycybersecurityroleswithineachorganizationincludingdocumentationofindividuals withsignificantsecurityresponsibility
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 23of25
appendix
Appendix A Strategic Initiatives
IdentityCredentialampAccessManagement(ICAM)This initiative establishes a framework for implementation of a variety ofidentity verification and access management capabilities It addressesrequirements related to HSPD-12 and enhances existing Public KeyInfrastructure (PKI) capabilities These key technologies enable theexchangeoftrustedidentitiesacrossDOEandwithotheragencypartnersHSPD-12 - This investment brings the Department in compliance withHomeland Security Presidential Directive 12 The initiative provides anenterprisestandards-basedauthenticationandauthorizationinfrastructurethatofferssecureseamlessbusinesstransactionsandinformationexchangewithinDOEandacrossmanydisparateagenciesandorganizationsTheprogramwillreduceexistinglogicalandphysicalsecurityvulnerabilitiesandmitigate risks toestablish theprerequisite levelofsecurity forcriticalenterprisebusinessfunctionsBoththetechnologysolutionsandongoingsupport providedby the initiativewill enableDOE to ensure that systemusers are who they claim to be (authentication) allow effective use ofdigitalsignatures(dataintegrityandaccountability)andrestrictaccesstoappropriatelyauthorizedusers(accesscontrol)PKI -ThemissionofPKISupportServicesistoprovideelectronicservicesrelated to authentication confidentiality privacy data integrity and non-repudiationthroughtheuseofdigitalidentitiesdigitalsignaturesandtwo-factorauthenticationtokensTheseservicesareavailabletoallcustomersthathaveavalidbusinessneedtosecureandtransmitsensitiveDepartmentdataandortherequirementtopositivelyidentifythemselvestoDepartmentresources
TaRGETED OuTCOMES ProvideastandardizedDOEIDCardcompliantwithHSPD-12andcapableofsupportingphysicalandlogicalaccessrequirementssuchascryptographicstorageofdigitalcredentialsintegratedstandards-basedbuildingproximitysupportandaprintedformatthatcomplieswithfederalIDcardrequirements EnhanceapublickeyinfrastructuresolutionthatcomplieswithfederalstandardsandsupportsDOErequirementsforconfidentialityintegrityandauthenticity ImplementanIIdentityCredentialandAccessManagementsolutionthatservesasthebasisofacommonsecurityinfrastructurethatcansupportdiversesystems EnsureDOEpublicexternalfacingserversand(web-enabled)servicestouseIPv6bytheendofFY2012
SustainabilityandFederalDataCenterConsolidationInitiativeThis initiative addresses requirements under the Federal Data CenterConsolidation Initiative (FDCCI) anOMB led initiative to consolidate andreducethenumberoffederaldatacentersItalsosupportsDepartmentalenergy reduction and sustainability goals as documented in the DOEStrategicSustainabilityPerformancePlanDatacenterreductiongoalswillbeachievedthroughincreasedefficienciessuchastheuseofvirtualizationconsolidation of requirements and implementation of increased use ofcloudcomputinginfrastructureasaservice
TaRGETED OuTCOMES ReducethenumberofDOEfederaldatacentersby6by2015
PerformanceManagementDashboardsThePerformanceManagementDashboards initiativeworkswithProgramOffices to develop business intelligence systems that inform seniorDOEmanagement about the effectiveness and efficiency of its program andfinancials This initiative also includes the development of Science ampTechnology in Americarsquos Reinvestment Metrics (STAR METRICS) formeasuring the effect of research on innovation competitiveness andscienceWhilethisinitiativeisintheearlystagesthegoalistouseProgramOfficeintelligencesystemstoleveragecontractorassurancesystemsandimprovethetransparencyofMampOcontractorperformance ThiswillprovideDOESenior Management visibility into contractor project performance muchearlierenablingimprovedperformancemanagement
TaRGETED OuTCOMES EstablishDOEintelligencesystemsthatprovidetransparencyandvisibilityintoprogramandfinancialperformance ProvideSeniorDOEManagementtimelyperformanceinformationtosupportdecision-makingviathePerformanceDashboards
24of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
appendix
FinancialAssistanceThe US Department of Energy (DOE) provides a significant amount offinancialassistancetosupportinnovationandprogressforAmericarsquosenergyscientificandnationalsecurityneedsevaluatingthousandsofapplicationseachyearandawardingbillionsofdollarsinfinancialassistanceDuetotheimportanceofDOErsquosinvestmentsandtheimpactofourresearchportfolioinsupportingournationalobjectivesandDOErsquosstrategicplantheDOEDeputySecretaryandOperationsManagementCouncildirectedtheOCIOtoconductanevaluationoffinancialassistancesystemswithinDOEto determine the scope of the opportunity to modernize the underlyingsystemsand services in support of financial assistanceprogramsat theDepartmentCurrentlyDOEreliesonamixofsystemsandprocessestoadministerfinancialassistanceawardsrangingfromin-housetooutsourcedproducts and has no single system or tool tomanageDOErsquos completeinvestmentportfolioAsaresulttheOCIOhasevaluatedfinancialassistancetechnologysolutionstoidentifyanoptimalapproachcontinuingourroleofprovidingtechnologyleadershippromotinginnovationandeffectiveoperationsacrossDOETherecommendationspromoteamoreintegratedenvironmentforcoordinatingexecutive insight into thefinancialassistanceactivitiesat thedepartmentandenablegreatertransparencyIn addition the effort promotes DOErsquos federal leadership initiatives suchas the STAR METRICS program which provides a common empiricalframeworktoidentifyoutcomesofresearchinvestmentsandpromotestheDepartmentrsquoscommitmenttoscienceandinnovation
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)TransitionThe IPv6 Transition initiative ensures DOE infrastructure and applicationlifecyclemanagement is aligned with the technical imperative and OMBdirectiontopreparefederalagenciestouseInternetProtocolVersion6by2014(OMBMemorandum92810)Agencydeadlinesinclude Upgradepublicexternalfacingserversandservices bytheendofFY2012
UpgradeinternalclientapplicationsbytheendofFY2014
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummitsTheOCIOhostsaseriesofsummitsfocusedonadvancedtechnologyandinnovationeffortsacrosstheDepartmentanditspartnerstohighlightwaysinwhichtheseactivitieshelpussucceedinourmissionandcontributetosuccessoftheNationrsquosgoalsandgrandchallengesThiseffortcontinuestheOCIOrsquosroleofpromotinginnovationshowcasingtechnologyleadershipandidentifyingopportunitiestomodernizeservicesandleveragethepowerof itThrough these types of forums opportunities are communicated anddiscussedinanopencollaborativeenvironmentandinitiativesacrossDOEcanbebroughttogethertopromotecollaborationandinformationsharingIndividuallysummitsprovidetopical-baseddiscussionsusecasesandbestpractices thatare linkedtoDOEandtheOCIOrsquoscontinualmodernizationandtechnologyreuseinitiativesandcreategreaterawarenessofthewaysweengageinourmissionOrganizationsparticipate fromacross theDOEenterprise includingotherfederalagenciesaswellaspublicandprivatepartnersandthesediscussionsprovide an opportunity to share stores and success helping identifycommonalitiesaswell asanunderstandingof theuniquecircumstancesencounteredbyindividualmissionsandoffices
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 25of25
appendix
FinancialAssistance
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)Transition
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummits
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
Appendix B List of Acronyms
ARB ArchitectureReviewBoardBRM BusinessReferenceModelCAM CorporateAssetManagementCampA CertificationandAccreditationCFO ChiefFinancialOfficerCIO ChiefInformationOfficerCHRIS CorporateHumanResource
InformationSystemCNCI ComprehensiveNational
CybersecurityInitiativeCNSS CommitteeforNationalSecuritySystemsCOTS CommercialOfftheShelfCPIC CapitalPlanningandInvestmentControlCRB CorporateReviewBudgetDIB DefenseIndustrialBaseDoe Department of energyEA EnterpriseArchitectureEATP EnterpriseArchitectureTransitionPlanEAWG EnterpriseArchitectureWorkingGroupEITS EnergyITServicesESNet EnergyScienceNetworkEVM EarnedValueManagementEWA EnterpriseWideAgreementEWSS Energy-WideStrategicSourcingFDCCI FederalDataCenterConsolidationInitiativeFEA FederalEnterpriseArchitectureFEDRAMP FederalRiskandAuthorization
ManagementProgramFFP FirmFixedPriceFGDC FederalGeographicDataCommitteeFISMA FederalInformationSecurity
ManagementActGLoB GeospatialLineofBusinessGPEA GovernmentPaperworkEliminationActGSA GeneralServicesAdministrationGSP GeospatialScienceProgramHSPD HomelandSecurityPresidentialDirectiveIDEA InnovativeDepartmentofEnergy
E-GovernmentApplicationsICAM IdentityCredentialampAccessManagementICPT IntegratedContractorPurchasingTeamIM InformationManagementI-MANAGE IntegratedManagementNavigationSystemIOAampT InfrastructureOfficeAutomation
andTelecommunicationsIPT IntegratedProjectTeamIPv6 InternetProtocolVersion6IRM InformationResourcesManagementIT InformationTechnologyLOB LineofBusinessMampO ManagementandOperatingNICE NationalInitiativefor
CybersecurityEducationNIST NationalInstituteofStandards
andTechnologyNNSA NationalNuclearSecurityAdministrationOCIO OfficeoftheChiefInformationOfficerOMB OfficeofManagementandBudgetOampM OperationsandMaintenancePKI PublicKeyInfrastructurePOAampM PlanofActionandMilestonesRMA RecordsManagementApplicationSPI SpectrumPolicyInitiativeSSP SharedServiceProviderSTAR ScienceampTechnologyin
AmericarsquosReinvestment
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 5of25
messagefromthecio
Message from Michael Locatis Chief Information Officer
TheDepartmentofEnergy(DOE)OfficeoftheChiefInformationOfficer(OCIO)has forged valuable partnerships by bringing together internal informationtechnology(IT)resourcesourNationalLaboratoriesandstrategicnetworksmdashbothwithinandoutsideoftheDepartmentmdashtopromoteagency-wideinnovationandeffectiveoperations thatprovide tangiblepositivehigh-valueoutcomesforournationWehaveanaggressiveagendatoaccomplishandareoperatingwithurgencytoenabletheDepartmentalmission The ITstrategyhasbeentransformed to meet the Departmentrsquos demanding need The strategy isdesignedto Leverageexistinginformationtechnologyandexpertisetomaximizemissionaccomplishmentandreducecosts
Identifyandfosternewandemerginginformationtechnologytomaximizemissionaccomplishmentandreducecosts
ProvideDepartmentalITgovernancepolicyandoversightprocessestoensuresecureefficientandcost-effectiveuseofITresources
Ensureacceptablerisk-basedcybersecuritythroughenhancedenterprisesituationalawarenessdevelopmentofnearreal-timeriskmanagementandcombatingadvancedpersistentthreats
Tofurtherassistweareactivelyexecutingthe25PointImplementationPlantoReformFederalITManagementaspartofoureffortsandacriticalelementtoDOEmissionsuccessTheOCIO is committed to supporting the sharing of best practices acrossthe federal IT community Improving federal IT management requires notonly knowing what does not work but identifying what does workmdashandimplementing it LeadingtheDepartmentrsquos ITreforminitiatives isanexcitingprivilegeandweintendtobringaboutpositivetransformationtobetterachievetheDepartmentrsquosuniquemission
6of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
doestrategy overview
10 DOE Strategy Overview
11 Department of Energy Mission and Goals
ThemissionoftheDepartmentofEnergy(DOE)istoensureAmericarsquossecurityandprosperitybyaddressingitsenergyenvironmentalandnuclearchallengesthroughtransformativescienceandtechnologysolutionsGoal 1 Transform Our Energy Systems Catalyze the timely material and efficient transformation of the nationrsquos energy system and secure US
leadershipincleanenergytechnologies
Goal 2 The Science and Engineering Enterprise MaintainavibrantUSeffortinscienceandengineeringasacornerstoneofoureconomicprosperitywithclear
leadershipinstrategicareas
Goal 3 Secure Our Nation Enhancenuclearsecuritythroughdefensenonproliferationandenvironmentalefforts
Goal 4 Management and Operational Excellence Establish an operational and adaptable framework that combines the best wisdom of all Department
stakeholderstomaximizemissionsuccess
InFY2011theDepartmentupdateditsStrategicPlanTheDepartmenthasfurtherintegratedtheStrategicPlanrsquoslong-termand intermediategoals into itsannualperformancebudget ThisperformancestructureestablishesaconcretelinkbetweentheStrategicPlanrsquosgoalsandtheDepartmentrsquosannualbudgetperformancemetricsandperformancereporting
12 Organization of the Department
The mission of the Department is carried out by National Laboratories and technology centers Power MarketingAdministrationsProgramOfficesStaffOfficesoperationsandfieldorganizationstheEnergyInformationAdministrationandtheNationalNuclearSecurityAdministrationSupportingtheseentitiesareover100000federalemployeesandsupportcontractorsDOErsquosorganizationalstructureisdecentralizedandalignedwithitsmultiplemissionsDepartmentseniormanagementprovidesstrategicplansEAplansandguidancetoProgramOfficestoguideprogramplanningdecision-makingandinvesting ProgramOfficialsare responsible foracquiringand implementingapprovedprogramsand investments toachieveperformancegoalsInthiswaytheDepartmentensuresthatwithinthedecentralizedorganizationalstructurealldecisionsandactivitiescontinuetosupporttheoverallstrategicgoalsoftheorganization
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 7of25
ociostrategy overview
20 OCIO Strategy Overview
21 Office of the Chief Information Officer Mission and Goals
ThemissionoftheOfficeoftheChiefInformationOfficer(OCIO)istoenabletheDepartmentofEnergyrsquosurgentmissionsinenergyscienceandnuclearsecuritythroughthepowerofinformationandtechnologyinamannerthatbalancesriskwithrequiredoutcomesinprogramsthatspanfromopensciencetonationalsecurityDOEpromoteseffectiveoperationsbyencouragingperformance-basedmanagementandfacilitatingtherestructuringofmission-andbusiness-relatedprocesseswhereappropriatebeforemakingsignificantITinvestmentstoimprovetheperformanceandcost-effectivenessof theDepartmentrsquos informationmanagementactivities Inaddition theOCIOrsquosOfficeofCybersecurityimplementsandmaintainsacomprehensivecybersecurityprogramthatiseffectiveacrossDOErsquosdiversemissionsandlargearrayofinterdependentnetworksandinformationsystems
Strategic Goal 1 Leverage Existing IT Leverageexistinginformationtechnologyandexpertisetomaximizemissionaccomplishmentand
reducecosts
Strategic Goal 2 Foster New and Emerging IT Identifyandfosternewandemerginginformationtechnologytomaximizemissionaccomplishment
andreducecosts
Strategic Goal 3 IT Governance Policy and Oversight Processes ProvideDepartmentalITgovernancepolicyandoversightprocessestoensuresecureefficientand
cost-effectiveuseofITresources
Strategic Goal 4 Risk-Based Cybersecurity Strengthenenterprisesituationalawarenesstofosternear-real-timeriskmanagementandcombat
the advanced persistent threat forge interagency and sector partnerships to protect criticalinfrastructurepromoteinformationsharingandadvancetechnologiesforcyberdefenses
22 Vision
TheChiefInformationOfficerrsquos(CIO)visionistobetherecognizedpartnerthatbringstechnologyandprogramstogethertounleashthepowerofinformationinachievingtheDOEmission
23 Goal Alignment
InaccordancewithOMBCircularA-130theOCIOstrategicplansupportstheDepartmentrsquosstrategicgoalsanddirectionThetableonpage8showsthealignmentoftheOCIOstrategicgoalstotheDepartmentrsquosfourstrategicgoalsTheOCIOgoalsareeitherdirectlyalignedorasignificantenablerforeachstrategicgoalAdirectalignmentisbasedonaclearlinkagebetweenthecontributionofOCIOgoalstotheaccomplishmentofamissionandanindirectalignment(notedascrosscutting)reflectslinkageswhereOCIOgoalscreatethetechnologicalorinformationsharingenvironmentwithinwhichastrategicmissionorgoalisaccomplished
8of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
ociostrategy overview
AlignmentofOCIOStrategicGoalstoDOErsquosStrategicGoals
DOE Goals
OCIO Goals
Transform Our Energy Systems
The Science and Engineering
Enterprise
Secure Our Nation
Management and Operational
Excellence
Leverage Existing IT DirectCrosscutting
DirectCrosscutting
DirectCrosscutting Direct
Foster New and Emerging IT DirectCrosscutting
DirectCrosscutting
DirectCrosscutting Direct
IT Governance Policy and Oversight Processes
DirectCrosscutting
DirectCrosscutting
DirectCrosscutting Direct
Risk-Based Cybersecurity Direct Direct Direct Direct
24 Target Opportunities
TheOCIOusesstrategicplansandothermanagementtoolstoensurethatITdecisionsmanagementresponsibilitiesandaccountabilityarepositionedtomeettheDepartmentrsquospresentandfutureneedsCoordinated with strategic planning the OCIO uses Departmental processes such as Enterprise Architecture (EA)ITCapitalPlanningand InvestmentControl (CPIC)andtechnologyassessmentprogramsto identifyopportunities toleveragebothexistingandnewtechnologiestosupportDepartmentgoalsTheseprocessesaimtoreduceperformancegapsintheoverallITportfoliobyretiringobsoletesystemsdevelopingnewsolutionsthatprovideimprovedperformanceandsupportingthedevelopmentofreusableapplicationcomponentsThisOCIOStrategicPlanhighlightskey initiativesandthepathforwardWithsuccessful implementationtheactionsdescribedinthisplanwillenabletheDepartmenttobestselectalignandmaximizeitsITresourcestofulfillDOEmission
25 IT Investment Portfolio
EachyeartheDepartmentselectsITinvestmentsthatmeetmissionneedscloseperformancegapsalignwithEAplansandalignwithexternaldriverssuchasOMBrsquos25PointImplementationPlantoReformFederalInformationTechnologyManagementThetablebelowshowsthebreakoutofDOErsquosBudgetYear(BY)2012ITportfoliobasedonDOEstrategicgoals
DOETotalITPortfolioBY2012
DOE Strategic Goal
Total Portfolio Funding
Dollars (in Millions) Percentages
Transform Our Energy Systems 13851 74
The Science and Engineering Enterprise 59406 318
Secure Our Nation 113010 604
Management and Operational Excellence 798 04
Total 187064 1000
As indicatedabove100percentofDOErsquosBY2012portfoliodirectlysupports the fourDOEstrategicgoals The ITportfolioischaracterizedbyawidearrayofinitiativesranginginsizeandsophisticationallofwhichareaimedatmissionaccomplishmentimprovedoperationalefficiencyandsupportofcrosscuttingDepartmentprioritiessuchassustainability
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 9of25
strategicgoals
30 OCIO Strategic GoalsTheOCIOhasITstrategicgoalsandobjectivesthatdriveachievementinDOEmissionandstrategicgoalsupport
Strategic Goal 1 Leverage existing information technology and expertise to maximize mission accomplishment and reduce costs
Objective1 ImplementasecureDOEfederalinfrastructurebyimprovingITservicesintoa best-in-classproviderfrombothatechnicalandbusinessperspective
Objective2 Developacomprehensivebusinessmanagementandcontractingstrategytoreducethecomplexityandimprovetheagilityofinternalandexternalsupportcontracts
[25PointImplementationPlanforFederalITReform]
Objective3 GeneratesubstantialsavingswithinOCIOandacrossDOEthroughtheimplementationofacomprehensiveenterpriseITconsolidationandsustainabilityplan
[DOEStrategicSustainabilityPerformancePlanExecutiveOrder1351425PointImplementationPlanforFederalITReform]
Objective4 Establishthehumancapitalandorganizationalfoundationtocreateahigh-performingorganization [25PointImplementationPlanforFederalITReform]
Strategic Goal 2 Identify and foster new and emerging information technology to maximize mission accomplishment and reduce costs
Objective1 Establishaformalsustainablefederaltechnologydeploymentprogram
Objective2 Identifyandleverageinnovativeservicedeliverymethods [FederalCloudFirstPolicy25PointImplementationPlanforFederalITReform]
Objective3 Identifyandfosteruseofgreentechnologytosupportenergyusereductiongoals [DOEStrategicSustainabilityPerformancePlanExecutiveOrder13514]
Strategic Goal 3 Provide Departmental IT governance policy and oversight processes to ensure secure efficient and cost-effective use of IT resources
Objective1 ImplementandinstitutionalizeareformedintegratedinformationtechnologymanagementgovernanceprocessthattreatsMampOsdistinctivelydifferentthantruefederalentities
Objective2 EstablishandimplementrobustDepartmentalpolicyonITissuesandappropriateIToversightprocesses [Clinger-CohenActDOEOrder2001AOMBCircularsA-11amp130]
Objective3 Revitalizetherecordsmanagementprogramtoraisegeneralawarenessanddevelopplans [FederalRecordsActPaperworkReductionActDOEOrders2431amp243236CFRChapterXIISubchapterB]
Objective4 EstablishstrongcooperativeinternalandexternalpartnershipsthatleadtoeffectiveinformationsharingandamutuallysupportiverelationshiptoachievingtheDOEmissionandapplicablefederalgoals
Strategic Goal 4 Strengthen enterprise situational awareness to foster near-real-time risk management and combat the advanced persistent threat forge interagency and sector partnerships to protect critical infrastructure promote information sharing and advance technologies for cyber defenses
Objective1 Implementaproactivecyberriskmanagementprogramthatensuresappropriateand cost-effectivesecuritytoenablemissionsandmeetlegalOMBandregulatoryrequirements
[FederalInformationSecurityManagementActDOEOrder2051B]
Objective2 ImplementacyberincidentmanagementprogramthatenhancessecurityoffederalandMampOnetworksandprovidesenterprise-widecoordinationandresponse
[FederalInformationSecurityManagementActDOEOrder2051B]
Objective3 Implementanenterprisecontinuousmonitoringstrategytocultivateactionableintelligenceandrapidlyinformmanagementaction
[FederalInformationSecurityManagementActDOEOrder2051B]
Objective4 Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopment [NationalInitiativeforCybersecurityEducation]
10of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
31 Strategic Goal 1
Leverage existing information technology and expertise to maximize mission accomplishment and reduce costs
The OCIO has established comprehensive functions to address policy people and processes related to ITmanagementByworkingfromasoundorganizationalfoundationandfocusingoncontinuousimprovementtomeetnew challenges theOCIOwill leverage an array of existing resources including human capital contractual andorganizationalprocessestoensureeffectiveITmanagementandstrongmissionsupportthroughouttheDepartmentDescriptionsoftargetedoutcomesandactionsrelatedtothisgoalaredescribedbelow
Objective1ImplementasecureDOEfederalinfrastructurebyimprovingITservicesintoabest-in-classproviderfrombothatechnicalandbusinessperspectiveTheOCIOOfficeforEnergyITServices(EITS)hastheresponsibilitytoprovidesharedandcrosscuttingITinfrastructuretothefederal community including theDOE-wide network servers for application anddata hosting secure internet access e-mailservicesfederaldesktopsandhelpdesksupportTheEITSteamworkstoprovideefficientlowcostservicesconsistentwithservicelevelagreementsinplacewithcustomersfromacrosstheDepartmentEITSisfocusedonbecomingtheDOEcommodityservicesproviderofchoice
ESSENTIALACTIONS DevelopanddeployavirtualdesktopinfrastructurecapableofsupportingallDOEfederaldesktopsimprovingtheinterconnectivitybetweenfederalandMampOinformationresourcesandprovidingdevice-agnosticconnectivity
Developafive-yearenterprisetechnologyroadmapthatoutlinesanear-andlong-termtechnologymigrationpathforfutureEITSservices
TaRGETED OuTCOMES
AstandardizedsimplifiedfederalITinfrastructure Reducednumberofcomponentsrequiredtooperate Reducednumberofinfrastructuresitesandfacilities
Strengthenedcybersecurity Sharedservices Increasedoperabilityandefficiency
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 11of25
strategicgoals
Objective2DevelopacomprehensivebusinessmanagementandcontractingstrategytoreducethecomplexityandimprovetheagilityofinternalandexternalsupportcontractsTheOCIOrsquosbusinessmanagementandcontractingstrategywillhavetwomajorelementsestablishinganOperationalInformationTechnologyServices (OITS) contract by late FY (Fiscal Year) 2011and continuedoptimizationof the currentEnterpriseWideAgreements(EWA)ProgramAspartofanoverallITacquisitionframeworktheOCIOseekstoleveragethecostsavingsandmanagementefficienciesthatresultfromacquiringandmanagingcommodityITproductsandservicesaswellascommerciallyavailablesoftwareonagovernment-wide basis Contract administration efficiencies are achieved by reducingmultiple contracts to one and improved pricing isobtainedbyleveragingtheDepartmentrsquostotalbuyingpowerTheOITScontractwillbeestablishedinFY2011toconsolidateandoptimizecommodityITservicesthroughouttheDOEcomplexEmphasiswillbeplacedonmaximizinguseofthiscontracttodecreasetheDOErsquosITtotalcostofownershipThiscontractwillalsobestructuredtominimizesubcontractingThe OCIOrsquos EWA Program is a collection of optional-use strategic sourcing contracts for common-use software hardwareandservicesusedwithin ITorganizationsacross theDepartment TheEWAProgram isstructuredtoallowuseby theentireDOEcomplexincludingDOEProgramOfficesStaffOfficesFieldSitesNationalLaboratoriesandPowerAdministrationsandsupportsandcomplieswiththeEnergy-WideStrategicSourcing(EWSS)ProgramFederalSmartBUYinitiativeClinger-CohenActandotherlegislativeandDOEpolicies
ESSENTIALACTIONS DriveincreaseduseofboththeOITScontractandtheEWAProgramthroughanaggressive stakeholdercommunicationsandmanagementprogram
Reduceadministrativecostofadministeringcontractsbydocumentingandautomatingprocesses OptimizetheEWAprogramtocreatemorecosteffectiveoptionsforourcustomers AwardnewITsupportservicescontractforcurrentIT
TaRGETED OuTCOMES
MaximizedbuyingpowerandreducedtotalcostofITownershipbyattainingoptimalpricingthroughtheaggregationofsoftwarerequirements
StreamlinedacquisitionprocesstoincreaseITcontractadministrationefficienciesthroughconsolidationopportunitiesoflegacyITcontractsintosinglecontractvehiclesandenterpriselicenseagreements
Objective3GeneratesubstantialsavingswithinOCIOandacrossDOEthroughtheimplementationofacomprehensiveenterpriseITconsolidationandsustainabilityplanByconsolidatingITinfrastructureasdirectedintheFederalDataCenterConsolidationInitiative(FDCCI)andthroughthecontinuedimplementation and evolution of the Departmentrsquos Strategic Sustainability Performance Plan (SSPP) the Departmentwill cutcostswhilereducingitscontributionoffederalgreenhousegasesTheSSPPcontainselectronicstewardshipgoalsthatfocusonconsolidatingandreducingdatacentersandimplementingimprovementsintheenergyuseatdatacentersTheOCIOhasDepartmentalleadershipresponsibilityfortheseeffortsandispursuingactivitiestoconsolidateITservices
ESSENTIALACTIONS LeadaDepartment-wideefforttoidentifyandconsolidatecommodityITservices Developandimplementafederaldatacentermodernizationandconsolidationplan Reducethenumberoffederaldatacentersbysix(6)byFY2015
TaRGETED OuTCOMES
Reducednumberofdatacenters Reducedrealestatefootprint Reduceddatacentercosts
Realizedenergysavings Increasedresource-utilizationrates ReducedcostsofcommodityITservices
12of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Establishthehumancapitalandorganizationalfoundationtocreate ahigh-performingorganizationTheOCIOrecognizesthestrategicmanagementchallengerequiredtohireandretainahighly-skilledITworkforceandisworkingtoaddressthecriticalityofstrengtheninghumancapitalasadriverfororganizationaleffectivenessTheOfficeofManagementandBudget(OMB)hasidentifiedaspecifichuman-capitalinitiativethatisdirectedtowardaligningaprofessionalworkforceinsupportofaDepartmentrsquosmissiongoalsandstrategiesTheOCIOhasdevelopedrecruitmentrequirementstofocuseffortsonidentifyingqualifiedcandidateswhoareabletoeasilyadapttochangesbroughtaboutbynewtechnologiesandiscurrentlyidentifyinggapsinskillsandabilitiesofthecurrentworkforcedevelopinghiringplanscreatingtrainingandprofessionaldevelopmentplansanddocumentingnewefficientbusinessprocessesInadditioninitiativeshavebeenimplementedtofocusonmaximizingemployeeperformancebyinstitutingdevelopmentprogramsandenrichmentopportunitiesthatmotivateandinspireemployeesTheOCIOwillcontinuetorecruitandretainnewtalentforcriticalmanagementandmission-criticalpositionsinordertoachievekeyobjectivesAspartofitsstrategicplanningtheOCIOhasestablishedrolesandresponsibilitieshigh-levelprocessflowsandanorganizationstructuretopositionitselftobecomeahigh-performingorganization
ESSENTIALACTIONS Leveragepasteffectivenessefficiencyreviewsandneworganizationalandskillsassessmentstoidentifyplan andimplementchangestorolesresponsibilitiesandreportingrelationships
Re-alignexistingpersonnelresourcestomoreeffectivelymatchexistingskillstorequirements Rapidlyhiretop-qualitypersonnelasgapsareidentifiedparticularlyseniorstaffpositions Strengthenperformance-basedpersonnelmanagement Implementanewperformance-managementsystemtobetterrecognizeandrewardsuperiorperformance ensuringahigh-performingandaccountableworkforce
Implementaperformanceframeworkforaccountabilityattheemployeelevel Implementacomprehensivetrainingprogramtocloseskillgapsandsustaintechnicalcompetence
TaRGETED OuTCOMES
AlignedworkforceskillstoDOEmissionsandpriorities Increasedprofessionaldevelopmentwithin thefederalworkforce
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 13of25
strategicgoals
32 Strategic Goal 2
Identify and foster new and emerging information technology to maximize mission accomplishment and reduce costs
ThisstrategicgoalidentifiestheareasoffocusandtheprocessesbywhichnewandemergingtechnologyisassessedandcanbecomeanenablertoachievingtheDOEmissionTheOCIOrsquosroleinthisareaistosupportProgramsacrosstheDepartmenttoidentifyandfostertheacquisitionanduseofemergingITtoleveragenewcapabilitiesandrethinkhowtomanagecommunicateandinteractwithdepartmentalinformation
Objective1EstablishaformalsustainablefederaltechnologydeploymentprogramTheOCIOprovidesexpertiseand leadership topartnerorganizationsacross theDepartment in the identificationofnewandemergingtechnologythatisusefulinsupportingthemissionTosupportthisfunctionaChiefTechnologyOfficerhasbeenplacedandanOCIOOfficeofCorporateProjectshasbeenstooduptocoordinatepartnershipoutreachandtechnologyresearchefforts
ESSENTIALACTIONS Developandimplementatechnologyinnovationprocesstoensurewell-formedinputandhandoffs toITactivitiesacrosstheDepartment
DefineaprocessforeffectivelymanagingprojectswithintheOCIO RefinetheDOEITStrategicRoadmapprocess ExpandtheOCIOrsquostechnologyoutreachandleadershipviaaseriesofsummits
TaRGETED OuTCOMES
Reducedcostofmissionaccomplishmentsduetomoreproductivetoolsandprocesses
Improvedknowledgesharing
14of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2IdentifyandleverageinnovativeservicedeliverymethodsTheOCIOcontinuallymakesanefforttoprovidenecessarymissionsupportatthelowestpossiblecostandinthemosttransparentmannerByleveraginginnovativeservicedeliverymethodssuchason-demandinfrastructureviacloudcomputingtheDepartmentgainsflexibilityinmissionsupportatlowpredictablecostsTheDepartmentrsquoscloudcomputinginitiativeisfollowingtheFederalGovernmentrsquoscloudcomputingdirectionforpursuingcloudasthepreferredchoiceincapitalprojectsThisinitiativealsosupportstheFederalRiskandAuthorizationManagementProgram(FEDRAMP)certificationofprivatesectorcloudalternativesThisinitiativeiscloselylinkedtootherinitiativesincludingsustainabilityanddatacenterconsolidation
ESSENTIALACTIONS IdentifyandevaluateservicedeliverymethodsforuseatDOE Implementcloudcomputingservicedelivery Identifyandprovidebestpracticesincloudcomputingacquisition Developasourcingstrategyforinnovativeandemergingtechnologiessuchascloudcomputingvirtualizationmobilecomputingetc
TaRGETED OuTCOME
ReducedcostsofITcommodityservicesduetoincreaseduseofcloudcomputing andotherinnovativeservicedeliverymethods
Objective3IdentifyandfosteruseofgreentechnologytosupportenergyusereductiongoalsConsistentwiththeoverarchingstrategyofchangingthelandscapeofenergysupplyanddemandtheSecretaryhasestablishedenergyconsumptionreductiontargetsfortheagencyHistoricallyIToperationshavealwaysrequiredsignificantenergyinputsHowevernewtechnologiesandstrategiesareconstantlybeingdevelopedforenergyefficient ITserviceandoperations TheOCIOiscommittedtoidentifyingandleveragingnewtechnologyandtechniquestoensurethatITisasignificantcontributortothereductionofenergyconsumptionDepartment-wideTheOCIOispursuingactivitiestoimplementsoundITenergymanagementpracticesthatwillresultinreducedairconditioningcostsandsubstantialenergysavings
ESSENTIALACTIONS Promoteenergyconservationandpaperwastereductionbyraisingawarenessofpreferredalternativessuchassharedprintersandduplexprintingandtheuseofworkplacemulti-functiondevices
Reduce(metered)electricityconsumptiontoreflectofficeanddesktoppowermanagement ImproveDepartment-widepowermanagementofdesktopcomputersprintersetc IdentifyimproveddatacenterandspaceplanningthroughtheEnergySavingscontractandpublic-privatepartnerships
TaRGETED OuTCOME
ReducedDepartment-wideenergyconsumptionandintensitybyFY2015nolessthan30onaverageacrosstheentireDepartmentrelativetotheDepartmentrsquosenergyuseinFY2003
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 15of25
strategicgoals
33 Strategic Goal 3
Provide Departmental IT governance policy and oversight processes to ensure secure efficient and cost-effective use of IT resources
TheOCIOprovidesleadershipandcoordinationforDepartmentalITmanagementthrougheffectiveITgovernanceprovisioning of IT policy and the implementation of IT oversight processes related to enterprise architecture ITinvestmentmanagementandothercrosscuttingITfunctionsBypartneringwithDOEProgramsingovernanceandoversightprocessestheOCIOensuresthatITservicesandassetsremainalignedwithmissionneeds
Objective1ImplementandinstitutionalizeareformedintegratedinformationtechnologymanagementgovernanceprocessthattreatsMampOsdistinctivelydifferentthantruefederalentitiesTheOCIO is actively redesigning ITgovernancearound its strategicgoals andobjectivesanddoingawaywith thedisparateITgovernancemechanisms thatareoftenuncoordinatedand result inpoormanagement TheOCIO is rethinking itscurrentgovernancestructureandwill refocusandcoordinategovernancegroups toensureappropriateparticipationownershipandaccountability
ESSENTIALACTIONS ReviewandaddressITissuesusingtheappropriategovernancegroups IntegrateandalignexistinggovernancegroupsincludingtheInformationManagementGovernanceCouncilInformationTechnologyCouncilandassociatedworkinggroups
TaRGETED OuTCOME
Establishmentofcoordinatedgovernancegroupsandprocesseswithappropriateauthoritiesrolesandresponsibilities
16of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2EstablishandimplementrobustDepartmentalpolicyonITissues andappropriateIToversightprocessesAsadecentralizedDepartmentindividualProgramsandsitesacrosstheDOEcomplexperformtheacquisitionandmanagementofITresourcesTheOCIOisresponsibleforestablishingpolicyandstandardsandoverseeingDepartmentalITmanagementtotheappropriatedegreenecessarytoensureconsistencyinteroperabilityandsecurityImplementing IToversightprocessesensures that theDepartmentrsquosportfolioof IT investments fully addressDOErsquosbusinessneedsandstrategiesTheOCIOhassuccessfullyimplementedTechStataface-to-faceevidence-basedaccountabilityreviewofanITinvestmentresultinginconcreteactionstoevaluateITinvestmentsandtoaddressweaknessesandturnaroundtroubledinvestmentsTechStatisvitaltotheDepartmentrsquosabilitytoimproveline-of-sightbetweenteamsandseniormanagementandfacilitates closermanagement of IT project progresswith the ability to identify and address performance issues before theybecomecostlytofix
ESSENTIALACTIONS ReviewandupdateITpolicyandguidancetoaddresschangesinrequirements Identifyandaddressrequirementsfornewpolicyandguidanceinatimelymanner IdentifyHeadquarterandFieldinvestmentstobeincludedintheTechStatReviews ConductTechStatreviewsregularlyattheHeadquarterandProgramlevels MapOCIOpolicytointernalandexternalrequirements AddressgapstoensurethatasoundframeworkforITmanagementisestablished
TaRGETED OuTCOMES
Maintainedcompletedandup-to-datepolicyandguidanceonITacquisitionandmanagement EstablishedappropriateIToversightprocesses
IncreasedprecisionofongoingmeasurementofITinvestmenthealth Improvedaccountabilitywithfocusonconcreteactionstoimproveperformance
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 17of25
strategicgoals
Objective3RevitalizetherecordsmanagementprogramtoraisegeneralawarenessanddevelopplansTheDepartmenthasarenewedandreinvigoratedemphasisoncomprehensivefederalrecordsmanagementatDOEInaneraofrapidlychangingtechnologyrecordsarebeingcreatedandstoredinawidevarietyofformatsandmediaTraditionalprocessesofrecordsmanagementmustbeupdatedtoaddressthischangingenvironmentTheSecretaryofEnergyandtheDepartmentarededicatedtohavingacomprehensiverecordsmanagementprogramwherebythesystematiccontrolofthecreationmaintenancestorageanddispositionoffederalrecordsareensuredthroughtheestablishmentof andadherence to standardizedpoliciesprocesses and the trainingof federal staff andcontractors TheOCIOprovidesDepartmentalleadershipandcoordinationofthiseffort
ESSENTIALACTIONS DevelopaDepartmentRecordsManagementTacticalPlan Developarecordsinventoryanddispositionschedulelifecyclemanagementplan DevelopanddeployaDepartmentRecordsManagementTrainingcurriculum ProviderecommendationsfordocumentmanagementsystemsandRMAsystemscurrentlyavailable
TaRGETED OuTCOMES
EnsureduniformcompliancewithrecordsmanagementlawsandpracticesthroughDepartmentalrecordsmanagementgovernance UpdatedRecordsManagementpolicyviaanimprovedDOEOrder2431(B)thataddressespreviousshortcomingswithregardstorecordsmanagementandvitalrecordsgovernancemanagementandtraining
Developedcomprehensive(required)recordsmanagementtrainingthatensuresallDOEemployeesandcontractorsunderstandrecordmanagementrequirements ImplementRecordsManagementApplications(RMA) toensurethecontrolandmanagementofallldquopermanentrdquoandldquonon-permanentrdquorecordsacrosstheDepartmentincludinge-mail
Objective4EstablishstrongcooperativeinternalandexternalpartnershipsthatleadtoeffectiveinformationsharingandamutuallysupportiverelationshiptoachievingtheDOEmissionandapplicablefederalgoalsTheOCIOexercisesleadershipwithinandoutsidetheDepartmentthroughpartnershipsinsupportofAgencyandFederal-wideinitiativesSuchmutuallysupportivepartnershipsfostertrustandcommunicationandleadtotheidentificationofITmanagementbestpractices
ESSENTIALACTIONS EstablishmutuallysupportiverelationshipswithDOEProgramOfficesfunctionalmanagersandMampOCIOs Establishmutuallysupportiverelationshipswithotherfederalagencies
TaRGETED OuTCOMES
OCIOisarecognizedbusinesspartnerofDOEProgramOfficesfunctionalmanagersandMampOCIOs
ImprovedmanagementoffederalandprivatesectorpartnerinitiativessuchascloudcomputingIPv6andtheFederalRiskAuthorizationandManagementProgram(FedRAMP)
18of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
34 Strategic Goal 4
Strengthen Enterprise Situational Awareness to Foster Near-Real-Time Risk Management and Combat the Advanced Persistent Threat
Forge Interagency and Sector Partnerships to Protect Critical Infrastructure Promote Information Sharing and Advance Technologies for Cyber Defenses
TheDepartmentrsquosstrategicpathforwardforcybersecurityalignswithAdministrationprioritieswhichincludedeliveringsector-focusedcybersecuritysolutionstotheDefenseIndustrialBase(DIB)andprovidingleadershipintheexecutionoftheComprehensiveNationalCyberSecurityInitiative(CNCI)
We know that to achieve itsmissions DOEmust be forward-focused in defending its diverse infrastructure andbroadrangeofinformationassetsIncollaborationwithourNationalLaboratoriesandinter-agencypartnersweareleadingthetechnologicaladvancesnecessarytosecureoureconomicfutureanddefendGovernmentandcriticalinfrastructurefromincreasinglysophisticatedcyberattacks
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 19of25
strategicgoals
Objective1Implementaproactivecyberriskmanagementprogramthatensuresappropriateandcost-effectivesecuritytoenablemissionsandmeetlegalOMBandregulatoryrequirementsTheOCIOisleadingthedevelopmentoftheDepartmentrsquosRiskManagementApproach(RMA)fortheDepartmentrsquosCyberSecurityProgram(CSP)Thisapproachinstitutionalizesmission-focusedriskmanagementandlinemanagementaccountabilityforensuringappropriateprotectionofDOEinformationandinformationsystemsTheRMAandtheCSPrepresentanextensivecollaborativeeffortthatexemplifiestheDepartmentrsquosStrategicGoaltoldquoEstablishanoperationalandadaptableframeworkthatcombinesthebestwisdomofallDepartmentstakeholderstomaximizemissionsuccessrdquoTheRMAimplementsthefourcomponentsofriskmanagement(framingassessingrespondingandmonitoring)atallDOEorganizationlevelsTheOCIOpartnerswiththeOfficeofIntelligenceandCounterintelligence(IN)andtheIntelligenceCommunitytosharecriticalthreatinformationwiththeFederalcommunityacrosssecuritydomainsandrapidlyinformDOEprogramriskmanagementdecisionstoprotectagencyassetsTheOCIOwillcontinuetoexpandtheseeffortswhileleveragingadvancedresearchanddevelopmentcapabilitiestomitigatethefullspectrumofthreatsTheRMAdefinesgovernanceandprocessesfor assessingthreatsanalyzingrisksandsharingriskinformationthroughthecorporateriskexecutive informingrisk-baseddecisionsthatconsidermissionassuranceandcost-effectiveriskmitigationstrategiesprovidingtheappropriatebenefitfromavailablecybersecurityresourcesfirst
conveyingassuranceandconductingoversightand ensuringconsistencywithguidelinesfromtheNationalInstituteofStandardsandTechnology(NIST)andCommitteeonNationalSecuritySystems(CNSS)cyberrequirementsprocessesandprotections
TheRMAwillimplementautomatedenterpriseGovernanceRiskandCompliance(eGRC)capabilitiestoimprovedatacollectionaggregationand reportingThiseffortwill reducecosts re-direct resourcesandmanagement focus towardsoperationsandimproveOCIOcustomerservice
ESSENTIALACTIONS IdentifyanddocumentexistingRMAcapabilitiesincludingContractorAssuranceSystemssolutionsthatcouldbeleveragedinthetargetEnterprisecapability
FinalizeRMAmanagementplantoprograminputsfromSeniorDOEManagement ConductanddocumentRMAmaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimprovedRiskManagementdecisionsupport
TaRGETED OuTCOMES
Increasedresourceefficiencyandautomation Improvedsecuritypostureandenterprise situationalawareness
Increasedmissionassurancebetterinformed riskmanagementdecisions
20of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2ImplementacyberincidentmanagementprogramthatenhancessecurityoffederalandMampOnetworksandprovidesenterprise-widecoordinationandresponseThe OCIO is partnering with the NNSA OCIO the NationalLaboratoriesand INtodeveloptheDepartmentrsquosnextgenerationincidentmanagementcapabilityThis initiativeknownastheJointCyberSecurityCoordinationCenter(JC3)willintegrateDepartmentalincidentmanagementcapabilitiesintoacoordinatedresponseentitytoprovidefrontlinecyberdefenseandDepartment-levelsituationalawareness JC3 will strengthen DOErsquos role as a leader in thenational-level cybersecurity community through the timely sharingof DOE-derived cyber threat information with other agenciesJC3 will facilitate the aggregation correlation and deconflictionof inputs fromDepartment-wide sensor networks and other datasourcesprovidescomputer forensicanalysisandconductattacktrending tracking and mitigation of Advanced Persistent ThreatJC3 will coordinate incident management activities (Fxhibit 1)includingpreventiondetectioncontainmentandrecoveryforDOEElementsandcoordinatecommunicationsonbehalfoftheagencyfor cybersecurity events and emergency responsewithUS-CERTandagencypartners
ESSENTIALACTIONS IdentifyanddocumentexistingDOEIncidentManagementcapabilitiesincludingMampO-sponsoredsolutionsthatcouldbeleveragedintheJC3
DevelopJC3governancemodeltoincludeviableout-yearfundingmodel FinalizeprogrammanagementimplementationplanincludeplanforcoordinationofManagementExecutiveCouncil-DOECyberResearchandDevelopment(RampD)AdvanceTechnologiesinitiative
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimproveddecisionsupport
TaRGETED OuTCOMES
DocumentedenterprisebaselineofrequirementsmapexistingcapabilitiesincludingNationalLaboratoriesrsquoresourcesandexpertise ImprovedDOEenterpriseandGovernment-widecoordinationforresponsetosignificantcyberevents andAdvancedPersistentThreat
Improvedenterprise-wideeventmanagementreporting ImprovedleveragingofRampDandadvancedtechnologiestodetectandpreventcyberattacks
Preparationamp Prevention
Recover Era
dicat
e
ContainDet
ect
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
Figure1IncidentManagementLifecycle
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 21of25
strategicgoals
Objective3ImplementanenterprisecontinuousmonitoringstrategytocultivateactionableintelligenceandrapidlyinformmanagementactionOMBandFederalagencieshave increasingly recognized the limitedvalueofpoint-in-timesecurityauthorization for informingriskdecisionsandachievingeffectiveriskmanagementTheOCIOisleadingagencyeffortstodevelopContinuousMonitoring(CM)strategiesthatmoreeffectivelydirectandutilizeresourcesinprotectingagencyassetsThisCMprogramwillleveragetheRMAandshareOCIOeGRCcapabilitiestocultivateactionableintelligenceandenhancedecisionsupportfortheDOEanditsstakeholdersInimplementingtheCMprogramtheOCIOwill Identifyenterprise-levelCMinputsnecessarytobuildenterprisesituationalawarenessandinformriskmanagementdecisionsinnear-realtime(egthreatinformationstakeholdercommunicationflowsmissiondataetc)
Definetheprocessandperiodicityforreviewingandupdatingpoliciesstandardsandprocedurestomaintaincompliancewithcurrentstatutoryandregulatorydrivers
DescribehowCMdatawillbeaggregatedcorrelatedandanalyzedtoproduceactionableintelligenceandinformriskdecisionsincludingreporting
DevelopaCMImplementationPlanthat leveragesexistingresourcesfirst deploysinphasestocapturevaluequickly describesknowledgechainsandvaluepointsfororganization
AssessandmeasureprogrammaturitydevelopprocessesforcontinuousprogramimprovementtoincludeinnovationthroughRampDandadvancedtechnologiesoptimizationandlifecycleintegration
ESSENTIALACTIONS Identifyanddocumentgovernancecompliancerequirementsmodelsandprocessesthatimpactandcontributetocontinuousmonitoring
DevelopenterpriseCMStrategytoincludeincorporationofadvancedtechnologiesandinformationsharingwithinDOEorganizationsandexternallytotheFederalcommunity
ConductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyofCMStrategy
TaRGETED OuTCOMES
Integratedmulti-tiercontinuousmonitoringstrategythataddressesgovernanceenterpriseservicesandsystem-levelimplementation
AutomatedcommonreportingprocessforDOEHeadquartersProgramandSiteOffices InformedriskdecisionsusingcriticaldataflowsthatareidentifiedandincorporatedintoCMplans
22of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopmentNational workforce education and development initiatives such as the National Initiative for Cybersecurity Education (NICE)continue to underscore the critical importanceofwell-trained and capable cybersecurityworkforce to execute theprogramsthat support risk management and enable mission operations The OCIO is leading the enhancement of the Departmentrsquoscybersecurity trainingandworkforcedevelopmentprogram includingpartneringwithDepartmentofDefense to reducecostsbyleveragingtrainingresourcesThiseffortincludesamultiyearmulti-prongedapproachtowarddevelopingandmaintainingatrainingrepositorythatmapstrainingtocriticalcybersecurityrolesandindividualswithsignificantsecurityresponsibilitiesTheprogramiscentrallymanagedthroughtheOCIOandwillprovideafullscopeofadvancedtrainingresourcesandcapabilitiestoassistallDOEElements
ESSENTIALACTIONS DevelopenterpriseCybersecurityTrainingImplementationPlan Establishcommunicationsplantoensurecriticalrolesaremappedtoindividualsindividualtrainingplansareestablishedandcompletionratesaretracked
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyoftrainingprogram
TaRGETED OuTCOMES
Increasedworkforceawarenessandcapability improvedmitigationofinsiderthreat Improvedsecuritypostureandworkforcealignment withmissionpriorities
Identificationofkeycybersecurityroleswithineachorganizationincludingdocumentationofindividuals withsignificantsecurityresponsibility
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 23of25
appendix
Appendix A Strategic Initiatives
IdentityCredentialampAccessManagement(ICAM)This initiative establishes a framework for implementation of a variety ofidentity verification and access management capabilities It addressesrequirements related to HSPD-12 and enhances existing Public KeyInfrastructure (PKI) capabilities These key technologies enable theexchangeoftrustedidentitiesacrossDOEandwithotheragencypartnersHSPD-12 - This investment brings the Department in compliance withHomeland Security Presidential Directive 12 The initiative provides anenterprisestandards-basedauthenticationandauthorizationinfrastructurethatofferssecureseamlessbusinesstransactionsandinformationexchangewithinDOEandacrossmanydisparateagenciesandorganizationsTheprogramwillreduceexistinglogicalandphysicalsecurityvulnerabilitiesandmitigate risks toestablish theprerequisite levelofsecurity forcriticalenterprisebusinessfunctionsBoththetechnologysolutionsandongoingsupport providedby the initiativewill enableDOE to ensure that systemusers are who they claim to be (authentication) allow effective use ofdigitalsignatures(dataintegrityandaccountability)andrestrictaccesstoappropriatelyauthorizedusers(accesscontrol)PKI -ThemissionofPKISupportServicesistoprovideelectronicservicesrelated to authentication confidentiality privacy data integrity and non-repudiationthroughtheuseofdigitalidentitiesdigitalsignaturesandtwo-factorauthenticationtokensTheseservicesareavailabletoallcustomersthathaveavalidbusinessneedtosecureandtransmitsensitiveDepartmentdataandortherequirementtopositivelyidentifythemselvestoDepartmentresources
TaRGETED OuTCOMES ProvideastandardizedDOEIDCardcompliantwithHSPD-12andcapableofsupportingphysicalandlogicalaccessrequirementssuchascryptographicstorageofdigitalcredentialsintegratedstandards-basedbuildingproximitysupportandaprintedformatthatcomplieswithfederalIDcardrequirements EnhanceapublickeyinfrastructuresolutionthatcomplieswithfederalstandardsandsupportsDOErequirementsforconfidentialityintegrityandauthenticity ImplementanIIdentityCredentialandAccessManagementsolutionthatservesasthebasisofacommonsecurityinfrastructurethatcansupportdiversesystems EnsureDOEpublicexternalfacingserversand(web-enabled)servicestouseIPv6bytheendofFY2012
SustainabilityandFederalDataCenterConsolidationInitiativeThis initiative addresses requirements under the Federal Data CenterConsolidation Initiative (FDCCI) anOMB led initiative to consolidate andreducethenumberoffederaldatacentersItalsosupportsDepartmentalenergy reduction and sustainability goals as documented in the DOEStrategicSustainabilityPerformancePlanDatacenterreductiongoalswillbeachievedthroughincreasedefficienciessuchastheuseofvirtualizationconsolidation of requirements and implementation of increased use ofcloudcomputinginfrastructureasaservice
TaRGETED OuTCOMES ReducethenumberofDOEfederaldatacentersby6by2015
PerformanceManagementDashboardsThePerformanceManagementDashboards initiativeworkswithProgramOffices to develop business intelligence systems that inform seniorDOEmanagement about the effectiveness and efficiency of its program andfinancials This initiative also includes the development of Science ampTechnology in Americarsquos Reinvestment Metrics (STAR METRICS) formeasuring the effect of research on innovation competitiveness andscienceWhilethisinitiativeisintheearlystagesthegoalistouseProgramOfficeintelligencesystemstoleveragecontractorassurancesystemsandimprovethetransparencyofMampOcontractorperformance ThiswillprovideDOESenior Management visibility into contractor project performance muchearlierenablingimprovedperformancemanagement
TaRGETED OuTCOMES EstablishDOEintelligencesystemsthatprovidetransparencyandvisibilityintoprogramandfinancialperformance ProvideSeniorDOEManagementtimelyperformanceinformationtosupportdecision-makingviathePerformanceDashboards
24of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
appendix
FinancialAssistanceThe US Department of Energy (DOE) provides a significant amount offinancialassistancetosupportinnovationandprogressforAmericarsquosenergyscientificandnationalsecurityneedsevaluatingthousandsofapplicationseachyearandawardingbillionsofdollarsinfinancialassistanceDuetotheimportanceofDOErsquosinvestmentsandtheimpactofourresearchportfolioinsupportingournationalobjectivesandDOErsquosstrategicplantheDOEDeputySecretaryandOperationsManagementCouncildirectedtheOCIOtoconductanevaluationoffinancialassistancesystemswithinDOEto determine the scope of the opportunity to modernize the underlyingsystemsand services in support of financial assistanceprogramsat theDepartmentCurrentlyDOEreliesonamixofsystemsandprocessestoadministerfinancialassistanceawardsrangingfromin-housetooutsourcedproducts and has no single system or tool tomanageDOErsquos completeinvestmentportfolioAsaresulttheOCIOhasevaluatedfinancialassistancetechnologysolutionstoidentifyanoptimalapproachcontinuingourroleofprovidingtechnologyleadershippromotinginnovationandeffectiveoperationsacrossDOETherecommendationspromoteamoreintegratedenvironmentforcoordinatingexecutive insight into thefinancialassistanceactivitiesat thedepartmentandenablegreatertransparencyIn addition the effort promotes DOErsquos federal leadership initiatives suchas the STAR METRICS program which provides a common empiricalframeworktoidentifyoutcomesofresearchinvestmentsandpromotestheDepartmentrsquoscommitmenttoscienceandinnovation
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)TransitionThe IPv6 Transition initiative ensures DOE infrastructure and applicationlifecyclemanagement is aligned with the technical imperative and OMBdirectiontopreparefederalagenciestouseInternetProtocolVersion6by2014(OMBMemorandum92810)Agencydeadlinesinclude Upgradepublicexternalfacingserversandservices bytheendofFY2012
UpgradeinternalclientapplicationsbytheendofFY2014
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummitsTheOCIOhostsaseriesofsummitsfocusedonadvancedtechnologyandinnovationeffortsacrosstheDepartmentanditspartnerstohighlightwaysinwhichtheseactivitieshelpussucceedinourmissionandcontributetosuccessoftheNationrsquosgoalsandgrandchallengesThiseffortcontinuestheOCIOrsquosroleofpromotinginnovationshowcasingtechnologyleadershipandidentifyingopportunitiestomodernizeservicesandleveragethepowerof itThrough these types of forums opportunities are communicated anddiscussedinanopencollaborativeenvironmentandinitiativesacrossDOEcanbebroughttogethertopromotecollaborationandinformationsharingIndividuallysummitsprovidetopical-baseddiscussionsusecasesandbestpractices thatare linkedtoDOEandtheOCIOrsquoscontinualmodernizationandtechnologyreuseinitiativesandcreategreaterawarenessofthewaysweengageinourmissionOrganizationsparticipate fromacross theDOEenterprise includingotherfederalagenciesaswellaspublicandprivatepartnersandthesediscussionsprovide an opportunity to share stores and success helping identifycommonalitiesaswell asanunderstandingof theuniquecircumstancesencounteredbyindividualmissionsandoffices
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 25of25
appendix
FinancialAssistance
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)Transition
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummits
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
Appendix B List of Acronyms
ARB ArchitectureReviewBoardBRM BusinessReferenceModelCAM CorporateAssetManagementCampA CertificationandAccreditationCFO ChiefFinancialOfficerCIO ChiefInformationOfficerCHRIS CorporateHumanResource
InformationSystemCNCI ComprehensiveNational
CybersecurityInitiativeCNSS CommitteeforNationalSecuritySystemsCOTS CommercialOfftheShelfCPIC CapitalPlanningandInvestmentControlCRB CorporateReviewBudgetDIB DefenseIndustrialBaseDoe Department of energyEA EnterpriseArchitectureEATP EnterpriseArchitectureTransitionPlanEAWG EnterpriseArchitectureWorkingGroupEITS EnergyITServicesESNet EnergyScienceNetworkEVM EarnedValueManagementEWA EnterpriseWideAgreementEWSS Energy-WideStrategicSourcingFDCCI FederalDataCenterConsolidationInitiativeFEA FederalEnterpriseArchitectureFEDRAMP FederalRiskandAuthorization
ManagementProgramFFP FirmFixedPriceFGDC FederalGeographicDataCommitteeFISMA FederalInformationSecurity
ManagementActGLoB GeospatialLineofBusinessGPEA GovernmentPaperworkEliminationActGSA GeneralServicesAdministrationGSP GeospatialScienceProgramHSPD HomelandSecurityPresidentialDirectiveIDEA InnovativeDepartmentofEnergy
E-GovernmentApplicationsICAM IdentityCredentialampAccessManagementICPT IntegratedContractorPurchasingTeamIM InformationManagementI-MANAGE IntegratedManagementNavigationSystemIOAampT InfrastructureOfficeAutomation
andTelecommunicationsIPT IntegratedProjectTeamIPv6 InternetProtocolVersion6IRM InformationResourcesManagementIT InformationTechnologyLOB LineofBusinessMampO ManagementandOperatingNICE NationalInitiativefor
CybersecurityEducationNIST NationalInstituteofStandards
andTechnologyNNSA NationalNuclearSecurityAdministrationOCIO OfficeoftheChiefInformationOfficerOMB OfficeofManagementandBudgetOampM OperationsandMaintenancePKI PublicKeyInfrastructurePOAampM PlanofActionandMilestonesRMA RecordsManagementApplicationSPI SpectrumPolicyInitiativeSSP SharedServiceProviderSTAR ScienceampTechnologyin
AmericarsquosReinvestment
6of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
doestrategy overview
10 DOE Strategy Overview
11 Department of Energy Mission and Goals
ThemissionoftheDepartmentofEnergy(DOE)istoensureAmericarsquossecurityandprosperitybyaddressingitsenergyenvironmentalandnuclearchallengesthroughtransformativescienceandtechnologysolutionsGoal 1 Transform Our Energy Systems Catalyze the timely material and efficient transformation of the nationrsquos energy system and secure US
leadershipincleanenergytechnologies
Goal 2 The Science and Engineering Enterprise MaintainavibrantUSeffortinscienceandengineeringasacornerstoneofoureconomicprosperitywithclear
leadershipinstrategicareas
Goal 3 Secure Our Nation Enhancenuclearsecuritythroughdefensenonproliferationandenvironmentalefforts
Goal 4 Management and Operational Excellence Establish an operational and adaptable framework that combines the best wisdom of all Department
stakeholderstomaximizemissionsuccess
InFY2011theDepartmentupdateditsStrategicPlanTheDepartmenthasfurtherintegratedtheStrategicPlanrsquoslong-termand intermediategoals into itsannualperformancebudget ThisperformancestructureestablishesaconcretelinkbetweentheStrategicPlanrsquosgoalsandtheDepartmentrsquosannualbudgetperformancemetricsandperformancereporting
12 Organization of the Department
The mission of the Department is carried out by National Laboratories and technology centers Power MarketingAdministrationsProgramOfficesStaffOfficesoperationsandfieldorganizationstheEnergyInformationAdministrationandtheNationalNuclearSecurityAdministrationSupportingtheseentitiesareover100000federalemployeesandsupportcontractorsDOErsquosorganizationalstructureisdecentralizedandalignedwithitsmultiplemissionsDepartmentseniormanagementprovidesstrategicplansEAplansandguidancetoProgramOfficestoguideprogramplanningdecision-makingandinvesting ProgramOfficialsare responsible foracquiringand implementingapprovedprogramsand investments toachieveperformancegoalsInthiswaytheDepartmentensuresthatwithinthedecentralizedorganizationalstructurealldecisionsandactivitiescontinuetosupporttheoverallstrategicgoalsoftheorganization
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 7of25
ociostrategy overview
20 OCIO Strategy Overview
21 Office of the Chief Information Officer Mission and Goals
ThemissionoftheOfficeoftheChiefInformationOfficer(OCIO)istoenabletheDepartmentofEnergyrsquosurgentmissionsinenergyscienceandnuclearsecuritythroughthepowerofinformationandtechnologyinamannerthatbalancesriskwithrequiredoutcomesinprogramsthatspanfromopensciencetonationalsecurityDOEpromoteseffectiveoperationsbyencouragingperformance-basedmanagementandfacilitatingtherestructuringofmission-andbusiness-relatedprocesseswhereappropriatebeforemakingsignificantITinvestmentstoimprovetheperformanceandcost-effectivenessof theDepartmentrsquos informationmanagementactivities Inaddition theOCIOrsquosOfficeofCybersecurityimplementsandmaintainsacomprehensivecybersecurityprogramthatiseffectiveacrossDOErsquosdiversemissionsandlargearrayofinterdependentnetworksandinformationsystems
Strategic Goal 1 Leverage Existing IT Leverageexistinginformationtechnologyandexpertisetomaximizemissionaccomplishmentand
reducecosts
Strategic Goal 2 Foster New and Emerging IT Identifyandfosternewandemerginginformationtechnologytomaximizemissionaccomplishment
andreducecosts
Strategic Goal 3 IT Governance Policy and Oversight Processes ProvideDepartmentalITgovernancepolicyandoversightprocessestoensuresecureefficientand
cost-effectiveuseofITresources
Strategic Goal 4 Risk-Based Cybersecurity Strengthenenterprisesituationalawarenesstofosternear-real-timeriskmanagementandcombat
the advanced persistent threat forge interagency and sector partnerships to protect criticalinfrastructurepromoteinformationsharingandadvancetechnologiesforcyberdefenses
22 Vision
TheChiefInformationOfficerrsquos(CIO)visionistobetherecognizedpartnerthatbringstechnologyandprogramstogethertounleashthepowerofinformationinachievingtheDOEmission
23 Goal Alignment
InaccordancewithOMBCircularA-130theOCIOstrategicplansupportstheDepartmentrsquosstrategicgoalsanddirectionThetableonpage8showsthealignmentoftheOCIOstrategicgoalstotheDepartmentrsquosfourstrategicgoalsTheOCIOgoalsareeitherdirectlyalignedorasignificantenablerforeachstrategicgoalAdirectalignmentisbasedonaclearlinkagebetweenthecontributionofOCIOgoalstotheaccomplishmentofamissionandanindirectalignment(notedascrosscutting)reflectslinkageswhereOCIOgoalscreatethetechnologicalorinformationsharingenvironmentwithinwhichastrategicmissionorgoalisaccomplished
8of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
ociostrategy overview
AlignmentofOCIOStrategicGoalstoDOErsquosStrategicGoals
DOE Goals
OCIO Goals
Transform Our Energy Systems
The Science and Engineering
Enterprise
Secure Our Nation
Management and Operational
Excellence
Leverage Existing IT DirectCrosscutting
DirectCrosscutting
DirectCrosscutting Direct
Foster New and Emerging IT DirectCrosscutting
DirectCrosscutting
DirectCrosscutting Direct
IT Governance Policy and Oversight Processes
DirectCrosscutting
DirectCrosscutting
DirectCrosscutting Direct
Risk-Based Cybersecurity Direct Direct Direct Direct
24 Target Opportunities
TheOCIOusesstrategicplansandothermanagementtoolstoensurethatITdecisionsmanagementresponsibilitiesandaccountabilityarepositionedtomeettheDepartmentrsquospresentandfutureneedsCoordinated with strategic planning the OCIO uses Departmental processes such as Enterprise Architecture (EA)ITCapitalPlanningand InvestmentControl (CPIC)andtechnologyassessmentprogramsto identifyopportunities toleveragebothexistingandnewtechnologiestosupportDepartmentgoalsTheseprocessesaimtoreduceperformancegapsintheoverallITportfoliobyretiringobsoletesystemsdevelopingnewsolutionsthatprovideimprovedperformanceandsupportingthedevelopmentofreusableapplicationcomponentsThisOCIOStrategicPlanhighlightskey initiativesandthepathforwardWithsuccessful implementationtheactionsdescribedinthisplanwillenabletheDepartmenttobestselectalignandmaximizeitsITresourcestofulfillDOEmission
25 IT Investment Portfolio
EachyeartheDepartmentselectsITinvestmentsthatmeetmissionneedscloseperformancegapsalignwithEAplansandalignwithexternaldriverssuchasOMBrsquos25PointImplementationPlantoReformFederalInformationTechnologyManagementThetablebelowshowsthebreakoutofDOErsquosBudgetYear(BY)2012ITportfoliobasedonDOEstrategicgoals
DOETotalITPortfolioBY2012
DOE Strategic Goal
Total Portfolio Funding
Dollars (in Millions) Percentages
Transform Our Energy Systems 13851 74
The Science and Engineering Enterprise 59406 318
Secure Our Nation 113010 604
Management and Operational Excellence 798 04
Total 187064 1000
As indicatedabove100percentofDOErsquosBY2012portfoliodirectlysupports the fourDOEstrategicgoals The ITportfolioischaracterizedbyawidearrayofinitiativesranginginsizeandsophisticationallofwhichareaimedatmissionaccomplishmentimprovedoperationalefficiencyandsupportofcrosscuttingDepartmentprioritiessuchassustainability
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 9of25
strategicgoals
30 OCIO Strategic GoalsTheOCIOhasITstrategicgoalsandobjectivesthatdriveachievementinDOEmissionandstrategicgoalsupport
Strategic Goal 1 Leverage existing information technology and expertise to maximize mission accomplishment and reduce costs
Objective1 ImplementasecureDOEfederalinfrastructurebyimprovingITservicesintoa best-in-classproviderfrombothatechnicalandbusinessperspective
Objective2 Developacomprehensivebusinessmanagementandcontractingstrategytoreducethecomplexityandimprovetheagilityofinternalandexternalsupportcontracts
[25PointImplementationPlanforFederalITReform]
Objective3 GeneratesubstantialsavingswithinOCIOandacrossDOEthroughtheimplementationofacomprehensiveenterpriseITconsolidationandsustainabilityplan
[DOEStrategicSustainabilityPerformancePlanExecutiveOrder1351425PointImplementationPlanforFederalITReform]
Objective4 Establishthehumancapitalandorganizationalfoundationtocreateahigh-performingorganization [25PointImplementationPlanforFederalITReform]
Strategic Goal 2 Identify and foster new and emerging information technology to maximize mission accomplishment and reduce costs
Objective1 Establishaformalsustainablefederaltechnologydeploymentprogram
Objective2 Identifyandleverageinnovativeservicedeliverymethods [FederalCloudFirstPolicy25PointImplementationPlanforFederalITReform]
Objective3 Identifyandfosteruseofgreentechnologytosupportenergyusereductiongoals [DOEStrategicSustainabilityPerformancePlanExecutiveOrder13514]
Strategic Goal 3 Provide Departmental IT governance policy and oversight processes to ensure secure efficient and cost-effective use of IT resources
Objective1 ImplementandinstitutionalizeareformedintegratedinformationtechnologymanagementgovernanceprocessthattreatsMampOsdistinctivelydifferentthantruefederalentities
Objective2 EstablishandimplementrobustDepartmentalpolicyonITissuesandappropriateIToversightprocesses [Clinger-CohenActDOEOrder2001AOMBCircularsA-11amp130]
Objective3 Revitalizetherecordsmanagementprogramtoraisegeneralawarenessanddevelopplans [FederalRecordsActPaperworkReductionActDOEOrders2431amp243236CFRChapterXIISubchapterB]
Objective4 EstablishstrongcooperativeinternalandexternalpartnershipsthatleadtoeffectiveinformationsharingandamutuallysupportiverelationshiptoachievingtheDOEmissionandapplicablefederalgoals
Strategic Goal 4 Strengthen enterprise situational awareness to foster near-real-time risk management and combat the advanced persistent threat forge interagency and sector partnerships to protect critical infrastructure promote information sharing and advance technologies for cyber defenses
Objective1 Implementaproactivecyberriskmanagementprogramthatensuresappropriateand cost-effectivesecuritytoenablemissionsandmeetlegalOMBandregulatoryrequirements
[FederalInformationSecurityManagementActDOEOrder2051B]
Objective2 ImplementacyberincidentmanagementprogramthatenhancessecurityoffederalandMampOnetworksandprovidesenterprise-widecoordinationandresponse
[FederalInformationSecurityManagementActDOEOrder2051B]
Objective3 Implementanenterprisecontinuousmonitoringstrategytocultivateactionableintelligenceandrapidlyinformmanagementaction
[FederalInformationSecurityManagementActDOEOrder2051B]
Objective4 Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopment [NationalInitiativeforCybersecurityEducation]
10of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
31 Strategic Goal 1
Leverage existing information technology and expertise to maximize mission accomplishment and reduce costs
The OCIO has established comprehensive functions to address policy people and processes related to ITmanagementByworkingfromasoundorganizationalfoundationandfocusingoncontinuousimprovementtomeetnew challenges theOCIOwill leverage an array of existing resources including human capital contractual andorganizationalprocessestoensureeffectiveITmanagementandstrongmissionsupportthroughouttheDepartmentDescriptionsoftargetedoutcomesandactionsrelatedtothisgoalaredescribedbelow
Objective1ImplementasecureDOEfederalinfrastructurebyimprovingITservicesintoabest-in-classproviderfrombothatechnicalandbusinessperspectiveTheOCIOOfficeforEnergyITServices(EITS)hastheresponsibilitytoprovidesharedandcrosscuttingITinfrastructuretothefederal community including theDOE-wide network servers for application anddata hosting secure internet access e-mailservicesfederaldesktopsandhelpdesksupportTheEITSteamworkstoprovideefficientlowcostservicesconsistentwithservicelevelagreementsinplacewithcustomersfromacrosstheDepartmentEITSisfocusedonbecomingtheDOEcommodityservicesproviderofchoice
ESSENTIALACTIONS DevelopanddeployavirtualdesktopinfrastructurecapableofsupportingallDOEfederaldesktopsimprovingtheinterconnectivitybetweenfederalandMampOinformationresourcesandprovidingdevice-agnosticconnectivity
Developafive-yearenterprisetechnologyroadmapthatoutlinesanear-andlong-termtechnologymigrationpathforfutureEITSservices
TaRGETED OuTCOMES
AstandardizedsimplifiedfederalITinfrastructure Reducednumberofcomponentsrequiredtooperate Reducednumberofinfrastructuresitesandfacilities
Strengthenedcybersecurity Sharedservices Increasedoperabilityandefficiency
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 11of25
strategicgoals
Objective2DevelopacomprehensivebusinessmanagementandcontractingstrategytoreducethecomplexityandimprovetheagilityofinternalandexternalsupportcontractsTheOCIOrsquosbusinessmanagementandcontractingstrategywillhavetwomajorelementsestablishinganOperationalInformationTechnologyServices (OITS) contract by late FY (Fiscal Year) 2011and continuedoptimizationof the currentEnterpriseWideAgreements(EWA)ProgramAspartofanoverallITacquisitionframeworktheOCIOseekstoleveragethecostsavingsandmanagementefficienciesthatresultfromacquiringandmanagingcommodityITproductsandservicesaswellascommerciallyavailablesoftwareonagovernment-wide basis Contract administration efficiencies are achieved by reducingmultiple contracts to one and improved pricing isobtainedbyleveragingtheDepartmentrsquostotalbuyingpowerTheOITScontractwillbeestablishedinFY2011toconsolidateandoptimizecommodityITservicesthroughouttheDOEcomplexEmphasiswillbeplacedonmaximizinguseofthiscontracttodecreasetheDOErsquosITtotalcostofownershipThiscontractwillalsobestructuredtominimizesubcontractingThe OCIOrsquos EWA Program is a collection of optional-use strategic sourcing contracts for common-use software hardwareandservicesusedwithin ITorganizationsacross theDepartment TheEWAProgram isstructuredtoallowuseby theentireDOEcomplexincludingDOEProgramOfficesStaffOfficesFieldSitesNationalLaboratoriesandPowerAdministrationsandsupportsandcomplieswiththeEnergy-WideStrategicSourcing(EWSS)ProgramFederalSmartBUYinitiativeClinger-CohenActandotherlegislativeandDOEpolicies
ESSENTIALACTIONS DriveincreaseduseofboththeOITScontractandtheEWAProgramthroughanaggressive stakeholdercommunicationsandmanagementprogram
Reduceadministrativecostofadministeringcontractsbydocumentingandautomatingprocesses OptimizetheEWAprogramtocreatemorecosteffectiveoptionsforourcustomers AwardnewITsupportservicescontractforcurrentIT
TaRGETED OuTCOMES
MaximizedbuyingpowerandreducedtotalcostofITownershipbyattainingoptimalpricingthroughtheaggregationofsoftwarerequirements
StreamlinedacquisitionprocesstoincreaseITcontractadministrationefficienciesthroughconsolidationopportunitiesoflegacyITcontractsintosinglecontractvehiclesandenterpriselicenseagreements
Objective3GeneratesubstantialsavingswithinOCIOandacrossDOEthroughtheimplementationofacomprehensiveenterpriseITconsolidationandsustainabilityplanByconsolidatingITinfrastructureasdirectedintheFederalDataCenterConsolidationInitiative(FDCCI)andthroughthecontinuedimplementation and evolution of the Departmentrsquos Strategic Sustainability Performance Plan (SSPP) the Departmentwill cutcostswhilereducingitscontributionoffederalgreenhousegasesTheSSPPcontainselectronicstewardshipgoalsthatfocusonconsolidatingandreducingdatacentersandimplementingimprovementsintheenergyuseatdatacentersTheOCIOhasDepartmentalleadershipresponsibilityfortheseeffortsandispursuingactivitiestoconsolidateITservices
ESSENTIALACTIONS LeadaDepartment-wideefforttoidentifyandconsolidatecommodityITservices Developandimplementafederaldatacentermodernizationandconsolidationplan Reducethenumberoffederaldatacentersbysix(6)byFY2015
TaRGETED OuTCOMES
Reducednumberofdatacenters Reducedrealestatefootprint Reduceddatacentercosts
Realizedenergysavings Increasedresource-utilizationrates ReducedcostsofcommodityITservices
12of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Establishthehumancapitalandorganizationalfoundationtocreate ahigh-performingorganizationTheOCIOrecognizesthestrategicmanagementchallengerequiredtohireandretainahighly-skilledITworkforceandisworkingtoaddressthecriticalityofstrengtheninghumancapitalasadriverfororganizationaleffectivenessTheOfficeofManagementandBudget(OMB)hasidentifiedaspecifichuman-capitalinitiativethatisdirectedtowardaligningaprofessionalworkforceinsupportofaDepartmentrsquosmissiongoalsandstrategiesTheOCIOhasdevelopedrecruitmentrequirementstofocuseffortsonidentifyingqualifiedcandidateswhoareabletoeasilyadapttochangesbroughtaboutbynewtechnologiesandiscurrentlyidentifyinggapsinskillsandabilitiesofthecurrentworkforcedevelopinghiringplanscreatingtrainingandprofessionaldevelopmentplansanddocumentingnewefficientbusinessprocessesInadditioninitiativeshavebeenimplementedtofocusonmaximizingemployeeperformancebyinstitutingdevelopmentprogramsandenrichmentopportunitiesthatmotivateandinspireemployeesTheOCIOwillcontinuetorecruitandretainnewtalentforcriticalmanagementandmission-criticalpositionsinordertoachievekeyobjectivesAspartofitsstrategicplanningtheOCIOhasestablishedrolesandresponsibilitieshigh-levelprocessflowsandanorganizationstructuretopositionitselftobecomeahigh-performingorganization
ESSENTIALACTIONS Leveragepasteffectivenessefficiencyreviewsandneworganizationalandskillsassessmentstoidentifyplan andimplementchangestorolesresponsibilitiesandreportingrelationships
Re-alignexistingpersonnelresourcestomoreeffectivelymatchexistingskillstorequirements Rapidlyhiretop-qualitypersonnelasgapsareidentifiedparticularlyseniorstaffpositions Strengthenperformance-basedpersonnelmanagement Implementanewperformance-managementsystemtobetterrecognizeandrewardsuperiorperformance ensuringahigh-performingandaccountableworkforce
Implementaperformanceframeworkforaccountabilityattheemployeelevel Implementacomprehensivetrainingprogramtocloseskillgapsandsustaintechnicalcompetence
TaRGETED OuTCOMES
AlignedworkforceskillstoDOEmissionsandpriorities Increasedprofessionaldevelopmentwithin thefederalworkforce
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 13of25
strategicgoals
32 Strategic Goal 2
Identify and foster new and emerging information technology to maximize mission accomplishment and reduce costs
ThisstrategicgoalidentifiestheareasoffocusandtheprocessesbywhichnewandemergingtechnologyisassessedandcanbecomeanenablertoachievingtheDOEmissionTheOCIOrsquosroleinthisareaistosupportProgramsacrosstheDepartmenttoidentifyandfostertheacquisitionanduseofemergingITtoleveragenewcapabilitiesandrethinkhowtomanagecommunicateandinteractwithdepartmentalinformation
Objective1EstablishaformalsustainablefederaltechnologydeploymentprogramTheOCIOprovidesexpertiseand leadership topartnerorganizationsacross theDepartment in the identificationofnewandemergingtechnologythatisusefulinsupportingthemissionTosupportthisfunctionaChiefTechnologyOfficerhasbeenplacedandanOCIOOfficeofCorporateProjectshasbeenstooduptocoordinatepartnershipoutreachandtechnologyresearchefforts
ESSENTIALACTIONS Developandimplementatechnologyinnovationprocesstoensurewell-formedinputandhandoffs toITactivitiesacrosstheDepartment
DefineaprocessforeffectivelymanagingprojectswithintheOCIO RefinetheDOEITStrategicRoadmapprocess ExpandtheOCIOrsquostechnologyoutreachandleadershipviaaseriesofsummits
TaRGETED OuTCOMES
Reducedcostofmissionaccomplishmentsduetomoreproductivetoolsandprocesses
Improvedknowledgesharing
14of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2IdentifyandleverageinnovativeservicedeliverymethodsTheOCIOcontinuallymakesanefforttoprovidenecessarymissionsupportatthelowestpossiblecostandinthemosttransparentmannerByleveraginginnovativeservicedeliverymethodssuchason-demandinfrastructureviacloudcomputingtheDepartmentgainsflexibilityinmissionsupportatlowpredictablecostsTheDepartmentrsquoscloudcomputinginitiativeisfollowingtheFederalGovernmentrsquoscloudcomputingdirectionforpursuingcloudasthepreferredchoiceincapitalprojectsThisinitiativealsosupportstheFederalRiskandAuthorizationManagementProgram(FEDRAMP)certificationofprivatesectorcloudalternativesThisinitiativeiscloselylinkedtootherinitiativesincludingsustainabilityanddatacenterconsolidation
ESSENTIALACTIONS IdentifyandevaluateservicedeliverymethodsforuseatDOE Implementcloudcomputingservicedelivery Identifyandprovidebestpracticesincloudcomputingacquisition Developasourcingstrategyforinnovativeandemergingtechnologiessuchascloudcomputingvirtualizationmobilecomputingetc
TaRGETED OuTCOME
ReducedcostsofITcommodityservicesduetoincreaseduseofcloudcomputing andotherinnovativeservicedeliverymethods
Objective3IdentifyandfosteruseofgreentechnologytosupportenergyusereductiongoalsConsistentwiththeoverarchingstrategyofchangingthelandscapeofenergysupplyanddemandtheSecretaryhasestablishedenergyconsumptionreductiontargetsfortheagencyHistoricallyIToperationshavealwaysrequiredsignificantenergyinputsHowevernewtechnologiesandstrategiesareconstantlybeingdevelopedforenergyefficient ITserviceandoperations TheOCIOiscommittedtoidentifyingandleveragingnewtechnologyandtechniquestoensurethatITisasignificantcontributortothereductionofenergyconsumptionDepartment-wideTheOCIOispursuingactivitiestoimplementsoundITenergymanagementpracticesthatwillresultinreducedairconditioningcostsandsubstantialenergysavings
ESSENTIALACTIONS Promoteenergyconservationandpaperwastereductionbyraisingawarenessofpreferredalternativessuchassharedprintersandduplexprintingandtheuseofworkplacemulti-functiondevices
Reduce(metered)electricityconsumptiontoreflectofficeanddesktoppowermanagement ImproveDepartment-widepowermanagementofdesktopcomputersprintersetc IdentifyimproveddatacenterandspaceplanningthroughtheEnergySavingscontractandpublic-privatepartnerships
TaRGETED OuTCOME
ReducedDepartment-wideenergyconsumptionandintensitybyFY2015nolessthan30onaverageacrosstheentireDepartmentrelativetotheDepartmentrsquosenergyuseinFY2003
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 15of25
strategicgoals
33 Strategic Goal 3
Provide Departmental IT governance policy and oversight processes to ensure secure efficient and cost-effective use of IT resources
TheOCIOprovidesleadershipandcoordinationforDepartmentalITmanagementthrougheffectiveITgovernanceprovisioning of IT policy and the implementation of IT oversight processes related to enterprise architecture ITinvestmentmanagementandothercrosscuttingITfunctionsBypartneringwithDOEProgramsingovernanceandoversightprocessestheOCIOensuresthatITservicesandassetsremainalignedwithmissionneeds
Objective1ImplementandinstitutionalizeareformedintegratedinformationtechnologymanagementgovernanceprocessthattreatsMampOsdistinctivelydifferentthantruefederalentitiesTheOCIO is actively redesigning ITgovernancearound its strategicgoals andobjectivesanddoingawaywith thedisparateITgovernancemechanisms thatareoftenuncoordinatedand result inpoormanagement TheOCIO is rethinking itscurrentgovernancestructureandwill refocusandcoordinategovernancegroups toensureappropriateparticipationownershipandaccountability
ESSENTIALACTIONS ReviewandaddressITissuesusingtheappropriategovernancegroups IntegrateandalignexistinggovernancegroupsincludingtheInformationManagementGovernanceCouncilInformationTechnologyCouncilandassociatedworkinggroups
TaRGETED OuTCOME
Establishmentofcoordinatedgovernancegroupsandprocesseswithappropriateauthoritiesrolesandresponsibilities
16of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2EstablishandimplementrobustDepartmentalpolicyonITissues andappropriateIToversightprocessesAsadecentralizedDepartmentindividualProgramsandsitesacrosstheDOEcomplexperformtheacquisitionandmanagementofITresourcesTheOCIOisresponsibleforestablishingpolicyandstandardsandoverseeingDepartmentalITmanagementtotheappropriatedegreenecessarytoensureconsistencyinteroperabilityandsecurityImplementing IToversightprocessesensures that theDepartmentrsquosportfolioof IT investments fully addressDOErsquosbusinessneedsandstrategiesTheOCIOhassuccessfullyimplementedTechStataface-to-faceevidence-basedaccountabilityreviewofanITinvestmentresultinginconcreteactionstoevaluateITinvestmentsandtoaddressweaknessesandturnaroundtroubledinvestmentsTechStatisvitaltotheDepartmentrsquosabilitytoimproveline-of-sightbetweenteamsandseniormanagementandfacilitates closermanagement of IT project progresswith the ability to identify and address performance issues before theybecomecostlytofix
ESSENTIALACTIONS ReviewandupdateITpolicyandguidancetoaddresschangesinrequirements Identifyandaddressrequirementsfornewpolicyandguidanceinatimelymanner IdentifyHeadquarterandFieldinvestmentstobeincludedintheTechStatReviews ConductTechStatreviewsregularlyattheHeadquarterandProgramlevels MapOCIOpolicytointernalandexternalrequirements AddressgapstoensurethatasoundframeworkforITmanagementisestablished
TaRGETED OuTCOMES
Maintainedcompletedandup-to-datepolicyandguidanceonITacquisitionandmanagement EstablishedappropriateIToversightprocesses
IncreasedprecisionofongoingmeasurementofITinvestmenthealth Improvedaccountabilitywithfocusonconcreteactionstoimproveperformance
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 17of25
strategicgoals
Objective3RevitalizetherecordsmanagementprogramtoraisegeneralawarenessanddevelopplansTheDepartmenthasarenewedandreinvigoratedemphasisoncomprehensivefederalrecordsmanagementatDOEInaneraofrapidlychangingtechnologyrecordsarebeingcreatedandstoredinawidevarietyofformatsandmediaTraditionalprocessesofrecordsmanagementmustbeupdatedtoaddressthischangingenvironmentTheSecretaryofEnergyandtheDepartmentarededicatedtohavingacomprehensiverecordsmanagementprogramwherebythesystematiccontrolofthecreationmaintenancestorageanddispositionoffederalrecordsareensuredthroughtheestablishmentof andadherence to standardizedpoliciesprocesses and the trainingof federal staff andcontractors TheOCIOprovidesDepartmentalleadershipandcoordinationofthiseffort
ESSENTIALACTIONS DevelopaDepartmentRecordsManagementTacticalPlan Developarecordsinventoryanddispositionschedulelifecyclemanagementplan DevelopanddeployaDepartmentRecordsManagementTrainingcurriculum ProviderecommendationsfordocumentmanagementsystemsandRMAsystemscurrentlyavailable
TaRGETED OuTCOMES
EnsureduniformcompliancewithrecordsmanagementlawsandpracticesthroughDepartmentalrecordsmanagementgovernance UpdatedRecordsManagementpolicyviaanimprovedDOEOrder2431(B)thataddressespreviousshortcomingswithregardstorecordsmanagementandvitalrecordsgovernancemanagementandtraining
Developedcomprehensive(required)recordsmanagementtrainingthatensuresallDOEemployeesandcontractorsunderstandrecordmanagementrequirements ImplementRecordsManagementApplications(RMA) toensurethecontrolandmanagementofallldquopermanentrdquoandldquonon-permanentrdquorecordsacrosstheDepartmentincludinge-mail
Objective4EstablishstrongcooperativeinternalandexternalpartnershipsthatleadtoeffectiveinformationsharingandamutuallysupportiverelationshiptoachievingtheDOEmissionandapplicablefederalgoalsTheOCIOexercisesleadershipwithinandoutsidetheDepartmentthroughpartnershipsinsupportofAgencyandFederal-wideinitiativesSuchmutuallysupportivepartnershipsfostertrustandcommunicationandleadtotheidentificationofITmanagementbestpractices
ESSENTIALACTIONS EstablishmutuallysupportiverelationshipswithDOEProgramOfficesfunctionalmanagersandMampOCIOs Establishmutuallysupportiverelationshipswithotherfederalagencies
TaRGETED OuTCOMES
OCIOisarecognizedbusinesspartnerofDOEProgramOfficesfunctionalmanagersandMampOCIOs
ImprovedmanagementoffederalandprivatesectorpartnerinitiativessuchascloudcomputingIPv6andtheFederalRiskAuthorizationandManagementProgram(FedRAMP)
18of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
34 Strategic Goal 4
Strengthen Enterprise Situational Awareness to Foster Near-Real-Time Risk Management and Combat the Advanced Persistent Threat
Forge Interagency and Sector Partnerships to Protect Critical Infrastructure Promote Information Sharing and Advance Technologies for Cyber Defenses
TheDepartmentrsquosstrategicpathforwardforcybersecurityalignswithAdministrationprioritieswhichincludedeliveringsector-focusedcybersecuritysolutionstotheDefenseIndustrialBase(DIB)andprovidingleadershipintheexecutionoftheComprehensiveNationalCyberSecurityInitiative(CNCI)
We know that to achieve itsmissions DOEmust be forward-focused in defending its diverse infrastructure andbroadrangeofinformationassetsIncollaborationwithourNationalLaboratoriesandinter-agencypartnersweareleadingthetechnologicaladvancesnecessarytosecureoureconomicfutureanddefendGovernmentandcriticalinfrastructurefromincreasinglysophisticatedcyberattacks
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 19of25
strategicgoals
Objective1Implementaproactivecyberriskmanagementprogramthatensuresappropriateandcost-effectivesecuritytoenablemissionsandmeetlegalOMBandregulatoryrequirementsTheOCIOisleadingthedevelopmentoftheDepartmentrsquosRiskManagementApproach(RMA)fortheDepartmentrsquosCyberSecurityProgram(CSP)Thisapproachinstitutionalizesmission-focusedriskmanagementandlinemanagementaccountabilityforensuringappropriateprotectionofDOEinformationandinformationsystemsTheRMAandtheCSPrepresentanextensivecollaborativeeffortthatexemplifiestheDepartmentrsquosStrategicGoaltoldquoEstablishanoperationalandadaptableframeworkthatcombinesthebestwisdomofallDepartmentstakeholderstomaximizemissionsuccessrdquoTheRMAimplementsthefourcomponentsofriskmanagement(framingassessingrespondingandmonitoring)atallDOEorganizationlevelsTheOCIOpartnerswiththeOfficeofIntelligenceandCounterintelligence(IN)andtheIntelligenceCommunitytosharecriticalthreatinformationwiththeFederalcommunityacrosssecuritydomainsandrapidlyinformDOEprogramriskmanagementdecisionstoprotectagencyassetsTheOCIOwillcontinuetoexpandtheseeffortswhileleveragingadvancedresearchanddevelopmentcapabilitiestomitigatethefullspectrumofthreatsTheRMAdefinesgovernanceandprocessesfor assessingthreatsanalyzingrisksandsharingriskinformationthroughthecorporateriskexecutive informingrisk-baseddecisionsthatconsidermissionassuranceandcost-effectiveriskmitigationstrategiesprovidingtheappropriatebenefitfromavailablecybersecurityresourcesfirst
conveyingassuranceandconductingoversightand ensuringconsistencywithguidelinesfromtheNationalInstituteofStandardsandTechnology(NIST)andCommitteeonNationalSecuritySystems(CNSS)cyberrequirementsprocessesandprotections
TheRMAwillimplementautomatedenterpriseGovernanceRiskandCompliance(eGRC)capabilitiestoimprovedatacollectionaggregationand reportingThiseffortwill reducecosts re-direct resourcesandmanagement focus towardsoperationsandimproveOCIOcustomerservice
ESSENTIALACTIONS IdentifyanddocumentexistingRMAcapabilitiesincludingContractorAssuranceSystemssolutionsthatcouldbeleveragedinthetargetEnterprisecapability
FinalizeRMAmanagementplantoprograminputsfromSeniorDOEManagement ConductanddocumentRMAmaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimprovedRiskManagementdecisionsupport
TaRGETED OuTCOMES
Increasedresourceefficiencyandautomation Improvedsecuritypostureandenterprise situationalawareness
Increasedmissionassurancebetterinformed riskmanagementdecisions
20of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2ImplementacyberincidentmanagementprogramthatenhancessecurityoffederalandMampOnetworksandprovidesenterprise-widecoordinationandresponseThe OCIO is partnering with the NNSA OCIO the NationalLaboratoriesand INtodeveloptheDepartmentrsquosnextgenerationincidentmanagementcapabilityThis initiativeknownastheJointCyberSecurityCoordinationCenter(JC3)willintegrateDepartmentalincidentmanagementcapabilitiesintoacoordinatedresponseentitytoprovidefrontlinecyberdefenseandDepartment-levelsituationalawareness JC3 will strengthen DOErsquos role as a leader in thenational-level cybersecurity community through the timely sharingof DOE-derived cyber threat information with other agenciesJC3 will facilitate the aggregation correlation and deconflictionof inputs fromDepartment-wide sensor networks and other datasourcesprovidescomputer forensicanalysisandconductattacktrending tracking and mitigation of Advanced Persistent ThreatJC3 will coordinate incident management activities (Fxhibit 1)includingpreventiondetectioncontainmentandrecoveryforDOEElementsandcoordinatecommunicationsonbehalfoftheagencyfor cybersecurity events and emergency responsewithUS-CERTandagencypartners
ESSENTIALACTIONS IdentifyanddocumentexistingDOEIncidentManagementcapabilitiesincludingMampO-sponsoredsolutionsthatcouldbeleveragedintheJC3
DevelopJC3governancemodeltoincludeviableout-yearfundingmodel FinalizeprogrammanagementimplementationplanincludeplanforcoordinationofManagementExecutiveCouncil-DOECyberResearchandDevelopment(RampD)AdvanceTechnologiesinitiative
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimproveddecisionsupport
TaRGETED OuTCOMES
DocumentedenterprisebaselineofrequirementsmapexistingcapabilitiesincludingNationalLaboratoriesrsquoresourcesandexpertise ImprovedDOEenterpriseandGovernment-widecoordinationforresponsetosignificantcyberevents andAdvancedPersistentThreat
Improvedenterprise-wideeventmanagementreporting ImprovedleveragingofRampDandadvancedtechnologiestodetectandpreventcyberattacks
Preparationamp Prevention
Recover Era
dicat
e
ContainDet
ect
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
Figure1IncidentManagementLifecycle
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 21of25
strategicgoals
Objective3ImplementanenterprisecontinuousmonitoringstrategytocultivateactionableintelligenceandrapidlyinformmanagementactionOMBandFederalagencieshave increasingly recognized the limitedvalueofpoint-in-timesecurityauthorization for informingriskdecisionsandachievingeffectiveriskmanagementTheOCIOisleadingagencyeffortstodevelopContinuousMonitoring(CM)strategiesthatmoreeffectivelydirectandutilizeresourcesinprotectingagencyassetsThisCMprogramwillleveragetheRMAandshareOCIOeGRCcapabilitiestocultivateactionableintelligenceandenhancedecisionsupportfortheDOEanditsstakeholdersInimplementingtheCMprogramtheOCIOwill Identifyenterprise-levelCMinputsnecessarytobuildenterprisesituationalawarenessandinformriskmanagementdecisionsinnear-realtime(egthreatinformationstakeholdercommunicationflowsmissiondataetc)
Definetheprocessandperiodicityforreviewingandupdatingpoliciesstandardsandprocedurestomaintaincompliancewithcurrentstatutoryandregulatorydrivers
DescribehowCMdatawillbeaggregatedcorrelatedandanalyzedtoproduceactionableintelligenceandinformriskdecisionsincludingreporting
DevelopaCMImplementationPlanthat leveragesexistingresourcesfirst deploysinphasestocapturevaluequickly describesknowledgechainsandvaluepointsfororganization
AssessandmeasureprogrammaturitydevelopprocessesforcontinuousprogramimprovementtoincludeinnovationthroughRampDandadvancedtechnologiesoptimizationandlifecycleintegration
ESSENTIALACTIONS Identifyanddocumentgovernancecompliancerequirementsmodelsandprocessesthatimpactandcontributetocontinuousmonitoring
DevelopenterpriseCMStrategytoincludeincorporationofadvancedtechnologiesandinformationsharingwithinDOEorganizationsandexternallytotheFederalcommunity
ConductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyofCMStrategy
TaRGETED OuTCOMES
Integratedmulti-tiercontinuousmonitoringstrategythataddressesgovernanceenterpriseservicesandsystem-levelimplementation
AutomatedcommonreportingprocessforDOEHeadquartersProgramandSiteOffices InformedriskdecisionsusingcriticaldataflowsthatareidentifiedandincorporatedintoCMplans
22of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopmentNational workforce education and development initiatives such as the National Initiative for Cybersecurity Education (NICE)continue to underscore the critical importanceofwell-trained and capable cybersecurityworkforce to execute theprogramsthat support risk management and enable mission operations The OCIO is leading the enhancement of the Departmentrsquoscybersecurity trainingandworkforcedevelopmentprogram includingpartneringwithDepartmentofDefense to reducecostsbyleveragingtrainingresourcesThiseffortincludesamultiyearmulti-prongedapproachtowarddevelopingandmaintainingatrainingrepositorythatmapstrainingtocriticalcybersecurityrolesandindividualswithsignificantsecurityresponsibilitiesTheprogramiscentrallymanagedthroughtheOCIOandwillprovideafullscopeofadvancedtrainingresourcesandcapabilitiestoassistallDOEElements
ESSENTIALACTIONS DevelopenterpriseCybersecurityTrainingImplementationPlan Establishcommunicationsplantoensurecriticalrolesaremappedtoindividualsindividualtrainingplansareestablishedandcompletionratesaretracked
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyoftrainingprogram
TaRGETED OuTCOMES
Increasedworkforceawarenessandcapability improvedmitigationofinsiderthreat Improvedsecuritypostureandworkforcealignment withmissionpriorities
Identificationofkeycybersecurityroleswithineachorganizationincludingdocumentationofindividuals withsignificantsecurityresponsibility
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 23of25
appendix
Appendix A Strategic Initiatives
IdentityCredentialampAccessManagement(ICAM)This initiative establishes a framework for implementation of a variety ofidentity verification and access management capabilities It addressesrequirements related to HSPD-12 and enhances existing Public KeyInfrastructure (PKI) capabilities These key technologies enable theexchangeoftrustedidentitiesacrossDOEandwithotheragencypartnersHSPD-12 - This investment brings the Department in compliance withHomeland Security Presidential Directive 12 The initiative provides anenterprisestandards-basedauthenticationandauthorizationinfrastructurethatofferssecureseamlessbusinesstransactionsandinformationexchangewithinDOEandacrossmanydisparateagenciesandorganizationsTheprogramwillreduceexistinglogicalandphysicalsecurityvulnerabilitiesandmitigate risks toestablish theprerequisite levelofsecurity forcriticalenterprisebusinessfunctionsBoththetechnologysolutionsandongoingsupport providedby the initiativewill enableDOE to ensure that systemusers are who they claim to be (authentication) allow effective use ofdigitalsignatures(dataintegrityandaccountability)andrestrictaccesstoappropriatelyauthorizedusers(accesscontrol)PKI -ThemissionofPKISupportServicesistoprovideelectronicservicesrelated to authentication confidentiality privacy data integrity and non-repudiationthroughtheuseofdigitalidentitiesdigitalsignaturesandtwo-factorauthenticationtokensTheseservicesareavailabletoallcustomersthathaveavalidbusinessneedtosecureandtransmitsensitiveDepartmentdataandortherequirementtopositivelyidentifythemselvestoDepartmentresources
TaRGETED OuTCOMES ProvideastandardizedDOEIDCardcompliantwithHSPD-12andcapableofsupportingphysicalandlogicalaccessrequirementssuchascryptographicstorageofdigitalcredentialsintegratedstandards-basedbuildingproximitysupportandaprintedformatthatcomplieswithfederalIDcardrequirements EnhanceapublickeyinfrastructuresolutionthatcomplieswithfederalstandardsandsupportsDOErequirementsforconfidentialityintegrityandauthenticity ImplementanIIdentityCredentialandAccessManagementsolutionthatservesasthebasisofacommonsecurityinfrastructurethatcansupportdiversesystems EnsureDOEpublicexternalfacingserversand(web-enabled)servicestouseIPv6bytheendofFY2012
SustainabilityandFederalDataCenterConsolidationInitiativeThis initiative addresses requirements under the Federal Data CenterConsolidation Initiative (FDCCI) anOMB led initiative to consolidate andreducethenumberoffederaldatacentersItalsosupportsDepartmentalenergy reduction and sustainability goals as documented in the DOEStrategicSustainabilityPerformancePlanDatacenterreductiongoalswillbeachievedthroughincreasedefficienciessuchastheuseofvirtualizationconsolidation of requirements and implementation of increased use ofcloudcomputinginfrastructureasaservice
TaRGETED OuTCOMES ReducethenumberofDOEfederaldatacentersby6by2015
PerformanceManagementDashboardsThePerformanceManagementDashboards initiativeworkswithProgramOffices to develop business intelligence systems that inform seniorDOEmanagement about the effectiveness and efficiency of its program andfinancials This initiative also includes the development of Science ampTechnology in Americarsquos Reinvestment Metrics (STAR METRICS) formeasuring the effect of research on innovation competitiveness andscienceWhilethisinitiativeisintheearlystagesthegoalistouseProgramOfficeintelligencesystemstoleveragecontractorassurancesystemsandimprovethetransparencyofMampOcontractorperformance ThiswillprovideDOESenior Management visibility into contractor project performance muchearlierenablingimprovedperformancemanagement
TaRGETED OuTCOMES EstablishDOEintelligencesystemsthatprovidetransparencyandvisibilityintoprogramandfinancialperformance ProvideSeniorDOEManagementtimelyperformanceinformationtosupportdecision-makingviathePerformanceDashboards
24of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
appendix
FinancialAssistanceThe US Department of Energy (DOE) provides a significant amount offinancialassistancetosupportinnovationandprogressforAmericarsquosenergyscientificandnationalsecurityneedsevaluatingthousandsofapplicationseachyearandawardingbillionsofdollarsinfinancialassistanceDuetotheimportanceofDOErsquosinvestmentsandtheimpactofourresearchportfolioinsupportingournationalobjectivesandDOErsquosstrategicplantheDOEDeputySecretaryandOperationsManagementCouncildirectedtheOCIOtoconductanevaluationoffinancialassistancesystemswithinDOEto determine the scope of the opportunity to modernize the underlyingsystemsand services in support of financial assistanceprogramsat theDepartmentCurrentlyDOEreliesonamixofsystemsandprocessestoadministerfinancialassistanceawardsrangingfromin-housetooutsourcedproducts and has no single system or tool tomanageDOErsquos completeinvestmentportfolioAsaresulttheOCIOhasevaluatedfinancialassistancetechnologysolutionstoidentifyanoptimalapproachcontinuingourroleofprovidingtechnologyleadershippromotinginnovationandeffectiveoperationsacrossDOETherecommendationspromoteamoreintegratedenvironmentforcoordinatingexecutive insight into thefinancialassistanceactivitiesat thedepartmentandenablegreatertransparencyIn addition the effort promotes DOErsquos federal leadership initiatives suchas the STAR METRICS program which provides a common empiricalframeworktoidentifyoutcomesofresearchinvestmentsandpromotestheDepartmentrsquoscommitmenttoscienceandinnovation
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)TransitionThe IPv6 Transition initiative ensures DOE infrastructure and applicationlifecyclemanagement is aligned with the technical imperative and OMBdirectiontopreparefederalagenciestouseInternetProtocolVersion6by2014(OMBMemorandum92810)Agencydeadlinesinclude Upgradepublicexternalfacingserversandservices bytheendofFY2012
UpgradeinternalclientapplicationsbytheendofFY2014
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummitsTheOCIOhostsaseriesofsummitsfocusedonadvancedtechnologyandinnovationeffortsacrosstheDepartmentanditspartnerstohighlightwaysinwhichtheseactivitieshelpussucceedinourmissionandcontributetosuccessoftheNationrsquosgoalsandgrandchallengesThiseffortcontinuestheOCIOrsquosroleofpromotinginnovationshowcasingtechnologyleadershipandidentifyingopportunitiestomodernizeservicesandleveragethepowerof itThrough these types of forums opportunities are communicated anddiscussedinanopencollaborativeenvironmentandinitiativesacrossDOEcanbebroughttogethertopromotecollaborationandinformationsharingIndividuallysummitsprovidetopical-baseddiscussionsusecasesandbestpractices thatare linkedtoDOEandtheOCIOrsquoscontinualmodernizationandtechnologyreuseinitiativesandcreategreaterawarenessofthewaysweengageinourmissionOrganizationsparticipate fromacross theDOEenterprise includingotherfederalagenciesaswellaspublicandprivatepartnersandthesediscussionsprovide an opportunity to share stores and success helping identifycommonalitiesaswell asanunderstandingof theuniquecircumstancesencounteredbyindividualmissionsandoffices
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 25of25
appendix
FinancialAssistance
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)Transition
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummits
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
Appendix B List of Acronyms
ARB ArchitectureReviewBoardBRM BusinessReferenceModelCAM CorporateAssetManagementCampA CertificationandAccreditationCFO ChiefFinancialOfficerCIO ChiefInformationOfficerCHRIS CorporateHumanResource
InformationSystemCNCI ComprehensiveNational
CybersecurityInitiativeCNSS CommitteeforNationalSecuritySystemsCOTS CommercialOfftheShelfCPIC CapitalPlanningandInvestmentControlCRB CorporateReviewBudgetDIB DefenseIndustrialBaseDoe Department of energyEA EnterpriseArchitectureEATP EnterpriseArchitectureTransitionPlanEAWG EnterpriseArchitectureWorkingGroupEITS EnergyITServicesESNet EnergyScienceNetworkEVM EarnedValueManagementEWA EnterpriseWideAgreementEWSS Energy-WideStrategicSourcingFDCCI FederalDataCenterConsolidationInitiativeFEA FederalEnterpriseArchitectureFEDRAMP FederalRiskandAuthorization
ManagementProgramFFP FirmFixedPriceFGDC FederalGeographicDataCommitteeFISMA FederalInformationSecurity
ManagementActGLoB GeospatialLineofBusinessGPEA GovernmentPaperworkEliminationActGSA GeneralServicesAdministrationGSP GeospatialScienceProgramHSPD HomelandSecurityPresidentialDirectiveIDEA InnovativeDepartmentofEnergy
E-GovernmentApplicationsICAM IdentityCredentialampAccessManagementICPT IntegratedContractorPurchasingTeamIM InformationManagementI-MANAGE IntegratedManagementNavigationSystemIOAampT InfrastructureOfficeAutomation
andTelecommunicationsIPT IntegratedProjectTeamIPv6 InternetProtocolVersion6IRM InformationResourcesManagementIT InformationTechnologyLOB LineofBusinessMampO ManagementandOperatingNICE NationalInitiativefor
CybersecurityEducationNIST NationalInstituteofStandards
andTechnologyNNSA NationalNuclearSecurityAdministrationOCIO OfficeoftheChiefInformationOfficerOMB OfficeofManagementandBudgetOampM OperationsandMaintenancePKI PublicKeyInfrastructurePOAampM PlanofActionandMilestonesRMA RecordsManagementApplicationSPI SpectrumPolicyInitiativeSSP SharedServiceProviderSTAR ScienceampTechnologyin
AmericarsquosReinvestment
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 7of25
ociostrategy overview
20 OCIO Strategy Overview
21 Office of the Chief Information Officer Mission and Goals
ThemissionoftheOfficeoftheChiefInformationOfficer(OCIO)istoenabletheDepartmentofEnergyrsquosurgentmissionsinenergyscienceandnuclearsecuritythroughthepowerofinformationandtechnologyinamannerthatbalancesriskwithrequiredoutcomesinprogramsthatspanfromopensciencetonationalsecurityDOEpromoteseffectiveoperationsbyencouragingperformance-basedmanagementandfacilitatingtherestructuringofmission-andbusiness-relatedprocesseswhereappropriatebeforemakingsignificantITinvestmentstoimprovetheperformanceandcost-effectivenessof theDepartmentrsquos informationmanagementactivities Inaddition theOCIOrsquosOfficeofCybersecurityimplementsandmaintainsacomprehensivecybersecurityprogramthatiseffectiveacrossDOErsquosdiversemissionsandlargearrayofinterdependentnetworksandinformationsystems
Strategic Goal 1 Leverage Existing IT Leverageexistinginformationtechnologyandexpertisetomaximizemissionaccomplishmentand
reducecosts
Strategic Goal 2 Foster New and Emerging IT Identifyandfosternewandemerginginformationtechnologytomaximizemissionaccomplishment
andreducecosts
Strategic Goal 3 IT Governance Policy and Oversight Processes ProvideDepartmentalITgovernancepolicyandoversightprocessestoensuresecureefficientand
cost-effectiveuseofITresources
Strategic Goal 4 Risk-Based Cybersecurity Strengthenenterprisesituationalawarenesstofosternear-real-timeriskmanagementandcombat
the advanced persistent threat forge interagency and sector partnerships to protect criticalinfrastructurepromoteinformationsharingandadvancetechnologiesforcyberdefenses
22 Vision
TheChiefInformationOfficerrsquos(CIO)visionistobetherecognizedpartnerthatbringstechnologyandprogramstogethertounleashthepowerofinformationinachievingtheDOEmission
23 Goal Alignment
InaccordancewithOMBCircularA-130theOCIOstrategicplansupportstheDepartmentrsquosstrategicgoalsanddirectionThetableonpage8showsthealignmentoftheOCIOstrategicgoalstotheDepartmentrsquosfourstrategicgoalsTheOCIOgoalsareeitherdirectlyalignedorasignificantenablerforeachstrategicgoalAdirectalignmentisbasedonaclearlinkagebetweenthecontributionofOCIOgoalstotheaccomplishmentofamissionandanindirectalignment(notedascrosscutting)reflectslinkageswhereOCIOgoalscreatethetechnologicalorinformationsharingenvironmentwithinwhichastrategicmissionorgoalisaccomplished
8of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
ociostrategy overview
AlignmentofOCIOStrategicGoalstoDOErsquosStrategicGoals
DOE Goals
OCIO Goals
Transform Our Energy Systems
The Science and Engineering
Enterprise
Secure Our Nation
Management and Operational
Excellence
Leverage Existing IT DirectCrosscutting
DirectCrosscutting
DirectCrosscutting Direct
Foster New and Emerging IT DirectCrosscutting
DirectCrosscutting
DirectCrosscutting Direct
IT Governance Policy and Oversight Processes
DirectCrosscutting
DirectCrosscutting
DirectCrosscutting Direct
Risk-Based Cybersecurity Direct Direct Direct Direct
24 Target Opportunities
TheOCIOusesstrategicplansandothermanagementtoolstoensurethatITdecisionsmanagementresponsibilitiesandaccountabilityarepositionedtomeettheDepartmentrsquospresentandfutureneedsCoordinated with strategic planning the OCIO uses Departmental processes such as Enterprise Architecture (EA)ITCapitalPlanningand InvestmentControl (CPIC)andtechnologyassessmentprogramsto identifyopportunities toleveragebothexistingandnewtechnologiestosupportDepartmentgoalsTheseprocessesaimtoreduceperformancegapsintheoverallITportfoliobyretiringobsoletesystemsdevelopingnewsolutionsthatprovideimprovedperformanceandsupportingthedevelopmentofreusableapplicationcomponentsThisOCIOStrategicPlanhighlightskey initiativesandthepathforwardWithsuccessful implementationtheactionsdescribedinthisplanwillenabletheDepartmenttobestselectalignandmaximizeitsITresourcestofulfillDOEmission
25 IT Investment Portfolio
EachyeartheDepartmentselectsITinvestmentsthatmeetmissionneedscloseperformancegapsalignwithEAplansandalignwithexternaldriverssuchasOMBrsquos25PointImplementationPlantoReformFederalInformationTechnologyManagementThetablebelowshowsthebreakoutofDOErsquosBudgetYear(BY)2012ITportfoliobasedonDOEstrategicgoals
DOETotalITPortfolioBY2012
DOE Strategic Goal
Total Portfolio Funding
Dollars (in Millions) Percentages
Transform Our Energy Systems 13851 74
The Science and Engineering Enterprise 59406 318
Secure Our Nation 113010 604
Management and Operational Excellence 798 04
Total 187064 1000
As indicatedabove100percentofDOErsquosBY2012portfoliodirectlysupports the fourDOEstrategicgoals The ITportfolioischaracterizedbyawidearrayofinitiativesranginginsizeandsophisticationallofwhichareaimedatmissionaccomplishmentimprovedoperationalefficiencyandsupportofcrosscuttingDepartmentprioritiessuchassustainability
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 9of25
strategicgoals
30 OCIO Strategic GoalsTheOCIOhasITstrategicgoalsandobjectivesthatdriveachievementinDOEmissionandstrategicgoalsupport
Strategic Goal 1 Leverage existing information technology and expertise to maximize mission accomplishment and reduce costs
Objective1 ImplementasecureDOEfederalinfrastructurebyimprovingITservicesintoa best-in-classproviderfrombothatechnicalandbusinessperspective
Objective2 Developacomprehensivebusinessmanagementandcontractingstrategytoreducethecomplexityandimprovetheagilityofinternalandexternalsupportcontracts
[25PointImplementationPlanforFederalITReform]
Objective3 GeneratesubstantialsavingswithinOCIOandacrossDOEthroughtheimplementationofacomprehensiveenterpriseITconsolidationandsustainabilityplan
[DOEStrategicSustainabilityPerformancePlanExecutiveOrder1351425PointImplementationPlanforFederalITReform]
Objective4 Establishthehumancapitalandorganizationalfoundationtocreateahigh-performingorganization [25PointImplementationPlanforFederalITReform]
Strategic Goal 2 Identify and foster new and emerging information technology to maximize mission accomplishment and reduce costs
Objective1 Establishaformalsustainablefederaltechnologydeploymentprogram
Objective2 Identifyandleverageinnovativeservicedeliverymethods [FederalCloudFirstPolicy25PointImplementationPlanforFederalITReform]
Objective3 Identifyandfosteruseofgreentechnologytosupportenergyusereductiongoals [DOEStrategicSustainabilityPerformancePlanExecutiveOrder13514]
Strategic Goal 3 Provide Departmental IT governance policy and oversight processes to ensure secure efficient and cost-effective use of IT resources
Objective1 ImplementandinstitutionalizeareformedintegratedinformationtechnologymanagementgovernanceprocessthattreatsMampOsdistinctivelydifferentthantruefederalentities
Objective2 EstablishandimplementrobustDepartmentalpolicyonITissuesandappropriateIToversightprocesses [Clinger-CohenActDOEOrder2001AOMBCircularsA-11amp130]
Objective3 Revitalizetherecordsmanagementprogramtoraisegeneralawarenessanddevelopplans [FederalRecordsActPaperworkReductionActDOEOrders2431amp243236CFRChapterXIISubchapterB]
Objective4 EstablishstrongcooperativeinternalandexternalpartnershipsthatleadtoeffectiveinformationsharingandamutuallysupportiverelationshiptoachievingtheDOEmissionandapplicablefederalgoals
Strategic Goal 4 Strengthen enterprise situational awareness to foster near-real-time risk management and combat the advanced persistent threat forge interagency and sector partnerships to protect critical infrastructure promote information sharing and advance technologies for cyber defenses
Objective1 Implementaproactivecyberriskmanagementprogramthatensuresappropriateand cost-effectivesecuritytoenablemissionsandmeetlegalOMBandregulatoryrequirements
[FederalInformationSecurityManagementActDOEOrder2051B]
Objective2 ImplementacyberincidentmanagementprogramthatenhancessecurityoffederalandMampOnetworksandprovidesenterprise-widecoordinationandresponse
[FederalInformationSecurityManagementActDOEOrder2051B]
Objective3 Implementanenterprisecontinuousmonitoringstrategytocultivateactionableintelligenceandrapidlyinformmanagementaction
[FederalInformationSecurityManagementActDOEOrder2051B]
Objective4 Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopment [NationalInitiativeforCybersecurityEducation]
10of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
31 Strategic Goal 1
Leverage existing information technology and expertise to maximize mission accomplishment and reduce costs
The OCIO has established comprehensive functions to address policy people and processes related to ITmanagementByworkingfromasoundorganizationalfoundationandfocusingoncontinuousimprovementtomeetnew challenges theOCIOwill leverage an array of existing resources including human capital contractual andorganizationalprocessestoensureeffectiveITmanagementandstrongmissionsupportthroughouttheDepartmentDescriptionsoftargetedoutcomesandactionsrelatedtothisgoalaredescribedbelow
Objective1ImplementasecureDOEfederalinfrastructurebyimprovingITservicesintoabest-in-classproviderfrombothatechnicalandbusinessperspectiveTheOCIOOfficeforEnergyITServices(EITS)hastheresponsibilitytoprovidesharedandcrosscuttingITinfrastructuretothefederal community including theDOE-wide network servers for application anddata hosting secure internet access e-mailservicesfederaldesktopsandhelpdesksupportTheEITSteamworkstoprovideefficientlowcostservicesconsistentwithservicelevelagreementsinplacewithcustomersfromacrosstheDepartmentEITSisfocusedonbecomingtheDOEcommodityservicesproviderofchoice
ESSENTIALACTIONS DevelopanddeployavirtualdesktopinfrastructurecapableofsupportingallDOEfederaldesktopsimprovingtheinterconnectivitybetweenfederalandMampOinformationresourcesandprovidingdevice-agnosticconnectivity
Developafive-yearenterprisetechnologyroadmapthatoutlinesanear-andlong-termtechnologymigrationpathforfutureEITSservices
TaRGETED OuTCOMES
AstandardizedsimplifiedfederalITinfrastructure Reducednumberofcomponentsrequiredtooperate Reducednumberofinfrastructuresitesandfacilities
Strengthenedcybersecurity Sharedservices Increasedoperabilityandefficiency
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 11of25
strategicgoals
Objective2DevelopacomprehensivebusinessmanagementandcontractingstrategytoreducethecomplexityandimprovetheagilityofinternalandexternalsupportcontractsTheOCIOrsquosbusinessmanagementandcontractingstrategywillhavetwomajorelementsestablishinganOperationalInformationTechnologyServices (OITS) contract by late FY (Fiscal Year) 2011and continuedoptimizationof the currentEnterpriseWideAgreements(EWA)ProgramAspartofanoverallITacquisitionframeworktheOCIOseekstoleveragethecostsavingsandmanagementefficienciesthatresultfromacquiringandmanagingcommodityITproductsandservicesaswellascommerciallyavailablesoftwareonagovernment-wide basis Contract administration efficiencies are achieved by reducingmultiple contracts to one and improved pricing isobtainedbyleveragingtheDepartmentrsquostotalbuyingpowerTheOITScontractwillbeestablishedinFY2011toconsolidateandoptimizecommodityITservicesthroughouttheDOEcomplexEmphasiswillbeplacedonmaximizinguseofthiscontracttodecreasetheDOErsquosITtotalcostofownershipThiscontractwillalsobestructuredtominimizesubcontractingThe OCIOrsquos EWA Program is a collection of optional-use strategic sourcing contracts for common-use software hardwareandservicesusedwithin ITorganizationsacross theDepartment TheEWAProgram isstructuredtoallowuseby theentireDOEcomplexincludingDOEProgramOfficesStaffOfficesFieldSitesNationalLaboratoriesandPowerAdministrationsandsupportsandcomplieswiththeEnergy-WideStrategicSourcing(EWSS)ProgramFederalSmartBUYinitiativeClinger-CohenActandotherlegislativeandDOEpolicies
ESSENTIALACTIONS DriveincreaseduseofboththeOITScontractandtheEWAProgramthroughanaggressive stakeholdercommunicationsandmanagementprogram
Reduceadministrativecostofadministeringcontractsbydocumentingandautomatingprocesses OptimizetheEWAprogramtocreatemorecosteffectiveoptionsforourcustomers AwardnewITsupportservicescontractforcurrentIT
TaRGETED OuTCOMES
MaximizedbuyingpowerandreducedtotalcostofITownershipbyattainingoptimalpricingthroughtheaggregationofsoftwarerequirements
StreamlinedacquisitionprocesstoincreaseITcontractadministrationefficienciesthroughconsolidationopportunitiesoflegacyITcontractsintosinglecontractvehiclesandenterpriselicenseagreements
Objective3GeneratesubstantialsavingswithinOCIOandacrossDOEthroughtheimplementationofacomprehensiveenterpriseITconsolidationandsustainabilityplanByconsolidatingITinfrastructureasdirectedintheFederalDataCenterConsolidationInitiative(FDCCI)andthroughthecontinuedimplementation and evolution of the Departmentrsquos Strategic Sustainability Performance Plan (SSPP) the Departmentwill cutcostswhilereducingitscontributionoffederalgreenhousegasesTheSSPPcontainselectronicstewardshipgoalsthatfocusonconsolidatingandreducingdatacentersandimplementingimprovementsintheenergyuseatdatacentersTheOCIOhasDepartmentalleadershipresponsibilityfortheseeffortsandispursuingactivitiestoconsolidateITservices
ESSENTIALACTIONS LeadaDepartment-wideefforttoidentifyandconsolidatecommodityITservices Developandimplementafederaldatacentermodernizationandconsolidationplan Reducethenumberoffederaldatacentersbysix(6)byFY2015
TaRGETED OuTCOMES
Reducednumberofdatacenters Reducedrealestatefootprint Reduceddatacentercosts
Realizedenergysavings Increasedresource-utilizationrates ReducedcostsofcommodityITservices
12of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Establishthehumancapitalandorganizationalfoundationtocreate ahigh-performingorganizationTheOCIOrecognizesthestrategicmanagementchallengerequiredtohireandretainahighly-skilledITworkforceandisworkingtoaddressthecriticalityofstrengtheninghumancapitalasadriverfororganizationaleffectivenessTheOfficeofManagementandBudget(OMB)hasidentifiedaspecifichuman-capitalinitiativethatisdirectedtowardaligningaprofessionalworkforceinsupportofaDepartmentrsquosmissiongoalsandstrategiesTheOCIOhasdevelopedrecruitmentrequirementstofocuseffortsonidentifyingqualifiedcandidateswhoareabletoeasilyadapttochangesbroughtaboutbynewtechnologiesandiscurrentlyidentifyinggapsinskillsandabilitiesofthecurrentworkforcedevelopinghiringplanscreatingtrainingandprofessionaldevelopmentplansanddocumentingnewefficientbusinessprocessesInadditioninitiativeshavebeenimplementedtofocusonmaximizingemployeeperformancebyinstitutingdevelopmentprogramsandenrichmentopportunitiesthatmotivateandinspireemployeesTheOCIOwillcontinuetorecruitandretainnewtalentforcriticalmanagementandmission-criticalpositionsinordertoachievekeyobjectivesAspartofitsstrategicplanningtheOCIOhasestablishedrolesandresponsibilitieshigh-levelprocessflowsandanorganizationstructuretopositionitselftobecomeahigh-performingorganization
ESSENTIALACTIONS Leveragepasteffectivenessefficiencyreviewsandneworganizationalandskillsassessmentstoidentifyplan andimplementchangestorolesresponsibilitiesandreportingrelationships
Re-alignexistingpersonnelresourcestomoreeffectivelymatchexistingskillstorequirements Rapidlyhiretop-qualitypersonnelasgapsareidentifiedparticularlyseniorstaffpositions Strengthenperformance-basedpersonnelmanagement Implementanewperformance-managementsystemtobetterrecognizeandrewardsuperiorperformance ensuringahigh-performingandaccountableworkforce
Implementaperformanceframeworkforaccountabilityattheemployeelevel Implementacomprehensivetrainingprogramtocloseskillgapsandsustaintechnicalcompetence
TaRGETED OuTCOMES
AlignedworkforceskillstoDOEmissionsandpriorities Increasedprofessionaldevelopmentwithin thefederalworkforce
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 13of25
strategicgoals
32 Strategic Goal 2
Identify and foster new and emerging information technology to maximize mission accomplishment and reduce costs
ThisstrategicgoalidentifiestheareasoffocusandtheprocessesbywhichnewandemergingtechnologyisassessedandcanbecomeanenablertoachievingtheDOEmissionTheOCIOrsquosroleinthisareaistosupportProgramsacrosstheDepartmenttoidentifyandfostertheacquisitionanduseofemergingITtoleveragenewcapabilitiesandrethinkhowtomanagecommunicateandinteractwithdepartmentalinformation
Objective1EstablishaformalsustainablefederaltechnologydeploymentprogramTheOCIOprovidesexpertiseand leadership topartnerorganizationsacross theDepartment in the identificationofnewandemergingtechnologythatisusefulinsupportingthemissionTosupportthisfunctionaChiefTechnologyOfficerhasbeenplacedandanOCIOOfficeofCorporateProjectshasbeenstooduptocoordinatepartnershipoutreachandtechnologyresearchefforts
ESSENTIALACTIONS Developandimplementatechnologyinnovationprocesstoensurewell-formedinputandhandoffs toITactivitiesacrosstheDepartment
DefineaprocessforeffectivelymanagingprojectswithintheOCIO RefinetheDOEITStrategicRoadmapprocess ExpandtheOCIOrsquostechnologyoutreachandleadershipviaaseriesofsummits
TaRGETED OuTCOMES
Reducedcostofmissionaccomplishmentsduetomoreproductivetoolsandprocesses
Improvedknowledgesharing
14of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2IdentifyandleverageinnovativeservicedeliverymethodsTheOCIOcontinuallymakesanefforttoprovidenecessarymissionsupportatthelowestpossiblecostandinthemosttransparentmannerByleveraginginnovativeservicedeliverymethodssuchason-demandinfrastructureviacloudcomputingtheDepartmentgainsflexibilityinmissionsupportatlowpredictablecostsTheDepartmentrsquoscloudcomputinginitiativeisfollowingtheFederalGovernmentrsquoscloudcomputingdirectionforpursuingcloudasthepreferredchoiceincapitalprojectsThisinitiativealsosupportstheFederalRiskandAuthorizationManagementProgram(FEDRAMP)certificationofprivatesectorcloudalternativesThisinitiativeiscloselylinkedtootherinitiativesincludingsustainabilityanddatacenterconsolidation
ESSENTIALACTIONS IdentifyandevaluateservicedeliverymethodsforuseatDOE Implementcloudcomputingservicedelivery Identifyandprovidebestpracticesincloudcomputingacquisition Developasourcingstrategyforinnovativeandemergingtechnologiessuchascloudcomputingvirtualizationmobilecomputingetc
TaRGETED OuTCOME
ReducedcostsofITcommodityservicesduetoincreaseduseofcloudcomputing andotherinnovativeservicedeliverymethods
Objective3IdentifyandfosteruseofgreentechnologytosupportenergyusereductiongoalsConsistentwiththeoverarchingstrategyofchangingthelandscapeofenergysupplyanddemandtheSecretaryhasestablishedenergyconsumptionreductiontargetsfortheagencyHistoricallyIToperationshavealwaysrequiredsignificantenergyinputsHowevernewtechnologiesandstrategiesareconstantlybeingdevelopedforenergyefficient ITserviceandoperations TheOCIOiscommittedtoidentifyingandleveragingnewtechnologyandtechniquestoensurethatITisasignificantcontributortothereductionofenergyconsumptionDepartment-wideTheOCIOispursuingactivitiestoimplementsoundITenergymanagementpracticesthatwillresultinreducedairconditioningcostsandsubstantialenergysavings
ESSENTIALACTIONS Promoteenergyconservationandpaperwastereductionbyraisingawarenessofpreferredalternativessuchassharedprintersandduplexprintingandtheuseofworkplacemulti-functiondevices
Reduce(metered)electricityconsumptiontoreflectofficeanddesktoppowermanagement ImproveDepartment-widepowermanagementofdesktopcomputersprintersetc IdentifyimproveddatacenterandspaceplanningthroughtheEnergySavingscontractandpublic-privatepartnerships
TaRGETED OuTCOME
ReducedDepartment-wideenergyconsumptionandintensitybyFY2015nolessthan30onaverageacrosstheentireDepartmentrelativetotheDepartmentrsquosenergyuseinFY2003
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 15of25
strategicgoals
33 Strategic Goal 3
Provide Departmental IT governance policy and oversight processes to ensure secure efficient and cost-effective use of IT resources
TheOCIOprovidesleadershipandcoordinationforDepartmentalITmanagementthrougheffectiveITgovernanceprovisioning of IT policy and the implementation of IT oversight processes related to enterprise architecture ITinvestmentmanagementandothercrosscuttingITfunctionsBypartneringwithDOEProgramsingovernanceandoversightprocessestheOCIOensuresthatITservicesandassetsremainalignedwithmissionneeds
Objective1ImplementandinstitutionalizeareformedintegratedinformationtechnologymanagementgovernanceprocessthattreatsMampOsdistinctivelydifferentthantruefederalentitiesTheOCIO is actively redesigning ITgovernancearound its strategicgoals andobjectivesanddoingawaywith thedisparateITgovernancemechanisms thatareoftenuncoordinatedand result inpoormanagement TheOCIO is rethinking itscurrentgovernancestructureandwill refocusandcoordinategovernancegroups toensureappropriateparticipationownershipandaccountability
ESSENTIALACTIONS ReviewandaddressITissuesusingtheappropriategovernancegroups IntegrateandalignexistinggovernancegroupsincludingtheInformationManagementGovernanceCouncilInformationTechnologyCouncilandassociatedworkinggroups
TaRGETED OuTCOME
Establishmentofcoordinatedgovernancegroupsandprocesseswithappropriateauthoritiesrolesandresponsibilities
16of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2EstablishandimplementrobustDepartmentalpolicyonITissues andappropriateIToversightprocessesAsadecentralizedDepartmentindividualProgramsandsitesacrosstheDOEcomplexperformtheacquisitionandmanagementofITresourcesTheOCIOisresponsibleforestablishingpolicyandstandardsandoverseeingDepartmentalITmanagementtotheappropriatedegreenecessarytoensureconsistencyinteroperabilityandsecurityImplementing IToversightprocessesensures that theDepartmentrsquosportfolioof IT investments fully addressDOErsquosbusinessneedsandstrategiesTheOCIOhassuccessfullyimplementedTechStataface-to-faceevidence-basedaccountabilityreviewofanITinvestmentresultinginconcreteactionstoevaluateITinvestmentsandtoaddressweaknessesandturnaroundtroubledinvestmentsTechStatisvitaltotheDepartmentrsquosabilitytoimproveline-of-sightbetweenteamsandseniormanagementandfacilitates closermanagement of IT project progresswith the ability to identify and address performance issues before theybecomecostlytofix
ESSENTIALACTIONS ReviewandupdateITpolicyandguidancetoaddresschangesinrequirements Identifyandaddressrequirementsfornewpolicyandguidanceinatimelymanner IdentifyHeadquarterandFieldinvestmentstobeincludedintheTechStatReviews ConductTechStatreviewsregularlyattheHeadquarterandProgramlevels MapOCIOpolicytointernalandexternalrequirements AddressgapstoensurethatasoundframeworkforITmanagementisestablished
TaRGETED OuTCOMES
Maintainedcompletedandup-to-datepolicyandguidanceonITacquisitionandmanagement EstablishedappropriateIToversightprocesses
IncreasedprecisionofongoingmeasurementofITinvestmenthealth Improvedaccountabilitywithfocusonconcreteactionstoimproveperformance
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 17of25
strategicgoals
Objective3RevitalizetherecordsmanagementprogramtoraisegeneralawarenessanddevelopplansTheDepartmenthasarenewedandreinvigoratedemphasisoncomprehensivefederalrecordsmanagementatDOEInaneraofrapidlychangingtechnologyrecordsarebeingcreatedandstoredinawidevarietyofformatsandmediaTraditionalprocessesofrecordsmanagementmustbeupdatedtoaddressthischangingenvironmentTheSecretaryofEnergyandtheDepartmentarededicatedtohavingacomprehensiverecordsmanagementprogramwherebythesystematiccontrolofthecreationmaintenancestorageanddispositionoffederalrecordsareensuredthroughtheestablishmentof andadherence to standardizedpoliciesprocesses and the trainingof federal staff andcontractors TheOCIOprovidesDepartmentalleadershipandcoordinationofthiseffort
ESSENTIALACTIONS DevelopaDepartmentRecordsManagementTacticalPlan Developarecordsinventoryanddispositionschedulelifecyclemanagementplan DevelopanddeployaDepartmentRecordsManagementTrainingcurriculum ProviderecommendationsfordocumentmanagementsystemsandRMAsystemscurrentlyavailable
TaRGETED OuTCOMES
EnsureduniformcompliancewithrecordsmanagementlawsandpracticesthroughDepartmentalrecordsmanagementgovernance UpdatedRecordsManagementpolicyviaanimprovedDOEOrder2431(B)thataddressespreviousshortcomingswithregardstorecordsmanagementandvitalrecordsgovernancemanagementandtraining
Developedcomprehensive(required)recordsmanagementtrainingthatensuresallDOEemployeesandcontractorsunderstandrecordmanagementrequirements ImplementRecordsManagementApplications(RMA) toensurethecontrolandmanagementofallldquopermanentrdquoandldquonon-permanentrdquorecordsacrosstheDepartmentincludinge-mail
Objective4EstablishstrongcooperativeinternalandexternalpartnershipsthatleadtoeffectiveinformationsharingandamutuallysupportiverelationshiptoachievingtheDOEmissionandapplicablefederalgoalsTheOCIOexercisesleadershipwithinandoutsidetheDepartmentthroughpartnershipsinsupportofAgencyandFederal-wideinitiativesSuchmutuallysupportivepartnershipsfostertrustandcommunicationandleadtotheidentificationofITmanagementbestpractices
ESSENTIALACTIONS EstablishmutuallysupportiverelationshipswithDOEProgramOfficesfunctionalmanagersandMampOCIOs Establishmutuallysupportiverelationshipswithotherfederalagencies
TaRGETED OuTCOMES
OCIOisarecognizedbusinesspartnerofDOEProgramOfficesfunctionalmanagersandMampOCIOs
ImprovedmanagementoffederalandprivatesectorpartnerinitiativessuchascloudcomputingIPv6andtheFederalRiskAuthorizationandManagementProgram(FedRAMP)
18of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
34 Strategic Goal 4
Strengthen Enterprise Situational Awareness to Foster Near-Real-Time Risk Management and Combat the Advanced Persistent Threat
Forge Interagency and Sector Partnerships to Protect Critical Infrastructure Promote Information Sharing and Advance Technologies for Cyber Defenses
TheDepartmentrsquosstrategicpathforwardforcybersecurityalignswithAdministrationprioritieswhichincludedeliveringsector-focusedcybersecuritysolutionstotheDefenseIndustrialBase(DIB)andprovidingleadershipintheexecutionoftheComprehensiveNationalCyberSecurityInitiative(CNCI)
We know that to achieve itsmissions DOEmust be forward-focused in defending its diverse infrastructure andbroadrangeofinformationassetsIncollaborationwithourNationalLaboratoriesandinter-agencypartnersweareleadingthetechnologicaladvancesnecessarytosecureoureconomicfutureanddefendGovernmentandcriticalinfrastructurefromincreasinglysophisticatedcyberattacks
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 19of25
strategicgoals
Objective1Implementaproactivecyberriskmanagementprogramthatensuresappropriateandcost-effectivesecuritytoenablemissionsandmeetlegalOMBandregulatoryrequirementsTheOCIOisleadingthedevelopmentoftheDepartmentrsquosRiskManagementApproach(RMA)fortheDepartmentrsquosCyberSecurityProgram(CSP)Thisapproachinstitutionalizesmission-focusedriskmanagementandlinemanagementaccountabilityforensuringappropriateprotectionofDOEinformationandinformationsystemsTheRMAandtheCSPrepresentanextensivecollaborativeeffortthatexemplifiestheDepartmentrsquosStrategicGoaltoldquoEstablishanoperationalandadaptableframeworkthatcombinesthebestwisdomofallDepartmentstakeholderstomaximizemissionsuccessrdquoTheRMAimplementsthefourcomponentsofriskmanagement(framingassessingrespondingandmonitoring)atallDOEorganizationlevelsTheOCIOpartnerswiththeOfficeofIntelligenceandCounterintelligence(IN)andtheIntelligenceCommunitytosharecriticalthreatinformationwiththeFederalcommunityacrosssecuritydomainsandrapidlyinformDOEprogramriskmanagementdecisionstoprotectagencyassetsTheOCIOwillcontinuetoexpandtheseeffortswhileleveragingadvancedresearchanddevelopmentcapabilitiestomitigatethefullspectrumofthreatsTheRMAdefinesgovernanceandprocessesfor assessingthreatsanalyzingrisksandsharingriskinformationthroughthecorporateriskexecutive informingrisk-baseddecisionsthatconsidermissionassuranceandcost-effectiveriskmitigationstrategiesprovidingtheappropriatebenefitfromavailablecybersecurityresourcesfirst
conveyingassuranceandconductingoversightand ensuringconsistencywithguidelinesfromtheNationalInstituteofStandardsandTechnology(NIST)andCommitteeonNationalSecuritySystems(CNSS)cyberrequirementsprocessesandprotections
TheRMAwillimplementautomatedenterpriseGovernanceRiskandCompliance(eGRC)capabilitiestoimprovedatacollectionaggregationand reportingThiseffortwill reducecosts re-direct resourcesandmanagement focus towardsoperationsandimproveOCIOcustomerservice
ESSENTIALACTIONS IdentifyanddocumentexistingRMAcapabilitiesincludingContractorAssuranceSystemssolutionsthatcouldbeleveragedinthetargetEnterprisecapability
FinalizeRMAmanagementplantoprograminputsfromSeniorDOEManagement ConductanddocumentRMAmaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimprovedRiskManagementdecisionsupport
TaRGETED OuTCOMES
Increasedresourceefficiencyandautomation Improvedsecuritypostureandenterprise situationalawareness
Increasedmissionassurancebetterinformed riskmanagementdecisions
20of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2ImplementacyberincidentmanagementprogramthatenhancessecurityoffederalandMampOnetworksandprovidesenterprise-widecoordinationandresponseThe OCIO is partnering with the NNSA OCIO the NationalLaboratoriesand INtodeveloptheDepartmentrsquosnextgenerationincidentmanagementcapabilityThis initiativeknownastheJointCyberSecurityCoordinationCenter(JC3)willintegrateDepartmentalincidentmanagementcapabilitiesintoacoordinatedresponseentitytoprovidefrontlinecyberdefenseandDepartment-levelsituationalawareness JC3 will strengthen DOErsquos role as a leader in thenational-level cybersecurity community through the timely sharingof DOE-derived cyber threat information with other agenciesJC3 will facilitate the aggregation correlation and deconflictionof inputs fromDepartment-wide sensor networks and other datasourcesprovidescomputer forensicanalysisandconductattacktrending tracking and mitigation of Advanced Persistent ThreatJC3 will coordinate incident management activities (Fxhibit 1)includingpreventiondetectioncontainmentandrecoveryforDOEElementsandcoordinatecommunicationsonbehalfoftheagencyfor cybersecurity events and emergency responsewithUS-CERTandagencypartners
ESSENTIALACTIONS IdentifyanddocumentexistingDOEIncidentManagementcapabilitiesincludingMampO-sponsoredsolutionsthatcouldbeleveragedintheJC3
DevelopJC3governancemodeltoincludeviableout-yearfundingmodel FinalizeprogrammanagementimplementationplanincludeplanforcoordinationofManagementExecutiveCouncil-DOECyberResearchandDevelopment(RampD)AdvanceTechnologiesinitiative
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimproveddecisionsupport
TaRGETED OuTCOMES
DocumentedenterprisebaselineofrequirementsmapexistingcapabilitiesincludingNationalLaboratoriesrsquoresourcesandexpertise ImprovedDOEenterpriseandGovernment-widecoordinationforresponsetosignificantcyberevents andAdvancedPersistentThreat
Improvedenterprise-wideeventmanagementreporting ImprovedleveragingofRampDandadvancedtechnologiestodetectandpreventcyberattacks
Preparationamp Prevention
Recover Era
dicat
e
ContainDet
ect
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
Figure1IncidentManagementLifecycle
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 21of25
strategicgoals
Objective3ImplementanenterprisecontinuousmonitoringstrategytocultivateactionableintelligenceandrapidlyinformmanagementactionOMBandFederalagencieshave increasingly recognized the limitedvalueofpoint-in-timesecurityauthorization for informingriskdecisionsandachievingeffectiveriskmanagementTheOCIOisleadingagencyeffortstodevelopContinuousMonitoring(CM)strategiesthatmoreeffectivelydirectandutilizeresourcesinprotectingagencyassetsThisCMprogramwillleveragetheRMAandshareOCIOeGRCcapabilitiestocultivateactionableintelligenceandenhancedecisionsupportfortheDOEanditsstakeholdersInimplementingtheCMprogramtheOCIOwill Identifyenterprise-levelCMinputsnecessarytobuildenterprisesituationalawarenessandinformriskmanagementdecisionsinnear-realtime(egthreatinformationstakeholdercommunicationflowsmissiondataetc)
Definetheprocessandperiodicityforreviewingandupdatingpoliciesstandardsandprocedurestomaintaincompliancewithcurrentstatutoryandregulatorydrivers
DescribehowCMdatawillbeaggregatedcorrelatedandanalyzedtoproduceactionableintelligenceandinformriskdecisionsincludingreporting
DevelopaCMImplementationPlanthat leveragesexistingresourcesfirst deploysinphasestocapturevaluequickly describesknowledgechainsandvaluepointsfororganization
AssessandmeasureprogrammaturitydevelopprocessesforcontinuousprogramimprovementtoincludeinnovationthroughRampDandadvancedtechnologiesoptimizationandlifecycleintegration
ESSENTIALACTIONS Identifyanddocumentgovernancecompliancerequirementsmodelsandprocessesthatimpactandcontributetocontinuousmonitoring
DevelopenterpriseCMStrategytoincludeincorporationofadvancedtechnologiesandinformationsharingwithinDOEorganizationsandexternallytotheFederalcommunity
ConductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyofCMStrategy
TaRGETED OuTCOMES
Integratedmulti-tiercontinuousmonitoringstrategythataddressesgovernanceenterpriseservicesandsystem-levelimplementation
AutomatedcommonreportingprocessforDOEHeadquartersProgramandSiteOffices InformedriskdecisionsusingcriticaldataflowsthatareidentifiedandincorporatedintoCMplans
22of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopmentNational workforce education and development initiatives such as the National Initiative for Cybersecurity Education (NICE)continue to underscore the critical importanceofwell-trained and capable cybersecurityworkforce to execute theprogramsthat support risk management and enable mission operations The OCIO is leading the enhancement of the Departmentrsquoscybersecurity trainingandworkforcedevelopmentprogram includingpartneringwithDepartmentofDefense to reducecostsbyleveragingtrainingresourcesThiseffortincludesamultiyearmulti-prongedapproachtowarddevelopingandmaintainingatrainingrepositorythatmapstrainingtocriticalcybersecurityrolesandindividualswithsignificantsecurityresponsibilitiesTheprogramiscentrallymanagedthroughtheOCIOandwillprovideafullscopeofadvancedtrainingresourcesandcapabilitiestoassistallDOEElements
ESSENTIALACTIONS DevelopenterpriseCybersecurityTrainingImplementationPlan Establishcommunicationsplantoensurecriticalrolesaremappedtoindividualsindividualtrainingplansareestablishedandcompletionratesaretracked
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyoftrainingprogram
TaRGETED OuTCOMES
Increasedworkforceawarenessandcapability improvedmitigationofinsiderthreat Improvedsecuritypostureandworkforcealignment withmissionpriorities
Identificationofkeycybersecurityroleswithineachorganizationincludingdocumentationofindividuals withsignificantsecurityresponsibility
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 23of25
appendix
Appendix A Strategic Initiatives
IdentityCredentialampAccessManagement(ICAM)This initiative establishes a framework for implementation of a variety ofidentity verification and access management capabilities It addressesrequirements related to HSPD-12 and enhances existing Public KeyInfrastructure (PKI) capabilities These key technologies enable theexchangeoftrustedidentitiesacrossDOEandwithotheragencypartnersHSPD-12 - This investment brings the Department in compliance withHomeland Security Presidential Directive 12 The initiative provides anenterprisestandards-basedauthenticationandauthorizationinfrastructurethatofferssecureseamlessbusinesstransactionsandinformationexchangewithinDOEandacrossmanydisparateagenciesandorganizationsTheprogramwillreduceexistinglogicalandphysicalsecurityvulnerabilitiesandmitigate risks toestablish theprerequisite levelofsecurity forcriticalenterprisebusinessfunctionsBoththetechnologysolutionsandongoingsupport providedby the initiativewill enableDOE to ensure that systemusers are who they claim to be (authentication) allow effective use ofdigitalsignatures(dataintegrityandaccountability)andrestrictaccesstoappropriatelyauthorizedusers(accesscontrol)PKI -ThemissionofPKISupportServicesistoprovideelectronicservicesrelated to authentication confidentiality privacy data integrity and non-repudiationthroughtheuseofdigitalidentitiesdigitalsignaturesandtwo-factorauthenticationtokensTheseservicesareavailabletoallcustomersthathaveavalidbusinessneedtosecureandtransmitsensitiveDepartmentdataandortherequirementtopositivelyidentifythemselvestoDepartmentresources
TaRGETED OuTCOMES ProvideastandardizedDOEIDCardcompliantwithHSPD-12andcapableofsupportingphysicalandlogicalaccessrequirementssuchascryptographicstorageofdigitalcredentialsintegratedstandards-basedbuildingproximitysupportandaprintedformatthatcomplieswithfederalIDcardrequirements EnhanceapublickeyinfrastructuresolutionthatcomplieswithfederalstandardsandsupportsDOErequirementsforconfidentialityintegrityandauthenticity ImplementanIIdentityCredentialandAccessManagementsolutionthatservesasthebasisofacommonsecurityinfrastructurethatcansupportdiversesystems EnsureDOEpublicexternalfacingserversand(web-enabled)servicestouseIPv6bytheendofFY2012
SustainabilityandFederalDataCenterConsolidationInitiativeThis initiative addresses requirements under the Federal Data CenterConsolidation Initiative (FDCCI) anOMB led initiative to consolidate andreducethenumberoffederaldatacentersItalsosupportsDepartmentalenergy reduction and sustainability goals as documented in the DOEStrategicSustainabilityPerformancePlanDatacenterreductiongoalswillbeachievedthroughincreasedefficienciessuchastheuseofvirtualizationconsolidation of requirements and implementation of increased use ofcloudcomputinginfrastructureasaservice
TaRGETED OuTCOMES ReducethenumberofDOEfederaldatacentersby6by2015
PerformanceManagementDashboardsThePerformanceManagementDashboards initiativeworkswithProgramOffices to develop business intelligence systems that inform seniorDOEmanagement about the effectiveness and efficiency of its program andfinancials This initiative also includes the development of Science ampTechnology in Americarsquos Reinvestment Metrics (STAR METRICS) formeasuring the effect of research on innovation competitiveness andscienceWhilethisinitiativeisintheearlystagesthegoalistouseProgramOfficeintelligencesystemstoleveragecontractorassurancesystemsandimprovethetransparencyofMampOcontractorperformance ThiswillprovideDOESenior Management visibility into contractor project performance muchearlierenablingimprovedperformancemanagement
TaRGETED OuTCOMES EstablishDOEintelligencesystemsthatprovidetransparencyandvisibilityintoprogramandfinancialperformance ProvideSeniorDOEManagementtimelyperformanceinformationtosupportdecision-makingviathePerformanceDashboards
24of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
appendix
FinancialAssistanceThe US Department of Energy (DOE) provides a significant amount offinancialassistancetosupportinnovationandprogressforAmericarsquosenergyscientificandnationalsecurityneedsevaluatingthousandsofapplicationseachyearandawardingbillionsofdollarsinfinancialassistanceDuetotheimportanceofDOErsquosinvestmentsandtheimpactofourresearchportfolioinsupportingournationalobjectivesandDOErsquosstrategicplantheDOEDeputySecretaryandOperationsManagementCouncildirectedtheOCIOtoconductanevaluationoffinancialassistancesystemswithinDOEto determine the scope of the opportunity to modernize the underlyingsystemsand services in support of financial assistanceprogramsat theDepartmentCurrentlyDOEreliesonamixofsystemsandprocessestoadministerfinancialassistanceawardsrangingfromin-housetooutsourcedproducts and has no single system or tool tomanageDOErsquos completeinvestmentportfolioAsaresulttheOCIOhasevaluatedfinancialassistancetechnologysolutionstoidentifyanoptimalapproachcontinuingourroleofprovidingtechnologyleadershippromotinginnovationandeffectiveoperationsacrossDOETherecommendationspromoteamoreintegratedenvironmentforcoordinatingexecutive insight into thefinancialassistanceactivitiesat thedepartmentandenablegreatertransparencyIn addition the effort promotes DOErsquos federal leadership initiatives suchas the STAR METRICS program which provides a common empiricalframeworktoidentifyoutcomesofresearchinvestmentsandpromotestheDepartmentrsquoscommitmenttoscienceandinnovation
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)TransitionThe IPv6 Transition initiative ensures DOE infrastructure and applicationlifecyclemanagement is aligned with the technical imperative and OMBdirectiontopreparefederalagenciestouseInternetProtocolVersion6by2014(OMBMemorandum92810)Agencydeadlinesinclude Upgradepublicexternalfacingserversandservices bytheendofFY2012
UpgradeinternalclientapplicationsbytheendofFY2014
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummitsTheOCIOhostsaseriesofsummitsfocusedonadvancedtechnologyandinnovationeffortsacrosstheDepartmentanditspartnerstohighlightwaysinwhichtheseactivitieshelpussucceedinourmissionandcontributetosuccessoftheNationrsquosgoalsandgrandchallengesThiseffortcontinuestheOCIOrsquosroleofpromotinginnovationshowcasingtechnologyleadershipandidentifyingopportunitiestomodernizeservicesandleveragethepowerof itThrough these types of forums opportunities are communicated anddiscussedinanopencollaborativeenvironmentandinitiativesacrossDOEcanbebroughttogethertopromotecollaborationandinformationsharingIndividuallysummitsprovidetopical-baseddiscussionsusecasesandbestpractices thatare linkedtoDOEandtheOCIOrsquoscontinualmodernizationandtechnologyreuseinitiativesandcreategreaterawarenessofthewaysweengageinourmissionOrganizationsparticipate fromacross theDOEenterprise includingotherfederalagenciesaswellaspublicandprivatepartnersandthesediscussionsprovide an opportunity to share stores and success helping identifycommonalitiesaswell asanunderstandingof theuniquecircumstancesencounteredbyindividualmissionsandoffices
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 25of25
appendix
FinancialAssistance
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)Transition
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummits
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
Appendix B List of Acronyms
ARB ArchitectureReviewBoardBRM BusinessReferenceModelCAM CorporateAssetManagementCampA CertificationandAccreditationCFO ChiefFinancialOfficerCIO ChiefInformationOfficerCHRIS CorporateHumanResource
InformationSystemCNCI ComprehensiveNational
CybersecurityInitiativeCNSS CommitteeforNationalSecuritySystemsCOTS CommercialOfftheShelfCPIC CapitalPlanningandInvestmentControlCRB CorporateReviewBudgetDIB DefenseIndustrialBaseDoe Department of energyEA EnterpriseArchitectureEATP EnterpriseArchitectureTransitionPlanEAWG EnterpriseArchitectureWorkingGroupEITS EnergyITServicesESNet EnergyScienceNetworkEVM EarnedValueManagementEWA EnterpriseWideAgreementEWSS Energy-WideStrategicSourcingFDCCI FederalDataCenterConsolidationInitiativeFEA FederalEnterpriseArchitectureFEDRAMP FederalRiskandAuthorization
ManagementProgramFFP FirmFixedPriceFGDC FederalGeographicDataCommitteeFISMA FederalInformationSecurity
ManagementActGLoB GeospatialLineofBusinessGPEA GovernmentPaperworkEliminationActGSA GeneralServicesAdministrationGSP GeospatialScienceProgramHSPD HomelandSecurityPresidentialDirectiveIDEA InnovativeDepartmentofEnergy
E-GovernmentApplicationsICAM IdentityCredentialampAccessManagementICPT IntegratedContractorPurchasingTeamIM InformationManagementI-MANAGE IntegratedManagementNavigationSystemIOAampT InfrastructureOfficeAutomation
andTelecommunicationsIPT IntegratedProjectTeamIPv6 InternetProtocolVersion6IRM InformationResourcesManagementIT InformationTechnologyLOB LineofBusinessMampO ManagementandOperatingNICE NationalInitiativefor
CybersecurityEducationNIST NationalInstituteofStandards
andTechnologyNNSA NationalNuclearSecurityAdministrationOCIO OfficeoftheChiefInformationOfficerOMB OfficeofManagementandBudgetOampM OperationsandMaintenancePKI PublicKeyInfrastructurePOAampM PlanofActionandMilestonesRMA RecordsManagementApplicationSPI SpectrumPolicyInitiativeSSP SharedServiceProviderSTAR ScienceampTechnologyin
AmericarsquosReinvestment
8of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
ociostrategy overview
AlignmentofOCIOStrategicGoalstoDOErsquosStrategicGoals
DOE Goals
OCIO Goals
Transform Our Energy Systems
The Science and Engineering
Enterprise
Secure Our Nation
Management and Operational
Excellence
Leverage Existing IT DirectCrosscutting
DirectCrosscutting
DirectCrosscutting Direct
Foster New and Emerging IT DirectCrosscutting
DirectCrosscutting
DirectCrosscutting Direct
IT Governance Policy and Oversight Processes
DirectCrosscutting
DirectCrosscutting
DirectCrosscutting Direct
Risk-Based Cybersecurity Direct Direct Direct Direct
24 Target Opportunities
TheOCIOusesstrategicplansandothermanagementtoolstoensurethatITdecisionsmanagementresponsibilitiesandaccountabilityarepositionedtomeettheDepartmentrsquospresentandfutureneedsCoordinated with strategic planning the OCIO uses Departmental processes such as Enterprise Architecture (EA)ITCapitalPlanningand InvestmentControl (CPIC)andtechnologyassessmentprogramsto identifyopportunities toleveragebothexistingandnewtechnologiestosupportDepartmentgoalsTheseprocessesaimtoreduceperformancegapsintheoverallITportfoliobyretiringobsoletesystemsdevelopingnewsolutionsthatprovideimprovedperformanceandsupportingthedevelopmentofreusableapplicationcomponentsThisOCIOStrategicPlanhighlightskey initiativesandthepathforwardWithsuccessful implementationtheactionsdescribedinthisplanwillenabletheDepartmenttobestselectalignandmaximizeitsITresourcestofulfillDOEmission
25 IT Investment Portfolio
EachyeartheDepartmentselectsITinvestmentsthatmeetmissionneedscloseperformancegapsalignwithEAplansandalignwithexternaldriverssuchasOMBrsquos25PointImplementationPlantoReformFederalInformationTechnologyManagementThetablebelowshowsthebreakoutofDOErsquosBudgetYear(BY)2012ITportfoliobasedonDOEstrategicgoals
DOETotalITPortfolioBY2012
DOE Strategic Goal
Total Portfolio Funding
Dollars (in Millions) Percentages
Transform Our Energy Systems 13851 74
The Science and Engineering Enterprise 59406 318
Secure Our Nation 113010 604
Management and Operational Excellence 798 04
Total 187064 1000
As indicatedabove100percentofDOErsquosBY2012portfoliodirectlysupports the fourDOEstrategicgoals The ITportfolioischaracterizedbyawidearrayofinitiativesranginginsizeandsophisticationallofwhichareaimedatmissionaccomplishmentimprovedoperationalefficiencyandsupportofcrosscuttingDepartmentprioritiessuchassustainability
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 9of25
strategicgoals
30 OCIO Strategic GoalsTheOCIOhasITstrategicgoalsandobjectivesthatdriveachievementinDOEmissionandstrategicgoalsupport
Strategic Goal 1 Leverage existing information technology and expertise to maximize mission accomplishment and reduce costs
Objective1 ImplementasecureDOEfederalinfrastructurebyimprovingITservicesintoa best-in-classproviderfrombothatechnicalandbusinessperspective
Objective2 Developacomprehensivebusinessmanagementandcontractingstrategytoreducethecomplexityandimprovetheagilityofinternalandexternalsupportcontracts
[25PointImplementationPlanforFederalITReform]
Objective3 GeneratesubstantialsavingswithinOCIOandacrossDOEthroughtheimplementationofacomprehensiveenterpriseITconsolidationandsustainabilityplan
[DOEStrategicSustainabilityPerformancePlanExecutiveOrder1351425PointImplementationPlanforFederalITReform]
Objective4 Establishthehumancapitalandorganizationalfoundationtocreateahigh-performingorganization [25PointImplementationPlanforFederalITReform]
Strategic Goal 2 Identify and foster new and emerging information technology to maximize mission accomplishment and reduce costs
Objective1 Establishaformalsustainablefederaltechnologydeploymentprogram
Objective2 Identifyandleverageinnovativeservicedeliverymethods [FederalCloudFirstPolicy25PointImplementationPlanforFederalITReform]
Objective3 Identifyandfosteruseofgreentechnologytosupportenergyusereductiongoals [DOEStrategicSustainabilityPerformancePlanExecutiveOrder13514]
Strategic Goal 3 Provide Departmental IT governance policy and oversight processes to ensure secure efficient and cost-effective use of IT resources
Objective1 ImplementandinstitutionalizeareformedintegratedinformationtechnologymanagementgovernanceprocessthattreatsMampOsdistinctivelydifferentthantruefederalentities
Objective2 EstablishandimplementrobustDepartmentalpolicyonITissuesandappropriateIToversightprocesses [Clinger-CohenActDOEOrder2001AOMBCircularsA-11amp130]
Objective3 Revitalizetherecordsmanagementprogramtoraisegeneralawarenessanddevelopplans [FederalRecordsActPaperworkReductionActDOEOrders2431amp243236CFRChapterXIISubchapterB]
Objective4 EstablishstrongcooperativeinternalandexternalpartnershipsthatleadtoeffectiveinformationsharingandamutuallysupportiverelationshiptoachievingtheDOEmissionandapplicablefederalgoals
Strategic Goal 4 Strengthen enterprise situational awareness to foster near-real-time risk management and combat the advanced persistent threat forge interagency and sector partnerships to protect critical infrastructure promote information sharing and advance technologies for cyber defenses
Objective1 Implementaproactivecyberriskmanagementprogramthatensuresappropriateand cost-effectivesecuritytoenablemissionsandmeetlegalOMBandregulatoryrequirements
[FederalInformationSecurityManagementActDOEOrder2051B]
Objective2 ImplementacyberincidentmanagementprogramthatenhancessecurityoffederalandMampOnetworksandprovidesenterprise-widecoordinationandresponse
[FederalInformationSecurityManagementActDOEOrder2051B]
Objective3 Implementanenterprisecontinuousmonitoringstrategytocultivateactionableintelligenceandrapidlyinformmanagementaction
[FederalInformationSecurityManagementActDOEOrder2051B]
Objective4 Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopment [NationalInitiativeforCybersecurityEducation]
10of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
31 Strategic Goal 1
Leverage existing information technology and expertise to maximize mission accomplishment and reduce costs
The OCIO has established comprehensive functions to address policy people and processes related to ITmanagementByworkingfromasoundorganizationalfoundationandfocusingoncontinuousimprovementtomeetnew challenges theOCIOwill leverage an array of existing resources including human capital contractual andorganizationalprocessestoensureeffectiveITmanagementandstrongmissionsupportthroughouttheDepartmentDescriptionsoftargetedoutcomesandactionsrelatedtothisgoalaredescribedbelow
Objective1ImplementasecureDOEfederalinfrastructurebyimprovingITservicesintoabest-in-classproviderfrombothatechnicalandbusinessperspectiveTheOCIOOfficeforEnergyITServices(EITS)hastheresponsibilitytoprovidesharedandcrosscuttingITinfrastructuretothefederal community including theDOE-wide network servers for application anddata hosting secure internet access e-mailservicesfederaldesktopsandhelpdesksupportTheEITSteamworkstoprovideefficientlowcostservicesconsistentwithservicelevelagreementsinplacewithcustomersfromacrosstheDepartmentEITSisfocusedonbecomingtheDOEcommodityservicesproviderofchoice
ESSENTIALACTIONS DevelopanddeployavirtualdesktopinfrastructurecapableofsupportingallDOEfederaldesktopsimprovingtheinterconnectivitybetweenfederalandMampOinformationresourcesandprovidingdevice-agnosticconnectivity
Developafive-yearenterprisetechnologyroadmapthatoutlinesanear-andlong-termtechnologymigrationpathforfutureEITSservices
TaRGETED OuTCOMES
AstandardizedsimplifiedfederalITinfrastructure Reducednumberofcomponentsrequiredtooperate Reducednumberofinfrastructuresitesandfacilities
Strengthenedcybersecurity Sharedservices Increasedoperabilityandefficiency
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 11of25
strategicgoals
Objective2DevelopacomprehensivebusinessmanagementandcontractingstrategytoreducethecomplexityandimprovetheagilityofinternalandexternalsupportcontractsTheOCIOrsquosbusinessmanagementandcontractingstrategywillhavetwomajorelementsestablishinganOperationalInformationTechnologyServices (OITS) contract by late FY (Fiscal Year) 2011and continuedoptimizationof the currentEnterpriseWideAgreements(EWA)ProgramAspartofanoverallITacquisitionframeworktheOCIOseekstoleveragethecostsavingsandmanagementefficienciesthatresultfromacquiringandmanagingcommodityITproductsandservicesaswellascommerciallyavailablesoftwareonagovernment-wide basis Contract administration efficiencies are achieved by reducingmultiple contracts to one and improved pricing isobtainedbyleveragingtheDepartmentrsquostotalbuyingpowerTheOITScontractwillbeestablishedinFY2011toconsolidateandoptimizecommodityITservicesthroughouttheDOEcomplexEmphasiswillbeplacedonmaximizinguseofthiscontracttodecreasetheDOErsquosITtotalcostofownershipThiscontractwillalsobestructuredtominimizesubcontractingThe OCIOrsquos EWA Program is a collection of optional-use strategic sourcing contracts for common-use software hardwareandservicesusedwithin ITorganizationsacross theDepartment TheEWAProgram isstructuredtoallowuseby theentireDOEcomplexincludingDOEProgramOfficesStaffOfficesFieldSitesNationalLaboratoriesandPowerAdministrationsandsupportsandcomplieswiththeEnergy-WideStrategicSourcing(EWSS)ProgramFederalSmartBUYinitiativeClinger-CohenActandotherlegislativeandDOEpolicies
ESSENTIALACTIONS DriveincreaseduseofboththeOITScontractandtheEWAProgramthroughanaggressive stakeholdercommunicationsandmanagementprogram
Reduceadministrativecostofadministeringcontractsbydocumentingandautomatingprocesses OptimizetheEWAprogramtocreatemorecosteffectiveoptionsforourcustomers AwardnewITsupportservicescontractforcurrentIT
TaRGETED OuTCOMES
MaximizedbuyingpowerandreducedtotalcostofITownershipbyattainingoptimalpricingthroughtheaggregationofsoftwarerequirements
StreamlinedacquisitionprocesstoincreaseITcontractadministrationefficienciesthroughconsolidationopportunitiesoflegacyITcontractsintosinglecontractvehiclesandenterpriselicenseagreements
Objective3GeneratesubstantialsavingswithinOCIOandacrossDOEthroughtheimplementationofacomprehensiveenterpriseITconsolidationandsustainabilityplanByconsolidatingITinfrastructureasdirectedintheFederalDataCenterConsolidationInitiative(FDCCI)andthroughthecontinuedimplementation and evolution of the Departmentrsquos Strategic Sustainability Performance Plan (SSPP) the Departmentwill cutcostswhilereducingitscontributionoffederalgreenhousegasesTheSSPPcontainselectronicstewardshipgoalsthatfocusonconsolidatingandreducingdatacentersandimplementingimprovementsintheenergyuseatdatacentersTheOCIOhasDepartmentalleadershipresponsibilityfortheseeffortsandispursuingactivitiestoconsolidateITservices
ESSENTIALACTIONS LeadaDepartment-wideefforttoidentifyandconsolidatecommodityITservices Developandimplementafederaldatacentermodernizationandconsolidationplan Reducethenumberoffederaldatacentersbysix(6)byFY2015
TaRGETED OuTCOMES
Reducednumberofdatacenters Reducedrealestatefootprint Reduceddatacentercosts
Realizedenergysavings Increasedresource-utilizationrates ReducedcostsofcommodityITservices
12of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Establishthehumancapitalandorganizationalfoundationtocreate ahigh-performingorganizationTheOCIOrecognizesthestrategicmanagementchallengerequiredtohireandretainahighly-skilledITworkforceandisworkingtoaddressthecriticalityofstrengtheninghumancapitalasadriverfororganizationaleffectivenessTheOfficeofManagementandBudget(OMB)hasidentifiedaspecifichuman-capitalinitiativethatisdirectedtowardaligningaprofessionalworkforceinsupportofaDepartmentrsquosmissiongoalsandstrategiesTheOCIOhasdevelopedrecruitmentrequirementstofocuseffortsonidentifyingqualifiedcandidateswhoareabletoeasilyadapttochangesbroughtaboutbynewtechnologiesandiscurrentlyidentifyinggapsinskillsandabilitiesofthecurrentworkforcedevelopinghiringplanscreatingtrainingandprofessionaldevelopmentplansanddocumentingnewefficientbusinessprocessesInadditioninitiativeshavebeenimplementedtofocusonmaximizingemployeeperformancebyinstitutingdevelopmentprogramsandenrichmentopportunitiesthatmotivateandinspireemployeesTheOCIOwillcontinuetorecruitandretainnewtalentforcriticalmanagementandmission-criticalpositionsinordertoachievekeyobjectivesAspartofitsstrategicplanningtheOCIOhasestablishedrolesandresponsibilitieshigh-levelprocessflowsandanorganizationstructuretopositionitselftobecomeahigh-performingorganization
ESSENTIALACTIONS Leveragepasteffectivenessefficiencyreviewsandneworganizationalandskillsassessmentstoidentifyplan andimplementchangestorolesresponsibilitiesandreportingrelationships
Re-alignexistingpersonnelresourcestomoreeffectivelymatchexistingskillstorequirements Rapidlyhiretop-qualitypersonnelasgapsareidentifiedparticularlyseniorstaffpositions Strengthenperformance-basedpersonnelmanagement Implementanewperformance-managementsystemtobetterrecognizeandrewardsuperiorperformance ensuringahigh-performingandaccountableworkforce
Implementaperformanceframeworkforaccountabilityattheemployeelevel Implementacomprehensivetrainingprogramtocloseskillgapsandsustaintechnicalcompetence
TaRGETED OuTCOMES
AlignedworkforceskillstoDOEmissionsandpriorities Increasedprofessionaldevelopmentwithin thefederalworkforce
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 13of25
strategicgoals
32 Strategic Goal 2
Identify and foster new and emerging information technology to maximize mission accomplishment and reduce costs
ThisstrategicgoalidentifiestheareasoffocusandtheprocessesbywhichnewandemergingtechnologyisassessedandcanbecomeanenablertoachievingtheDOEmissionTheOCIOrsquosroleinthisareaistosupportProgramsacrosstheDepartmenttoidentifyandfostertheacquisitionanduseofemergingITtoleveragenewcapabilitiesandrethinkhowtomanagecommunicateandinteractwithdepartmentalinformation
Objective1EstablishaformalsustainablefederaltechnologydeploymentprogramTheOCIOprovidesexpertiseand leadership topartnerorganizationsacross theDepartment in the identificationofnewandemergingtechnologythatisusefulinsupportingthemissionTosupportthisfunctionaChiefTechnologyOfficerhasbeenplacedandanOCIOOfficeofCorporateProjectshasbeenstooduptocoordinatepartnershipoutreachandtechnologyresearchefforts
ESSENTIALACTIONS Developandimplementatechnologyinnovationprocesstoensurewell-formedinputandhandoffs toITactivitiesacrosstheDepartment
DefineaprocessforeffectivelymanagingprojectswithintheOCIO RefinetheDOEITStrategicRoadmapprocess ExpandtheOCIOrsquostechnologyoutreachandleadershipviaaseriesofsummits
TaRGETED OuTCOMES
Reducedcostofmissionaccomplishmentsduetomoreproductivetoolsandprocesses
Improvedknowledgesharing
14of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2IdentifyandleverageinnovativeservicedeliverymethodsTheOCIOcontinuallymakesanefforttoprovidenecessarymissionsupportatthelowestpossiblecostandinthemosttransparentmannerByleveraginginnovativeservicedeliverymethodssuchason-demandinfrastructureviacloudcomputingtheDepartmentgainsflexibilityinmissionsupportatlowpredictablecostsTheDepartmentrsquoscloudcomputinginitiativeisfollowingtheFederalGovernmentrsquoscloudcomputingdirectionforpursuingcloudasthepreferredchoiceincapitalprojectsThisinitiativealsosupportstheFederalRiskandAuthorizationManagementProgram(FEDRAMP)certificationofprivatesectorcloudalternativesThisinitiativeiscloselylinkedtootherinitiativesincludingsustainabilityanddatacenterconsolidation
ESSENTIALACTIONS IdentifyandevaluateservicedeliverymethodsforuseatDOE Implementcloudcomputingservicedelivery Identifyandprovidebestpracticesincloudcomputingacquisition Developasourcingstrategyforinnovativeandemergingtechnologiessuchascloudcomputingvirtualizationmobilecomputingetc
TaRGETED OuTCOME
ReducedcostsofITcommodityservicesduetoincreaseduseofcloudcomputing andotherinnovativeservicedeliverymethods
Objective3IdentifyandfosteruseofgreentechnologytosupportenergyusereductiongoalsConsistentwiththeoverarchingstrategyofchangingthelandscapeofenergysupplyanddemandtheSecretaryhasestablishedenergyconsumptionreductiontargetsfortheagencyHistoricallyIToperationshavealwaysrequiredsignificantenergyinputsHowevernewtechnologiesandstrategiesareconstantlybeingdevelopedforenergyefficient ITserviceandoperations TheOCIOiscommittedtoidentifyingandleveragingnewtechnologyandtechniquestoensurethatITisasignificantcontributortothereductionofenergyconsumptionDepartment-wideTheOCIOispursuingactivitiestoimplementsoundITenergymanagementpracticesthatwillresultinreducedairconditioningcostsandsubstantialenergysavings
ESSENTIALACTIONS Promoteenergyconservationandpaperwastereductionbyraisingawarenessofpreferredalternativessuchassharedprintersandduplexprintingandtheuseofworkplacemulti-functiondevices
Reduce(metered)electricityconsumptiontoreflectofficeanddesktoppowermanagement ImproveDepartment-widepowermanagementofdesktopcomputersprintersetc IdentifyimproveddatacenterandspaceplanningthroughtheEnergySavingscontractandpublic-privatepartnerships
TaRGETED OuTCOME
ReducedDepartment-wideenergyconsumptionandintensitybyFY2015nolessthan30onaverageacrosstheentireDepartmentrelativetotheDepartmentrsquosenergyuseinFY2003
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 15of25
strategicgoals
33 Strategic Goal 3
Provide Departmental IT governance policy and oversight processes to ensure secure efficient and cost-effective use of IT resources
TheOCIOprovidesleadershipandcoordinationforDepartmentalITmanagementthrougheffectiveITgovernanceprovisioning of IT policy and the implementation of IT oversight processes related to enterprise architecture ITinvestmentmanagementandothercrosscuttingITfunctionsBypartneringwithDOEProgramsingovernanceandoversightprocessestheOCIOensuresthatITservicesandassetsremainalignedwithmissionneeds
Objective1ImplementandinstitutionalizeareformedintegratedinformationtechnologymanagementgovernanceprocessthattreatsMampOsdistinctivelydifferentthantruefederalentitiesTheOCIO is actively redesigning ITgovernancearound its strategicgoals andobjectivesanddoingawaywith thedisparateITgovernancemechanisms thatareoftenuncoordinatedand result inpoormanagement TheOCIO is rethinking itscurrentgovernancestructureandwill refocusandcoordinategovernancegroups toensureappropriateparticipationownershipandaccountability
ESSENTIALACTIONS ReviewandaddressITissuesusingtheappropriategovernancegroups IntegrateandalignexistinggovernancegroupsincludingtheInformationManagementGovernanceCouncilInformationTechnologyCouncilandassociatedworkinggroups
TaRGETED OuTCOME
Establishmentofcoordinatedgovernancegroupsandprocesseswithappropriateauthoritiesrolesandresponsibilities
16of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2EstablishandimplementrobustDepartmentalpolicyonITissues andappropriateIToversightprocessesAsadecentralizedDepartmentindividualProgramsandsitesacrosstheDOEcomplexperformtheacquisitionandmanagementofITresourcesTheOCIOisresponsibleforestablishingpolicyandstandardsandoverseeingDepartmentalITmanagementtotheappropriatedegreenecessarytoensureconsistencyinteroperabilityandsecurityImplementing IToversightprocessesensures that theDepartmentrsquosportfolioof IT investments fully addressDOErsquosbusinessneedsandstrategiesTheOCIOhassuccessfullyimplementedTechStataface-to-faceevidence-basedaccountabilityreviewofanITinvestmentresultinginconcreteactionstoevaluateITinvestmentsandtoaddressweaknessesandturnaroundtroubledinvestmentsTechStatisvitaltotheDepartmentrsquosabilitytoimproveline-of-sightbetweenteamsandseniormanagementandfacilitates closermanagement of IT project progresswith the ability to identify and address performance issues before theybecomecostlytofix
ESSENTIALACTIONS ReviewandupdateITpolicyandguidancetoaddresschangesinrequirements Identifyandaddressrequirementsfornewpolicyandguidanceinatimelymanner IdentifyHeadquarterandFieldinvestmentstobeincludedintheTechStatReviews ConductTechStatreviewsregularlyattheHeadquarterandProgramlevels MapOCIOpolicytointernalandexternalrequirements AddressgapstoensurethatasoundframeworkforITmanagementisestablished
TaRGETED OuTCOMES
Maintainedcompletedandup-to-datepolicyandguidanceonITacquisitionandmanagement EstablishedappropriateIToversightprocesses
IncreasedprecisionofongoingmeasurementofITinvestmenthealth Improvedaccountabilitywithfocusonconcreteactionstoimproveperformance
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 17of25
strategicgoals
Objective3RevitalizetherecordsmanagementprogramtoraisegeneralawarenessanddevelopplansTheDepartmenthasarenewedandreinvigoratedemphasisoncomprehensivefederalrecordsmanagementatDOEInaneraofrapidlychangingtechnologyrecordsarebeingcreatedandstoredinawidevarietyofformatsandmediaTraditionalprocessesofrecordsmanagementmustbeupdatedtoaddressthischangingenvironmentTheSecretaryofEnergyandtheDepartmentarededicatedtohavingacomprehensiverecordsmanagementprogramwherebythesystematiccontrolofthecreationmaintenancestorageanddispositionoffederalrecordsareensuredthroughtheestablishmentof andadherence to standardizedpoliciesprocesses and the trainingof federal staff andcontractors TheOCIOprovidesDepartmentalleadershipandcoordinationofthiseffort
ESSENTIALACTIONS DevelopaDepartmentRecordsManagementTacticalPlan Developarecordsinventoryanddispositionschedulelifecyclemanagementplan DevelopanddeployaDepartmentRecordsManagementTrainingcurriculum ProviderecommendationsfordocumentmanagementsystemsandRMAsystemscurrentlyavailable
TaRGETED OuTCOMES
EnsureduniformcompliancewithrecordsmanagementlawsandpracticesthroughDepartmentalrecordsmanagementgovernance UpdatedRecordsManagementpolicyviaanimprovedDOEOrder2431(B)thataddressespreviousshortcomingswithregardstorecordsmanagementandvitalrecordsgovernancemanagementandtraining
Developedcomprehensive(required)recordsmanagementtrainingthatensuresallDOEemployeesandcontractorsunderstandrecordmanagementrequirements ImplementRecordsManagementApplications(RMA) toensurethecontrolandmanagementofallldquopermanentrdquoandldquonon-permanentrdquorecordsacrosstheDepartmentincludinge-mail
Objective4EstablishstrongcooperativeinternalandexternalpartnershipsthatleadtoeffectiveinformationsharingandamutuallysupportiverelationshiptoachievingtheDOEmissionandapplicablefederalgoalsTheOCIOexercisesleadershipwithinandoutsidetheDepartmentthroughpartnershipsinsupportofAgencyandFederal-wideinitiativesSuchmutuallysupportivepartnershipsfostertrustandcommunicationandleadtotheidentificationofITmanagementbestpractices
ESSENTIALACTIONS EstablishmutuallysupportiverelationshipswithDOEProgramOfficesfunctionalmanagersandMampOCIOs Establishmutuallysupportiverelationshipswithotherfederalagencies
TaRGETED OuTCOMES
OCIOisarecognizedbusinesspartnerofDOEProgramOfficesfunctionalmanagersandMampOCIOs
ImprovedmanagementoffederalandprivatesectorpartnerinitiativessuchascloudcomputingIPv6andtheFederalRiskAuthorizationandManagementProgram(FedRAMP)
18of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
34 Strategic Goal 4
Strengthen Enterprise Situational Awareness to Foster Near-Real-Time Risk Management and Combat the Advanced Persistent Threat
Forge Interagency and Sector Partnerships to Protect Critical Infrastructure Promote Information Sharing and Advance Technologies for Cyber Defenses
TheDepartmentrsquosstrategicpathforwardforcybersecurityalignswithAdministrationprioritieswhichincludedeliveringsector-focusedcybersecuritysolutionstotheDefenseIndustrialBase(DIB)andprovidingleadershipintheexecutionoftheComprehensiveNationalCyberSecurityInitiative(CNCI)
We know that to achieve itsmissions DOEmust be forward-focused in defending its diverse infrastructure andbroadrangeofinformationassetsIncollaborationwithourNationalLaboratoriesandinter-agencypartnersweareleadingthetechnologicaladvancesnecessarytosecureoureconomicfutureanddefendGovernmentandcriticalinfrastructurefromincreasinglysophisticatedcyberattacks
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 19of25
strategicgoals
Objective1Implementaproactivecyberriskmanagementprogramthatensuresappropriateandcost-effectivesecuritytoenablemissionsandmeetlegalOMBandregulatoryrequirementsTheOCIOisleadingthedevelopmentoftheDepartmentrsquosRiskManagementApproach(RMA)fortheDepartmentrsquosCyberSecurityProgram(CSP)Thisapproachinstitutionalizesmission-focusedriskmanagementandlinemanagementaccountabilityforensuringappropriateprotectionofDOEinformationandinformationsystemsTheRMAandtheCSPrepresentanextensivecollaborativeeffortthatexemplifiestheDepartmentrsquosStrategicGoaltoldquoEstablishanoperationalandadaptableframeworkthatcombinesthebestwisdomofallDepartmentstakeholderstomaximizemissionsuccessrdquoTheRMAimplementsthefourcomponentsofriskmanagement(framingassessingrespondingandmonitoring)atallDOEorganizationlevelsTheOCIOpartnerswiththeOfficeofIntelligenceandCounterintelligence(IN)andtheIntelligenceCommunitytosharecriticalthreatinformationwiththeFederalcommunityacrosssecuritydomainsandrapidlyinformDOEprogramriskmanagementdecisionstoprotectagencyassetsTheOCIOwillcontinuetoexpandtheseeffortswhileleveragingadvancedresearchanddevelopmentcapabilitiestomitigatethefullspectrumofthreatsTheRMAdefinesgovernanceandprocessesfor assessingthreatsanalyzingrisksandsharingriskinformationthroughthecorporateriskexecutive informingrisk-baseddecisionsthatconsidermissionassuranceandcost-effectiveriskmitigationstrategiesprovidingtheappropriatebenefitfromavailablecybersecurityresourcesfirst
conveyingassuranceandconductingoversightand ensuringconsistencywithguidelinesfromtheNationalInstituteofStandardsandTechnology(NIST)andCommitteeonNationalSecuritySystems(CNSS)cyberrequirementsprocessesandprotections
TheRMAwillimplementautomatedenterpriseGovernanceRiskandCompliance(eGRC)capabilitiestoimprovedatacollectionaggregationand reportingThiseffortwill reducecosts re-direct resourcesandmanagement focus towardsoperationsandimproveOCIOcustomerservice
ESSENTIALACTIONS IdentifyanddocumentexistingRMAcapabilitiesincludingContractorAssuranceSystemssolutionsthatcouldbeleveragedinthetargetEnterprisecapability
FinalizeRMAmanagementplantoprograminputsfromSeniorDOEManagement ConductanddocumentRMAmaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimprovedRiskManagementdecisionsupport
TaRGETED OuTCOMES
Increasedresourceefficiencyandautomation Improvedsecuritypostureandenterprise situationalawareness
Increasedmissionassurancebetterinformed riskmanagementdecisions
20of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2ImplementacyberincidentmanagementprogramthatenhancessecurityoffederalandMampOnetworksandprovidesenterprise-widecoordinationandresponseThe OCIO is partnering with the NNSA OCIO the NationalLaboratoriesand INtodeveloptheDepartmentrsquosnextgenerationincidentmanagementcapabilityThis initiativeknownastheJointCyberSecurityCoordinationCenter(JC3)willintegrateDepartmentalincidentmanagementcapabilitiesintoacoordinatedresponseentitytoprovidefrontlinecyberdefenseandDepartment-levelsituationalawareness JC3 will strengthen DOErsquos role as a leader in thenational-level cybersecurity community through the timely sharingof DOE-derived cyber threat information with other agenciesJC3 will facilitate the aggregation correlation and deconflictionof inputs fromDepartment-wide sensor networks and other datasourcesprovidescomputer forensicanalysisandconductattacktrending tracking and mitigation of Advanced Persistent ThreatJC3 will coordinate incident management activities (Fxhibit 1)includingpreventiondetectioncontainmentandrecoveryforDOEElementsandcoordinatecommunicationsonbehalfoftheagencyfor cybersecurity events and emergency responsewithUS-CERTandagencypartners
ESSENTIALACTIONS IdentifyanddocumentexistingDOEIncidentManagementcapabilitiesincludingMampO-sponsoredsolutionsthatcouldbeleveragedintheJC3
DevelopJC3governancemodeltoincludeviableout-yearfundingmodel FinalizeprogrammanagementimplementationplanincludeplanforcoordinationofManagementExecutiveCouncil-DOECyberResearchandDevelopment(RampD)AdvanceTechnologiesinitiative
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimproveddecisionsupport
TaRGETED OuTCOMES
DocumentedenterprisebaselineofrequirementsmapexistingcapabilitiesincludingNationalLaboratoriesrsquoresourcesandexpertise ImprovedDOEenterpriseandGovernment-widecoordinationforresponsetosignificantcyberevents andAdvancedPersistentThreat
Improvedenterprise-wideeventmanagementreporting ImprovedleveragingofRampDandadvancedtechnologiestodetectandpreventcyberattacks
Preparationamp Prevention
Recover Era
dicat
e
ContainDet
ect
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
Figure1IncidentManagementLifecycle
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 21of25
strategicgoals
Objective3ImplementanenterprisecontinuousmonitoringstrategytocultivateactionableintelligenceandrapidlyinformmanagementactionOMBandFederalagencieshave increasingly recognized the limitedvalueofpoint-in-timesecurityauthorization for informingriskdecisionsandachievingeffectiveriskmanagementTheOCIOisleadingagencyeffortstodevelopContinuousMonitoring(CM)strategiesthatmoreeffectivelydirectandutilizeresourcesinprotectingagencyassetsThisCMprogramwillleveragetheRMAandshareOCIOeGRCcapabilitiestocultivateactionableintelligenceandenhancedecisionsupportfortheDOEanditsstakeholdersInimplementingtheCMprogramtheOCIOwill Identifyenterprise-levelCMinputsnecessarytobuildenterprisesituationalawarenessandinformriskmanagementdecisionsinnear-realtime(egthreatinformationstakeholdercommunicationflowsmissiondataetc)
Definetheprocessandperiodicityforreviewingandupdatingpoliciesstandardsandprocedurestomaintaincompliancewithcurrentstatutoryandregulatorydrivers
DescribehowCMdatawillbeaggregatedcorrelatedandanalyzedtoproduceactionableintelligenceandinformriskdecisionsincludingreporting
DevelopaCMImplementationPlanthat leveragesexistingresourcesfirst deploysinphasestocapturevaluequickly describesknowledgechainsandvaluepointsfororganization
AssessandmeasureprogrammaturitydevelopprocessesforcontinuousprogramimprovementtoincludeinnovationthroughRampDandadvancedtechnologiesoptimizationandlifecycleintegration
ESSENTIALACTIONS Identifyanddocumentgovernancecompliancerequirementsmodelsandprocessesthatimpactandcontributetocontinuousmonitoring
DevelopenterpriseCMStrategytoincludeincorporationofadvancedtechnologiesandinformationsharingwithinDOEorganizationsandexternallytotheFederalcommunity
ConductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyofCMStrategy
TaRGETED OuTCOMES
Integratedmulti-tiercontinuousmonitoringstrategythataddressesgovernanceenterpriseservicesandsystem-levelimplementation
AutomatedcommonreportingprocessforDOEHeadquartersProgramandSiteOffices InformedriskdecisionsusingcriticaldataflowsthatareidentifiedandincorporatedintoCMplans
22of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopmentNational workforce education and development initiatives such as the National Initiative for Cybersecurity Education (NICE)continue to underscore the critical importanceofwell-trained and capable cybersecurityworkforce to execute theprogramsthat support risk management and enable mission operations The OCIO is leading the enhancement of the Departmentrsquoscybersecurity trainingandworkforcedevelopmentprogram includingpartneringwithDepartmentofDefense to reducecostsbyleveragingtrainingresourcesThiseffortincludesamultiyearmulti-prongedapproachtowarddevelopingandmaintainingatrainingrepositorythatmapstrainingtocriticalcybersecurityrolesandindividualswithsignificantsecurityresponsibilitiesTheprogramiscentrallymanagedthroughtheOCIOandwillprovideafullscopeofadvancedtrainingresourcesandcapabilitiestoassistallDOEElements
ESSENTIALACTIONS DevelopenterpriseCybersecurityTrainingImplementationPlan Establishcommunicationsplantoensurecriticalrolesaremappedtoindividualsindividualtrainingplansareestablishedandcompletionratesaretracked
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyoftrainingprogram
TaRGETED OuTCOMES
Increasedworkforceawarenessandcapability improvedmitigationofinsiderthreat Improvedsecuritypostureandworkforcealignment withmissionpriorities
Identificationofkeycybersecurityroleswithineachorganizationincludingdocumentationofindividuals withsignificantsecurityresponsibility
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 23of25
appendix
Appendix A Strategic Initiatives
IdentityCredentialampAccessManagement(ICAM)This initiative establishes a framework for implementation of a variety ofidentity verification and access management capabilities It addressesrequirements related to HSPD-12 and enhances existing Public KeyInfrastructure (PKI) capabilities These key technologies enable theexchangeoftrustedidentitiesacrossDOEandwithotheragencypartnersHSPD-12 - This investment brings the Department in compliance withHomeland Security Presidential Directive 12 The initiative provides anenterprisestandards-basedauthenticationandauthorizationinfrastructurethatofferssecureseamlessbusinesstransactionsandinformationexchangewithinDOEandacrossmanydisparateagenciesandorganizationsTheprogramwillreduceexistinglogicalandphysicalsecurityvulnerabilitiesandmitigate risks toestablish theprerequisite levelofsecurity forcriticalenterprisebusinessfunctionsBoththetechnologysolutionsandongoingsupport providedby the initiativewill enableDOE to ensure that systemusers are who they claim to be (authentication) allow effective use ofdigitalsignatures(dataintegrityandaccountability)andrestrictaccesstoappropriatelyauthorizedusers(accesscontrol)PKI -ThemissionofPKISupportServicesistoprovideelectronicservicesrelated to authentication confidentiality privacy data integrity and non-repudiationthroughtheuseofdigitalidentitiesdigitalsignaturesandtwo-factorauthenticationtokensTheseservicesareavailabletoallcustomersthathaveavalidbusinessneedtosecureandtransmitsensitiveDepartmentdataandortherequirementtopositivelyidentifythemselvestoDepartmentresources
TaRGETED OuTCOMES ProvideastandardizedDOEIDCardcompliantwithHSPD-12andcapableofsupportingphysicalandlogicalaccessrequirementssuchascryptographicstorageofdigitalcredentialsintegratedstandards-basedbuildingproximitysupportandaprintedformatthatcomplieswithfederalIDcardrequirements EnhanceapublickeyinfrastructuresolutionthatcomplieswithfederalstandardsandsupportsDOErequirementsforconfidentialityintegrityandauthenticity ImplementanIIdentityCredentialandAccessManagementsolutionthatservesasthebasisofacommonsecurityinfrastructurethatcansupportdiversesystems EnsureDOEpublicexternalfacingserversand(web-enabled)servicestouseIPv6bytheendofFY2012
SustainabilityandFederalDataCenterConsolidationInitiativeThis initiative addresses requirements under the Federal Data CenterConsolidation Initiative (FDCCI) anOMB led initiative to consolidate andreducethenumberoffederaldatacentersItalsosupportsDepartmentalenergy reduction and sustainability goals as documented in the DOEStrategicSustainabilityPerformancePlanDatacenterreductiongoalswillbeachievedthroughincreasedefficienciessuchastheuseofvirtualizationconsolidation of requirements and implementation of increased use ofcloudcomputinginfrastructureasaservice
TaRGETED OuTCOMES ReducethenumberofDOEfederaldatacentersby6by2015
PerformanceManagementDashboardsThePerformanceManagementDashboards initiativeworkswithProgramOffices to develop business intelligence systems that inform seniorDOEmanagement about the effectiveness and efficiency of its program andfinancials This initiative also includes the development of Science ampTechnology in Americarsquos Reinvestment Metrics (STAR METRICS) formeasuring the effect of research on innovation competitiveness andscienceWhilethisinitiativeisintheearlystagesthegoalistouseProgramOfficeintelligencesystemstoleveragecontractorassurancesystemsandimprovethetransparencyofMampOcontractorperformance ThiswillprovideDOESenior Management visibility into contractor project performance muchearlierenablingimprovedperformancemanagement
TaRGETED OuTCOMES EstablishDOEintelligencesystemsthatprovidetransparencyandvisibilityintoprogramandfinancialperformance ProvideSeniorDOEManagementtimelyperformanceinformationtosupportdecision-makingviathePerformanceDashboards
24of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
appendix
FinancialAssistanceThe US Department of Energy (DOE) provides a significant amount offinancialassistancetosupportinnovationandprogressforAmericarsquosenergyscientificandnationalsecurityneedsevaluatingthousandsofapplicationseachyearandawardingbillionsofdollarsinfinancialassistanceDuetotheimportanceofDOErsquosinvestmentsandtheimpactofourresearchportfolioinsupportingournationalobjectivesandDOErsquosstrategicplantheDOEDeputySecretaryandOperationsManagementCouncildirectedtheOCIOtoconductanevaluationoffinancialassistancesystemswithinDOEto determine the scope of the opportunity to modernize the underlyingsystemsand services in support of financial assistanceprogramsat theDepartmentCurrentlyDOEreliesonamixofsystemsandprocessestoadministerfinancialassistanceawardsrangingfromin-housetooutsourcedproducts and has no single system or tool tomanageDOErsquos completeinvestmentportfolioAsaresulttheOCIOhasevaluatedfinancialassistancetechnologysolutionstoidentifyanoptimalapproachcontinuingourroleofprovidingtechnologyleadershippromotinginnovationandeffectiveoperationsacrossDOETherecommendationspromoteamoreintegratedenvironmentforcoordinatingexecutive insight into thefinancialassistanceactivitiesat thedepartmentandenablegreatertransparencyIn addition the effort promotes DOErsquos federal leadership initiatives suchas the STAR METRICS program which provides a common empiricalframeworktoidentifyoutcomesofresearchinvestmentsandpromotestheDepartmentrsquoscommitmenttoscienceandinnovation
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)TransitionThe IPv6 Transition initiative ensures DOE infrastructure and applicationlifecyclemanagement is aligned with the technical imperative and OMBdirectiontopreparefederalagenciestouseInternetProtocolVersion6by2014(OMBMemorandum92810)Agencydeadlinesinclude Upgradepublicexternalfacingserversandservices bytheendofFY2012
UpgradeinternalclientapplicationsbytheendofFY2014
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummitsTheOCIOhostsaseriesofsummitsfocusedonadvancedtechnologyandinnovationeffortsacrosstheDepartmentanditspartnerstohighlightwaysinwhichtheseactivitieshelpussucceedinourmissionandcontributetosuccessoftheNationrsquosgoalsandgrandchallengesThiseffortcontinuestheOCIOrsquosroleofpromotinginnovationshowcasingtechnologyleadershipandidentifyingopportunitiestomodernizeservicesandleveragethepowerof itThrough these types of forums opportunities are communicated anddiscussedinanopencollaborativeenvironmentandinitiativesacrossDOEcanbebroughttogethertopromotecollaborationandinformationsharingIndividuallysummitsprovidetopical-baseddiscussionsusecasesandbestpractices thatare linkedtoDOEandtheOCIOrsquoscontinualmodernizationandtechnologyreuseinitiativesandcreategreaterawarenessofthewaysweengageinourmissionOrganizationsparticipate fromacross theDOEenterprise includingotherfederalagenciesaswellaspublicandprivatepartnersandthesediscussionsprovide an opportunity to share stores and success helping identifycommonalitiesaswell asanunderstandingof theuniquecircumstancesencounteredbyindividualmissionsandoffices
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 25of25
appendix
FinancialAssistance
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)Transition
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummits
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
Appendix B List of Acronyms
ARB ArchitectureReviewBoardBRM BusinessReferenceModelCAM CorporateAssetManagementCampA CertificationandAccreditationCFO ChiefFinancialOfficerCIO ChiefInformationOfficerCHRIS CorporateHumanResource
InformationSystemCNCI ComprehensiveNational
CybersecurityInitiativeCNSS CommitteeforNationalSecuritySystemsCOTS CommercialOfftheShelfCPIC CapitalPlanningandInvestmentControlCRB CorporateReviewBudgetDIB DefenseIndustrialBaseDoe Department of energyEA EnterpriseArchitectureEATP EnterpriseArchitectureTransitionPlanEAWG EnterpriseArchitectureWorkingGroupEITS EnergyITServicesESNet EnergyScienceNetworkEVM EarnedValueManagementEWA EnterpriseWideAgreementEWSS Energy-WideStrategicSourcingFDCCI FederalDataCenterConsolidationInitiativeFEA FederalEnterpriseArchitectureFEDRAMP FederalRiskandAuthorization
ManagementProgramFFP FirmFixedPriceFGDC FederalGeographicDataCommitteeFISMA FederalInformationSecurity
ManagementActGLoB GeospatialLineofBusinessGPEA GovernmentPaperworkEliminationActGSA GeneralServicesAdministrationGSP GeospatialScienceProgramHSPD HomelandSecurityPresidentialDirectiveIDEA InnovativeDepartmentofEnergy
E-GovernmentApplicationsICAM IdentityCredentialampAccessManagementICPT IntegratedContractorPurchasingTeamIM InformationManagementI-MANAGE IntegratedManagementNavigationSystemIOAampT InfrastructureOfficeAutomation
andTelecommunicationsIPT IntegratedProjectTeamIPv6 InternetProtocolVersion6IRM InformationResourcesManagementIT InformationTechnologyLOB LineofBusinessMampO ManagementandOperatingNICE NationalInitiativefor
CybersecurityEducationNIST NationalInstituteofStandards
andTechnologyNNSA NationalNuclearSecurityAdministrationOCIO OfficeoftheChiefInformationOfficerOMB OfficeofManagementandBudgetOampM OperationsandMaintenancePKI PublicKeyInfrastructurePOAampM PlanofActionandMilestonesRMA RecordsManagementApplicationSPI SpectrumPolicyInitiativeSSP SharedServiceProviderSTAR ScienceampTechnologyin
AmericarsquosReinvestment
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 9of25
strategicgoals
30 OCIO Strategic GoalsTheOCIOhasITstrategicgoalsandobjectivesthatdriveachievementinDOEmissionandstrategicgoalsupport
Strategic Goal 1 Leverage existing information technology and expertise to maximize mission accomplishment and reduce costs
Objective1 ImplementasecureDOEfederalinfrastructurebyimprovingITservicesintoa best-in-classproviderfrombothatechnicalandbusinessperspective
Objective2 Developacomprehensivebusinessmanagementandcontractingstrategytoreducethecomplexityandimprovetheagilityofinternalandexternalsupportcontracts
[25PointImplementationPlanforFederalITReform]
Objective3 GeneratesubstantialsavingswithinOCIOandacrossDOEthroughtheimplementationofacomprehensiveenterpriseITconsolidationandsustainabilityplan
[DOEStrategicSustainabilityPerformancePlanExecutiveOrder1351425PointImplementationPlanforFederalITReform]
Objective4 Establishthehumancapitalandorganizationalfoundationtocreateahigh-performingorganization [25PointImplementationPlanforFederalITReform]
Strategic Goal 2 Identify and foster new and emerging information technology to maximize mission accomplishment and reduce costs
Objective1 Establishaformalsustainablefederaltechnologydeploymentprogram
Objective2 Identifyandleverageinnovativeservicedeliverymethods [FederalCloudFirstPolicy25PointImplementationPlanforFederalITReform]
Objective3 Identifyandfosteruseofgreentechnologytosupportenergyusereductiongoals [DOEStrategicSustainabilityPerformancePlanExecutiveOrder13514]
Strategic Goal 3 Provide Departmental IT governance policy and oversight processes to ensure secure efficient and cost-effective use of IT resources
Objective1 ImplementandinstitutionalizeareformedintegratedinformationtechnologymanagementgovernanceprocessthattreatsMampOsdistinctivelydifferentthantruefederalentities
Objective2 EstablishandimplementrobustDepartmentalpolicyonITissuesandappropriateIToversightprocesses [Clinger-CohenActDOEOrder2001AOMBCircularsA-11amp130]
Objective3 Revitalizetherecordsmanagementprogramtoraisegeneralawarenessanddevelopplans [FederalRecordsActPaperworkReductionActDOEOrders2431amp243236CFRChapterXIISubchapterB]
Objective4 EstablishstrongcooperativeinternalandexternalpartnershipsthatleadtoeffectiveinformationsharingandamutuallysupportiverelationshiptoachievingtheDOEmissionandapplicablefederalgoals
Strategic Goal 4 Strengthen enterprise situational awareness to foster near-real-time risk management and combat the advanced persistent threat forge interagency and sector partnerships to protect critical infrastructure promote information sharing and advance technologies for cyber defenses
Objective1 Implementaproactivecyberriskmanagementprogramthatensuresappropriateand cost-effectivesecuritytoenablemissionsandmeetlegalOMBandregulatoryrequirements
[FederalInformationSecurityManagementActDOEOrder2051B]
Objective2 ImplementacyberincidentmanagementprogramthatenhancessecurityoffederalandMampOnetworksandprovidesenterprise-widecoordinationandresponse
[FederalInformationSecurityManagementActDOEOrder2051B]
Objective3 Implementanenterprisecontinuousmonitoringstrategytocultivateactionableintelligenceandrapidlyinformmanagementaction
[FederalInformationSecurityManagementActDOEOrder2051B]
Objective4 Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopment [NationalInitiativeforCybersecurityEducation]
10of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
31 Strategic Goal 1
Leverage existing information technology and expertise to maximize mission accomplishment and reduce costs
The OCIO has established comprehensive functions to address policy people and processes related to ITmanagementByworkingfromasoundorganizationalfoundationandfocusingoncontinuousimprovementtomeetnew challenges theOCIOwill leverage an array of existing resources including human capital contractual andorganizationalprocessestoensureeffectiveITmanagementandstrongmissionsupportthroughouttheDepartmentDescriptionsoftargetedoutcomesandactionsrelatedtothisgoalaredescribedbelow
Objective1ImplementasecureDOEfederalinfrastructurebyimprovingITservicesintoabest-in-classproviderfrombothatechnicalandbusinessperspectiveTheOCIOOfficeforEnergyITServices(EITS)hastheresponsibilitytoprovidesharedandcrosscuttingITinfrastructuretothefederal community including theDOE-wide network servers for application anddata hosting secure internet access e-mailservicesfederaldesktopsandhelpdesksupportTheEITSteamworkstoprovideefficientlowcostservicesconsistentwithservicelevelagreementsinplacewithcustomersfromacrosstheDepartmentEITSisfocusedonbecomingtheDOEcommodityservicesproviderofchoice
ESSENTIALACTIONS DevelopanddeployavirtualdesktopinfrastructurecapableofsupportingallDOEfederaldesktopsimprovingtheinterconnectivitybetweenfederalandMampOinformationresourcesandprovidingdevice-agnosticconnectivity
Developafive-yearenterprisetechnologyroadmapthatoutlinesanear-andlong-termtechnologymigrationpathforfutureEITSservices
TaRGETED OuTCOMES
AstandardizedsimplifiedfederalITinfrastructure Reducednumberofcomponentsrequiredtooperate Reducednumberofinfrastructuresitesandfacilities
Strengthenedcybersecurity Sharedservices Increasedoperabilityandefficiency
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 11of25
strategicgoals
Objective2DevelopacomprehensivebusinessmanagementandcontractingstrategytoreducethecomplexityandimprovetheagilityofinternalandexternalsupportcontractsTheOCIOrsquosbusinessmanagementandcontractingstrategywillhavetwomajorelementsestablishinganOperationalInformationTechnologyServices (OITS) contract by late FY (Fiscal Year) 2011and continuedoptimizationof the currentEnterpriseWideAgreements(EWA)ProgramAspartofanoverallITacquisitionframeworktheOCIOseekstoleveragethecostsavingsandmanagementefficienciesthatresultfromacquiringandmanagingcommodityITproductsandservicesaswellascommerciallyavailablesoftwareonagovernment-wide basis Contract administration efficiencies are achieved by reducingmultiple contracts to one and improved pricing isobtainedbyleveragingtheDepartmentrsquostotalbuyingpowerTheOITScontractwillbeestablishedinFY2011toconsolidateandoptimizecommodityITservicesthroughouttheDOEcomplexEmphasiswillbeplacedonmaximizinguseofthiscontracttodecreasetheDOErsquosITtotalcostofownershipThiscontractwillalsobestructuredtominimizesubcontractingThe OCIOrsquos EWA Program is a collection of optional-use strategic sourcing contracts for common-use software hardwareandservicesusedwithin ITorganizationsacross theDepartment TheEWAProgram isstructuredtoallowuseby theentireDOEcomplexincludingDOEProgramOfficesStaffOfficesFieldSitesNationalLaboratoriesandPowerAdministrationsandsupportsandcomplieswiththeEnergy-WideStrategicSourcing(EWSS)ProgramFederalSmartBUYinitiativeClinger-CohenActandotherlegislativeandDOEpolicies
ESSENTIALACTIONS DriveincreaseduseofboththeOITScontractandtheEWAProgramthroughanaggressive stakeholdercommunicationsandmanagementprogram
Reduceadministrativecostofadministeringcontractsbydocumentingandautomatingprocesses OptimizetheEWAprogramtocreatemorecosteffectiveoptionsforourcustomers AwardnewITsupportservicescontractforcurrentIT
TaRGETED OuTCOMES
MaximizedbuyingpowerandreducedtotalcostofITownershipbyattainingoptimalpricingthroughtheaggregationofsoftwarerequirements
StreamlinedacquisitionprocesstoincreaseITcontractadministrationefficienciesthroughconsolidationopportunitiesoflegacyITcontractsintosinglecontractvehiclesandenterpriselicenseagreements
Objective3GeneratesubstantialsavingswithinOCIOandacrossDOEthroughtheimplementationofacomprehensiveenterpriseITconsolidationandsustainabilityplanByconsolidatingITinfrastructureasdirectedintheFederalDataCenterConsolidationInitiative(FDCCI)andthroughthecontinuedimplementation and evolution of the Departmentrsquos Strategic Sustainability Performance Plan (SSPP) the Departmentwill cutcostswhilereducingitscontributionoffederalgreenhousegasesTheSSPPcontainselectronicstewardshipgoalsthatfocusonconsolidatingandreducingdatacentersandimplementingimprovementsintheenergyuseatdatacentersTheOCIOhasDepartmentalleadershipresponsibilityfortheseeffortsandispursuingactivitiestoconsolidateITservices
ESSENTIALACTIONS LeadaDepartment-wideefforttoidentifyandconsolidatecommodityITservices Developandimplementafederaldatacentermodernizationandconsolidationplan Reducethenumberoffederaldatacentersbysix(6)byFY2015
TaRGETED OuTCOMES
Reducednumberofdatacenters Reducedrealestatefootprint Reduceddatacentercosts
Realizedenergysavings Increasedresource-utilizationrates ReducedcostsofcommodityITservices
12of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Establishthehumancapitalandorganizationalfoundationtocreate ahigh-performingorganizationTheOCIOrecognizesthestrategicmanagementchallengerequiredtohireandretainahighly-skilledITworkforceandisworkingtoaddressthecriticalityofstrengtheninghumancapitalasadriverfororganizationaleffectivenessTheOfficeofManagementandBudget(OMB)hasidentifiedaspecifichuman-capitalinitiativethatisdirectedtowardaligningaprofessionalworkforceinsupportofaDepartmentrsquosmissiongoalsandstrategiesTheOCIOhasdevelopedrecruitmentrequirementstofocuseffortsonidentifyingqualifiedcandidateswhoareabletoeasilyadapttochangesbroughtaboutbynewtechnologiesandiscurrentlyidentifyinggapsinskillsandabilitiesofthecurrentworkforcedevelopinghiringplanscreatingtrainingandprofessionaldevelopmentplansanddocumentingnewefficientbusinessprocessesInadditioninitiativeshavebeenimplementedtofocusonmaximizingemployeeperformancebyinstitutingdevelopmentprogramsandenrichmentopportunitiesthatmotivateandinspireemployeesTheOCIOwillcontinuetorecruitandretainnewtalentforcriticalmanagementandmission-criticalpositionsinordertoachievekeyobjectivesAspartofitsstrategicplanningtheOCIOhasestablishedrolesandresponsibilitieshigh-levelprocessflowsandanorganizationstructuretopositionitselftobecomeahigh-performingorganization
ESSENTIALACTIONS Leveragepasteffectivenessefficiencyreviewsandneworganizationalandskillsassessmentstoidentifyplan andimplementchangestorolesresponsibilitiesandreportingrelationships
Re-alignexistingpersonnelresourcestomoreeffectivelymatchexistingskillstorequirements Rapidlyhiretop-qualitypersonnelasgapsareidentifiedparticularlyseniorstaffpositions Strengthenperformance-basedpersonnelmanagement Implementanewperformance-managementsystemtobetterrecognizeandrewardsuperiorperformance ensuringahigh-performingandaccountableworkforce
Implementaperformanceframeworkforaccountabilityattheemployeelevel Implementacomprehensivetrainingprogramtocloseskillgapsandsustaintechnicalcompetence
TaRGETED OuTCOMES
AlignedworkforceskillstoDOEmissionsandpriorities Increasedprofessionaldevelopmentwithin thefederalworkforce
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 13of25
strategicgoals
32 Strategic Goal 2
Identify and foster new and emerging information technology to maximize mission accomplishment and reduce costs
ThisstrategicgoalidentifiestheareasoffocusandtheprocessesbywhichnewandemergingtechnologyisassessedandcanbecomeanenablertoachievingtheDOEmissionTheOCIOrsquosroleinthisareaistosupportProgramsacrosstheDepartmenttoidentifyandfostertheacquisitionanduseofemergingITtoleveragenewcapabilitiesandrethinkhowtomanagecommunicateandinteractwithdepartmentalinformation
Objective1EstablishaformalsustainablefederaltechnologydeploymentprogramTheOCIOprovidesexpertiseand leadership topartnerorganizationsacross theDepartment in the identificationofnewandemergingtechnologythatisusefulinsupportingthemissionTosupportthisfunctionaChiefTechnologyOfficerhasbeenplacedandanOCIOOfficeofCorporateProjectshasbeenstooduptocoordinatepartnershipoutreachandtechnologyresearchefforts
ESSENTIALACTIONS Developandimplementatechnologyinnovationprocesstoensurewell-formedinputandhandoffs toITactivitiesacrosstheDepartment
DefineaprocessforeffectivelymanagingprojectswithintheOCIO RefinetheDOEITStrategicRoadmapprocess ExpandtheOCIOrsquostechnologyoutreachandleadershipviaaseriesofsummits
TaRGETED OuTCOMES
Reducedcostofmissionaccomplishmentsduetomoreproductivetoolsandprocesses
Improvedknowledgesharing
14of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2IdentifyandleverageinnovativeservicedeliverymethodsTheOCIOcontinuallymakesanefforttoprovidenecessarymissionsupportatthelowestpossiblecostandinthemosttransparentmannerByleveraginginnovativeservicedeliverymethodssuchason-demandinfrastructureviacloudcomputingtheDepartmentgainsflexibilityinmissionsupportatlowpredictablecostsTheDepartmentrsquoscloudcomputinginitiativeisfollowingtheFederalGovernmentrsquoscloudcomputingdirectionforpursuingcloudasthepreferredchoiceincapitalprojectsThisinitiativealsosupportstheFederalRiskandAuthorizationManagementProgram(FEDRAMP)certificationofprivatesectorcloudalternativesThisinitiativeiscloselylinkedtootherinitiativesincludingsustainabilityanddatacenterconsolidation
ESSENTIALACTIONS IdentifyandevaluateservicedeliverymethodsforuseatDOE Implementcloudcomputingservicedelivery Identifyandprovidebestpracticesincloudcomputingacquisition Developasourcingstrategyforinnovativeandemergingtechnologiessuchascloudcomputingvirtualizationmobilecomputingetc
TaRGETED OuTCOME
ReducedcostsofITcommodityservicesduetoincreaseduseofcloudcomputing andotherinnovativeservicedeliverymethods
Objective3IdentifyandfosteruseofgreentechnologytosupportenergyusereductiongoalsConsistentwiththeoverarchingstrategyofchangingthelandscapeofenergysupplyanddemandtheSecretaryhasestablishedenergyconsumptionreductiontargetsfortheagencyHistoricallyIToperationshavealwaysrequiredsignificantenergyinputsHowevernewtechnologiesandstrategiesareconstantlybeingdevelopedforenergyefficient ITserviceandoperations TheOCIOiscommittedtoidentifyingandleveragingnewtechnologyandtechniquestoensurethatITisasignificantcontributortothereductionofenergyconsumptionDepartment-wideTheOCIOispursuingactivitiestoimplementsoundITenergymanagementpracticesthatwillresultinreducedairconditioningcostsandsubstantialenergysavings
ESSENTIALACTIONS Promoteenergyconservationandpaperwastereductionbyraisingawarenessofpreferredalternativessuchassharedprintersandduplexprintingandtheuseofworkplacemulti-functiondevices
Reduce(metered)electricityconsumptiontoreflectofficeanddesktoppowermanagement ImproveDepartment-widepowermanagementofdesktopcomputersprintersetc IdentifyimproveddatacenterandspaceplanningthroughtheEnergySavingscontractandpublic-privatepartnerships
TaRGETED OuTCOME
ReducedDepartment-wideenergyconsumptionandintensitybyFY2015nolessthan30onaverageacrosstheentireDepartmentrelativetotheDepartmentrsquosenergyuseinFY2003
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 15of25
strategicgoals
33 Strategic Goal 3
Provide Departmental IT governance policy and oversight processes to ensure secure efficient and cost-effective use of IT resources
TheOCIOprovidesleadershipandcoordinationforDepartmentalITmanagementthrougheffectiveITgovernanceprovisioning of IT policy and the implementation of IT oversight processes related to enterprise architecture ITinvestmentmanagementandothercrosscuttingITfunctionsBypartneringwithDOEProgramsingovernanceandoversightprocessestheOCIOensuresthatITservicesandassetsremainalignedwithmissionneeds
Objective1ImplementandinstitutionalizeareformedintegratedinformationtechnologymanagementgovernanceprocessthattreatsMampOsdistinctivelydifferentthantruefederalentitiesTheOCIO is actively redesigning ITgovernancearound its strategicgoals andobjectivesanddoingawaywith thedisparateITgovernancemechanisms thatareoftenuncoordinatedand result inpoormanagement TheOCIO is rethinking itscurrentgovernancestructureandwill refocusandcoordinategovernancegroups toensureappropriateparticipationownershipandaccountability
ESSENTIALACTIONS ReviewandaddressITissuesusingtheappropriategovernancegroups IntegrateandalignexistinggovernancegroupsincludingtheInformationManagementGovernanceCouncilInformationTechnologyCouncilandassociatedworkinggroups
TaRGETED OuTCOME
Establishmentofcoordinatedgovernancegroupsandprocesseswithappropriateauthoritiesrolesandresponsibilities
16of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2EstablishandimplementrobustDepartmentalpolicyonITissues andappropriateIToversightprocessesAsadecentralizedDepartmentindividualProgramsandsitesacrosstheDOEcomplexperformtheacquisitionandmanagementofITresourcesTheOCIOisresponsibleforestablishingpolicyandstandardsandoverseeingDepartmentalITmanagementtotheappropriatedegreenecessarytoensureconsistencyinteroperabilityandsecurityImplementing IToversightprocessesensures that theDepartmentrsquosportfolioof IT investments fully addressDOErsquosbusinessneedsandstrategiesTheOCIOhassuccessfullyimplementedTechStataface-to-faceevidence-basedaccountabilityreviewofanITinvestmentresultinginconcreteactionstoevaluateITinvestmentsandtoaddressweaknessesandturnaroundtroubledinvestmentsTechStatisvitaltotheDepartmentrsquosabilitytoimproveline-of-sightbetweenteamsandseniormanagementandfacilitates closermanagement of IT project progresswith the ability to identify and address performance issues before theybecomecostlytofix
ESSENTIALACTIONS ReviewandupdateITpolicyandguidancetoaddresschangesinrequirements Identifyandaddressrequirementsfornewpolicyandguidanceinatimelymanner IdentifyHeadquarterandFieldinvestmentstobeincludedintheTechStatReviews ConductTechStatreviewsregularlyattheHeadquarterandProgramlevels MapOCIOpolicytointernalandexternalrequirements AddressgapstoensurethatasoundframeworkforITmanagementisestablished
TaRGETED OuTCOMES
Maintainedcompletedandup-to-datepolicyandguidanceonITacquisitionandmanagement EstablishedappropriateIToversightprocesses
IncreasedprecisionofongoingmeasurementofITinvestmenthealth Improvedaccountabilitywithfocusonconcreteactionstoimproveperformance
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 17of25
strategicgoals
Objective3RevitalizetherecordsmanagementprogramtoraisegeneralawarenessanddevelopplansTheDepartmenthasarenewedandreinvigoratedemphasisoncomprehensivefederalrecordsmanagementatDOEInaneraofrapidlychangingtechnologyrecordsarebeingcreatedandstoredinawidevarietyofformatsandmediaTraditionalprocessesofrecordsmanagementmustbeupdatedtoaddressthischangingenvironmentTheSecretaryofEnergyandtheDepartmentarededicatedtohavingacomprehensiverecordsmanagementprogramwherebythesystematiccontrolofthecreationmaintenancestorageanddispositionoffederalrecordsareensuredthroughtheestablishmentof andadherence to standardizedpoliciesprocesses and the trainingof federal staff andcontractors TheOCIOprovidesDepartmentalleadershipandcoordinationofthiseffort
ESSENTIALACTIONS DevelopaDepartmentRecordsManagementTacticalPlan Developarecordsinventoryanddispositionschedulelifecyclemanagementplan DevelopanddeployaDepartmentRecordsManagementTrainingcurriculum ProviderecommendationsfordocumentmanagementsystemsandRMAsystemscurrentlyavailable
TaRGETED OuTCOMES
EnsureduniformcompliancewithrecordsmanagementlawsandpracticesthroughDepartmentalrecordsmanagementgovernance UpdatedRecordsManagementpolicyviaanimprovedDOEOrder2431(B)thataddressespreviousshortcomingswithregardstorecordsmanagementandvitalrecordsgovernancemanagementandtraining
Developedcomprehensive(required)recordsmanagementtrainingthatensuresallDOEemployeesandcontractorsunderstandrecordmanagementrequirements ImplementRecordsManagementApplications(RMA) toensurethecontrolandmanagementofallldquopermanentrdquoandldquonon-permanentrdquorecordsacrosstheDepartmentincludinge-mail
Objective4EstablishstrongcooperativeinternalandexternalpartnershipsthatleadtoeffectiveinformationsharingandamutuallysupportiverelationshiptoachievingtheDOEmissionandapplicablefederalgoalsTheOCIOexercisesleadershipwithinandoutsidetheDepartmentthroughpartnershipsinsupportofAgencyandFederal-wideinitiativesSuchmutuallysupportivepartnershipsfostertrustandcommunicationandleadtotheidentificationofITmanagementbestpractices
ESSENTIALACTIONS EstablishmutuallysupportiverelationshipswithDOEProgramOfficesfunctionalmanagersandMampOCIOs Establishmutuallysupportiverelationshipswithotherfederalagencies
TaRGETED OuTCOMES
OCIOisarecognizedbusinesspartnerofDOEProgramOfficesfunctionalmanagersandMampOCIOs
ImprovedmanagementoffederalandprivatesectorpartnerinitiativessuchascloudcomputingIPv6andtheFederalRiskAuthorizationandManagementProgram(FedRAMP)
18of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
34 Strategic Goal 4
Strengthen Enterprise Situational Awareness to Foster Near-Real-Time Risk Management and Combat the Advanced Persistent Threat
Forge Interagency and Sector Partnerships to Protect Critical Infrastructure Promote Information Sharing and Advance Technologies for Cyber Defenses
TheDepartmentrsquosstrategicpathforwardforcybersecurityalignswithAdministrationprioritieswhichincludedeliveringsector-focusedcybersecuritysolutionstotheDefenseIndustrialBase(DIB)andprovidingleadershipintheexecutionoftheComprehensiveNationalCyberSecurityInitiative(CNCI)
We know that to achieve itsmissions DOEmust be forward-focused in defending its diverse infrastructure andbroadrangeofinformationassetsIncollaborationwithourNationalLaboratoriesandinter-agencypartnersweareleadingthetechnologicaladvancesnecessarytosecureoureconomicfutureanddefendGovernmentandcriticalinfrastructurefromincreasinglysophisticatedcyberattacks
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 19of25
strategicgoals
Objective1Implementaproactivecyberriskmanagementprogramthatensuresappropriateandcost-effectivesecuritytoenablemissionsandmeetlegalOMBandregulatoryrequirementsTheOCIOisleadingthedevelopmentoftheDepartmentrsquosRiskManagementApproach(RMA)fortheDepartmentrsquosCyberSecurityProgram(CSP)Thisapproachinstitutionalizesmission-focusedriskmanagementandlinemanagementaccountabilityforensuringappropriateprotectionofDOEinformationandinformationsystemsTheRMAandtheCSPrepresentanextensivecollaborativeeffortthatexemplifiestheDepartmentrsquosStrategicGoaltoldquoEstablishanoperationalandadaptableframeworkthatcombinesthebestwisdomofallDepartmentstakeholderstomaximizemissionsuccessrdquoTheRMAimplementsthefourcomponentsofriskmanagement(framingassessingrespondingandmonitoring)atallDOEorganizationlevelsTheOCIOpartnerswiththeOfficeofIntelligenceandCounterintelligence(IN)andtheIntelligenceCommunitytosharecriticalthreatinformationwiththeFederalcommunityacrosssecuritydomainsandrapidlyinformDOEprogramriskmanagementdecisionstoprotectagencyassetsTheOCIOwillcontinuetoexpandtheseeffortswhileleveragingadvancedresearchanddevelopmentcapabilitiestomitigatethefullspectrumofthreatsTheRMAdefinesgovernanceandprocessesfor assessingthreatsanalyzingrisksandsharingriskinformationthroughthecorporateriskexecutive informingrisk-baseddecisionsthatconsidermissionassuranceandcost-effectiveriskmitigationstrategiesprovidingtheappropriatebenefitfromavailablecybersecurityresourcesfirst
conveyingassuranceandconductingoversightand ensuringconsistencywithguidelinesfromtheNationalInstituteofStandardsandTechnology(NIST)andCommitteeonNationalSecuritySystems(CNSS)cyberrequirementsprocessesandprotections
TheRMAwillimplementautomatedenterpriseGovernanceRiskandCompliance(eGRC)capabilitiestoimprovedatacollectionaggregationand reportingThiseffortwill reducecosts re-direct resourcesandmanagement focus towardsoperationsandimproveOCIOcustomerservice
ESSENTIALACTIONS IdentifyanddocumentexistingRMAcapabilitiesincludingContractorAssuranceSystemssolutionsthatcouldbeleveragedinthetargetEnterprisecapability
FinalizeRMAmanagementplantoprograminputsfromSeniorDOEManagement ConductanddocumentRMAmaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimprovedRiskManagementdecisionsupport
TaRGETED OuTCOMES
Increasedresourceefficiencyandautomation Improvedsecuritypostureandenterprise situationalawareness
Increasedmissionassurancebetterinformed riskmanagementdecisions
20of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2ImplementacyberincidentmanagementprogramthatenhancessecurityoffederalandMampOnetworksandprovidesenterprise-widecoordinationandresponseThe OCIO is partnering with the NNSA OCIO the NationalLaboratoriesand INtodeveloptheDepartmentrsquosnextgenerationincidentmanagementcapabilityThis initiativeknownastheJointCyberSecurityCoordinationCenter(JC3)willintegrateDepartmentalincidentmanagementcapabilitiesintoacoordinatedresponseentitytoprovidefrontlinecyberdefenseandDepartment-levelsituationalawareness JC3 will strengthen DOErsquos role as a leader in thenational-level cybersecurity community through the timely sharingof DOE-derived cyber threat information with other agenciesJC3 will facilitate the aggregation correlation and deconflictionof inputs fromDepartment-wide sensor networks and other datasourcesprovidescomputer forensicanalysisandconductattacktrending tracking and mitigation of Advanced Persistent ThreatJC3 will coordinate incident management activities (Fxhibit 1)includingpreventiondetectioncontainmentandrecoveryforDOEElementsandcoordinatecommunicationsonbehalfoftheagencyfor cybersecurity events and emergency responsewithUS-CERTandagencypartners
ESSENTIALACTIONS IdentifyanddocumentexistingDOEIncidentManagementcapabilitiesincludingMampO-sponsoredsolutionsthatcouldbeleveragedintheJC3
DevelopJC3governancemodeltoincludeviableout-yearfundingmodel FinalizeprogrammanagementimplementationplanincludeplanforcoordinationofManagementExecutiveCouncil-DOECyberResearchandDevelopment(RampD)AdvanceTechnologiesinitiative
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimproveddecisionsupport
TaRGETED OuTCOMES
DocumentedenterprisebaselineofrequirementsmapexistingcapabilitiesincludingNationalLaboratoriesrsquoresourcesandexpertise ImprovedDOEenterpriseandGovernment-widecoordinationforresponsetosignificantcyberevents andAdvancedPersistentThreat
Improvedenterprise-wideeventmanagementreporting ImprovedleveragingofRampDandadvancedtechnologiestodetectandpreventcyberattacks
Preparationamp Prevention
Recover Era
dicat
e
ContainDet
ect
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
Figure1IncidentManagementLifecycle
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 21of25
strategicgoals
Objective3ImplementanenterprisecontinuousmonitoringstrategytocultivateactionableintelligenceandrapidlyinformmanagementactionOMBandFederalagencieshave increasingly recognized the limitedvalueofpoint-in-timesecurityauthorization for informingriskdecisionsandachievingeffectiveriskmanagementTheOCIOisleadingagencyeffortstodevelopContinuousMonitoring(CM)strategiesthatmoreeffectivelydirectandutilizeresourcesinprotectingagencyassetsThisCMprogramwillleveragetheRMAandshareOCIOeGRCcapabilitiestocultivateactionableintelligenceandenhancedecisionsupportfortheDOEanditsstakeholdersInimplementingtheCMprogramtheOCIOwill Identifyenterprise-levelCMinputsnecessarytobuildenterprisesituationalawarenessandinformriskmanagementdecisionsinnear-realtime(egthreatinformationstakeholdercommunicationflowsmissiondataetc)
Definetheprocessandperiodicityforreviewingandupdatingpoliciesstandardsandprocedurestomaintaincompliancewithcurrentstatutoryandregulatorydrivers
DescribehowCMdatawillbeaggregatedcorrelatedandanalyzedtoproduceactionableintelligenceandinformriskdecisionsincludingreporting
DevelopaCMImplementationPlanthat leveragesexistingresourcesfirst deploysinphasestocapturevaluequickly describesknowledgechainsandvaluepointsfororganization
AssessandmeasureprogrammaturitydevelopprocessesforcontinuousprogramimprovementtoincludeinnovationthroughRampDandadvancedtechnologiesoptimizationandlifecycleintegration
ESSENTIALACTIONS Identifyanddocumentgovernancecompliancerequirementsmodelsandprocessesthatimpactandcontributetocontinuousmonitoring
DevelopenterpriseCMStrategytoincludeincorporationofadvancedtechnologiesandinformationsharingwithinDOEorganizationsandexternallytotheFederalcommunity
ConductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyofCMStrategy
TaRGETED OuTCOMES
Integratedmulti-tiercontinuousmonitoringstrategythataddressesgovernanceenterpriseservicesandsystem-levelimplementation
AutomatedcommonreportingprocessforDOEHeadquartersProgramandSiteOffices InformedriskdecisionsusingcriticaldataflowsthatareidentifiedandincorporatedintoCMplans
22of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopmentNational workforce education and development initiatives such as the National Initiative for Cybersecurity Education (NICE)continue to underscore the critical importanceofwell-trained and capable cybersecurityworkforce to execute theprogramsthat support risk management and enable mission operations The OCIO is leading the enhancement of the Departmentrsquoscybersecurity trainingandworkforcedevelopmentprogram includingpartneringwithDepartmentofDefense to reducecostsbyleveragingtrainingresourcesThiseffortincludesamultiyearmulti-prongedapproachtowarddevelopingandmaintainingatrainingrepositorythatmapstrainingtocriticalcybersecurityrolesandindividualswithsignificantsecurityresponsibilitiesTheprogramiscentrallymanagedthroughtheOCIOandwillprovideafullscopeofadvancedtrainingresourcesandcapabilitiestoassistallDOEElements
ESSENTIALACTIONS DevelopenterpriseCybersecurityTrainingImplementationPlan Establishcommunicationsplantoensurecriticalrolesaremappedtoindividualsindividualtrainingplansareestablishedandcompletionratesaretracked
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyoftrainingprogram
TaRGETED OuTCOMES
Increasedworkforceawarenessandcapability improvedmitigationofinsiderthreat Improvedsecuritypostureandworkforcealignment withmissionpriorities
Identificationofkeycybersecurityroleswithineachorganizationincludingdocumentationofindividuals withsignificantsecurityresponsibility
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 23of25
appendix
Appendix A Strategic Initiatives
IdentityCredentialampAccessManagement(ICAM)This initiative establishes a framework for implementation of a variety ofidentity verification and access management capabilities It addressesrequirements related to HSPD-12 and enhances existing Public KeyInfrastructure (PKI) capabilities These key technologies enable theexchangeoftrustedidentitiesacrossDOEandwithotheragencypartnersHSPD-12 - This investment brings the Department in compliance withHomeland Security Presidential Directive 12 The initiative provides anenterprisestandards-basedauthenticationandauthorizationinfrastructurethatofferssecureseamlessbusinesstransactionsandinformationexchangewithinDOEandacrossmanydisparateagenciesandorganizationsTheprogramwillreduceexistinglogicalandphysicalsecurityvulnerabilitiesandmitigate risks toestablish theprerequisite levelofsecurity forcriticalenterprisebusinessfunctionsBoththetechnologysolutionsandongoingsupport providedby the initiativewill enableDOE to ensure that systemusers are who they claim to be (authentication) allow effective use ofdigitalsignatures(dataintegrityandaccountability)andrestrictaccesstoappropriatelyauthorizedusers(accesscontrol)PKI -ThemissionofPKISupportServicesistoprovideelectronicservicesrelated to authentication confidentiality privacy data integrity and non-repudiationthroughtheuseofdigitalidentitiesdigitalsignaturesandtwo-factorauthenticationtokensTheseservicesareavailabletoallcustomersthathaveavalidbusinessneedtosecureandtransmitsensitiveDepartmentdataandortherequirementtopositivelyidentifythemselvestoDepartmentresources
TaRGETED OuTCOMES ProvideastandardizedDOEIDCardcompliantwithHSPD-12andcapableofsupportingphysicalandlogicalaccessrequirementssuchascryptographicstorageofdigitalcredentialsintegratedstandards-basedbuildingproximitysupportandaprintedformatthatcomplieswithfederalIDcardrequirements EnhanceapublickeyinfrastructuresolutionthatcomplieswithfederalstandardsandsupportsDOErequirementsforconfidentialityintegrityandauthenticity ImplementanIIdentityCredentialandAccessManagementsolutionthatservesasthebasisofacommonsecurityinfrastructurethatcansupportdiversesystems EnsureDOEpublicexternalfacingserversand(web-enabled)servicestouseIPv6bytheendofFY2012
SustainabilityandFederalDataCenterConsolidationInitiativeThis initiative addresses requirements under the Federal Data CenterConsolidation Initiative (FDCCI) anOMB led initiative to consolidate andreducethenumberoffederaldatacentersItalsosupportsDepartmentalenergy reduction and sustainability goals as documented in the DOEStrategicSustainabilityPerformancePlanDatacenterreductiongoalswillbeachievedthroughincreasedefficienciessuchastheuseofvirtualizationconsolidation of requirements and implementation of increased use ofcloudcomputinginfrastructureasaservice
TaRGETED OuTCOMES ReducethenumberofDOEfederaldatacentersby6by2015
PerformanceManagementDashboardsThePerformanceManagementDashboards initiativeworkswithProgramOffices to develop business intelligence systems that inform seniorDOEmanagement about the effectiveness and efficiency of its program andfinancials This initiative also includes the development of Science ampTechnology in Americarsquos Reinvestment Metrics (STAR METRICS) formeasuring the effect of research on innovation competitiveness andscienceWhilethisinitiativeisintheearlystagesthegoalistouseProgramOfficeintelligencesystemstoleveragecontractorassurancesystemsandimprovethetransparencyofMampOcontractorperformance ThiswillprovideDOESenior Management visibility into contractor project performance muchearlierenablingimprovedperformancemanagement
TaRGETED OuTCOMES EstablishDOEintelligencesystemsthatprovidetransparencyandvisibilityintoprogramandfinancialperformance ProvideSeniorDOEManagementtimelyperformanceinformationtosupportdecision-makingviathePerformanceDashboards
24of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
appendix
FinancialAssistanceThe US Department of Energy (DOE) provides a significant amount offinancialassistancetosupportinnovationandprogressforAmericarsquosenergyscientificandnationalsecurityneedsevaluatingthousandsofapplicationseachyearandawardingbillionsofdollarsinfinancialassistanceDuetotheimportanceofDOErsquosinvestmentsandtheimpactofourresearchportfolioinsupportingournationalobjectivesandDOErsquosstrategicplantheDOEDeputySecretaryandOperationsManagementCouncildirectedtheOCIOtoconductanevaluationoffinancialassistancesystemswithinDOEto determine the scope of the opportunity to modernize the underlyingsystemsand services in support of financial assistanceprogramsat theDepartmentCurrentlyDOEreliesonamixofsystemsandprocessestoadministerfinancialassistanceawardsrangingfromin-housetooutsourcedproducts and has no single system or tool tomanageDOErsquos completeinvestmentportfolioAsaresulttheOCIOhasevaluatedfinancialassistancetechnologysolutionstoidentifyanoptimalapproachcontinuingourroleofprovidingtechnologyleadershippromotinginnovationandeffectiveoperationsacrossDOETherecommendationspromoteamoreintegratedenvironmentforcoordinatingexecutive insight into thefinancialassistanceactivitiesat thedepartmentandenablegreatertransparencyIn addition the effort promotes DOErsquos federal leadership initiatives suchas the STAR METRICS program which provides a common empiricalframeworktoidentifyoutcomesofresearchinvestmentsandpromotestheDepartmentrsquoscommitmenttoscienceandinnovation
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)TransitionThe IPv6 Transition initiative ensures DOE infrastructure and applicationlifecyclemanagement is aligned with the technical imperative and OMBdirectiontopreparefederalagenciestouseInternetProtocolVersion6by2014(OMBMemorandum92810)Agencydeadlinesinclude Upgradepublicexternalfacingserversandservices bytheendofFY2012
UpgradeinternalclientapplicationsbytheendofFY2014
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummitsTheOCIOhostsaseriesofsummitsfocusedonadvancedtechnologyandinnovationeffortsacrosstheDepartmentanditspartnerstohighlightwaysinwhichtheseactivitieshelpussucceedinourmissionandcontributetosuccessoftheNationrsquosgoalsandgrandchallengesThiseffortcontinuestheOCIOrsquosroleofpromotinginnovationshowcasingtechnologyleadershipandidentifyingopportunitiestomodernizeservicesandleveragethepowerof itThrough these types of forums opportunities are communicated anddiscussedinanopencollaborativeenvironmentandinitiativesacrossDOEcanbebroughttogethertopromotecollaborationandinformationsharingIndividuallysummitsprovidetopical-baseddiscussionsusecasesandbestpractices thatare linkedtoDOEandtheOCIOrsquoscontinualmodernizationandtechnologyreuseinitiativesandcreategreaterawarenessofthewaysweengageinourmissionOrganizationsparticipate fromacross theDOEenterprise includingotherfederalagenciesaswellaspublicandprivatepartnersandthesediscussionsprovide an opportunity to share stores and success helping identifycommonalitiesaswell asanunderstandingof theuniquecircumstancesencounteredbyindividualmissionsandoffices
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 25of25
appendix
FinancialAssistance
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)Transition
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummits
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
Appendix B List of Acronyms
ARB ArchitectureReviewBoardBRM BusinessReferenceModelCAM CorporateAssetManagementCampA CertificationandAccreditationCFO ChiefFinancialOfficerCIO ChiefInformationOfficerCHRIS CorporateHumanResource
InformationSystemCNCI ComprehensiveNational
CybersecurityInitiativeCNSS CommitteeforNationalSecuritySystemsCOTS CommercialOfftheShelfCPIC CapitalPlanningandInvestmentControlCRB CorporateReviewBudgetDIB DefenseIndustrialBaseDoe Department of energyEA EnterpriseArchitectureEATP EnterpriseArchitectureTransitionPlanEAWG EnterpriseArchitectureWorkingGroupEITS EnergyITServicesESNet EnergyScienceNetworkEVM EarnedValueManagementEWA EnterpriseWideAgreementEWSS Energy-WideStrategicSourcingFDCCI FederalDataCenterConsolidationInitiativeFEA FederalEnterpriseArchitectureFEDRAMP FederalRiskandAuthorization
ManagementProgramFFP FirmFixedPriceFGDC FederalGeographicDataCommitteeFISMA FederalInformationSecurity
ManagementActGLoB GeospatialLineofBusinessGPEA GovernmentPaperworkEliminationActGSA GeneralServicesAdministrationGSP GeospatialScienceProgramHSPD HomelandSecurityPresidentialDirectiveIDEA InnovativeDepartmentofEnergy
E-GovernmentApplicationsICAM IdentityCredentialampAccessManagementICPT IntegratedContractorPurchasingTeamIM InformationManagementI-MANAGE IntegratedManagementNavigationSystemIOAampT InfrastructureOfficeAutomation
andTelecommunicationsIPT IntegratedProjectTeamIPv6 InternetProtocolVersion6IRM InformationResourcesManagementIT InformationTechnologyLOB LineofBusinessMampO ManagementandOperatingNICE NationalInitiativefor
CybersecurityEducationNIST NationalInstituteofStandards
andTechnologyNNSA NationalNuclearSecurityAdministrationOCIO OfficeoftheChiefInformationOfficerOMB OfficeofManagementandBudgetOampM OperationsandMaintenancePKI PublicKeyInfrastructurePOAampM PlanofActionandMilestonesRMA RecordsManagementApplicationSPI SpectrumPolicyInitiativeSSP SharedServiceProviderSTAR ScienceampTechnologyin
AmericarsquosReinvestment
10of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
31 Strategic Goal 1
Leverage existing information technology and expertise to maximize mission accomplishment and reduce costs
The OCIO has established comprehensive functions to address policy people and processes related to ITmanagementByworkingfromasoundorganizationalfoundationandfocusingoncontinuousimprovementtomeetnew challenges theOCIOwill leverage an array of existing resources including human capital contractual andorganizationalprocessestoensureeffectiveITmanagementandstrongmissionsupportthroughouttheDepartmentDescriptionsoftargetedoutcomesandactionsrelatedtothisgoalaredescribedbelow
Objective1ImplementasecureDOEfederalinfrastructurebyimprovingITservicesintoabest-in-classproviderfrombothatechnicalandbusinessperspectiveTheOCIOOfficeforEnergyITServices(EITS)hastheresponsibilitytoprovidesharedandcrosscuttingITinfrastructuretothefederal community including theDOE-wide network servers for application anddata hosting secure internet access e-mailservicesfederaldesktopsandhelpdesksupportTheEITSteamworkstoprovideefficientlowcostservicesconsistentwithservicelevelagreementsinplacewithcustomersfromacrosstheDepartmentEITSisfocusedonbecomingtheDOEcommodityservicesproviderofchoice
ESSENTIALACTIONS DevelopanddeployavirtualdesktopinfrastructurecapableofsupportingallDOEfederaldesktopsimprovingtheinterconnectivitybetweenfederalandMampOinformationresourcesandprovidingdevice-agnosticconnectivity
Developafive-yearenterprisetechnologyroadmapthatoutlinesanear-andlong-termtechnologymigrationpathforfutureEITSservices
TaRGETED OuTCOMES
AstandardizedsimplifiedfederalITinfrastructure Reducednumberofcomponentsrequiredtooperate Reducednumberofinfrastructuresitesandfacilities
Strengthenedcybersecurity Sharedservices Increasedoperabilityandefficiency
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 11of25
strategicgoals
Objective2DevelopacomprehensivebusinessmanagementandcontractingstrategytoreducethecomplexityandimprovetheagilityofinternalandexternalsupportcontractsTheOCIOrsquosbusinessmanagementandcontractingstrategywillhavetwomajorelementsestablishinganOperationalInformationTechnologyServices (OITS) contract by late FY (Fiscal Year) 2011and continuedoptimizationof the currentEnterpriseWideAgreements(EWA)ProgramAspartofanoverallITacquisitionframeworktheOCIOseekstoleveragethecostsavingsandmanagementefficienciesthatresultfromacquiringandmanagingcommodityITproductsandservicesaswellascommerciallyavailablesoftwareonagovernment-wide basis Contract administration efficiencies are achieved by reducingmultiple contracts to one and improved pricing isobtainedbyleveragingtheDepartmentrsquostotalbuyingpowerTheOITScontractwillbeestablishedinFY2011toconsolidateandoptimizecommodityITservicesthroughouttheDOEcomplexEmphasiswillbeplacedonmaximizinguseofthiscontracttodecreasetheDOErsquosITtotalcostofownershipThiscontractwillalsobestructuredtominimizesubcontractingThe OCIOrsquos EWA Program is a collection of optional-use strategic sourcing contracts for common-use software hardwareandservicesusedwithin ITorganizationsacross theDepartment TheEWAProgram isstructuredtoallowuseby theentireDOEcomplexincludingDOEProgramOfficesStaffOfficesFieldSitesNationalLaboratoriesandPowerAdministrationsandsupportsandcomplieswiththeEnergy-WideStrategicSourcing(EWSS)ProgramFederalSmartBUYinitiativeClinger-CohenActandotherlegislativeandDOEpolicies
ESSENTIALACTIONS DriveincreaseduseofboththeOITScontractandtheEWAProgramthroughanaggressive stakeholdercommunicationsandmanagementprogram
Reduceadministrativecostofadministeringcontractsbydocumentingandautomatingprocesses OptimizetheEWAprogramtocreatemorecosteffectiveoptionsforourcustomers AwardnewITsupportservicescontractforcurrentIT
TaRGETED OuTCOMES
MaximizedbuyingpowerandreducedtotalcostofITownershipbyattainingoptimalpricingthroughtheaggregationofsoftwarerequirements
StreamlinedacquisitionprocesstoincreaseITcontractadministrationefficienciesthroughconsolidationopportunitiesoflegacyITcontractsintosinglecontractvehiclesandenterpriselicenseagreements
Objective3GeneratesubstantialsavingswithinOCIOandacrossDOEthroughtheimplementationofacomprehensiveenterpriseITconsolidationandsustainabilityplanByconsolidatingITinfrastructureasdirectedintheFederalDataCenterConsolidationInitiative(FDCCI)andthroughthecontinuedimplementation and evolution of the Departmentrsquos Strategic Sustainability Performance Plan (SSPP) the Departmentwill cutcostswhilereducingitscontributionoffederalgreenhousegasesTheSSPPcontainselectronicstewardshipgoalsthatfocusonconsolidatingandreducingdatacentersandimplementingimprovementsintheenergyuseatdatacentersTheOCIOhasDepartmentalleadershipresponsibilityfortheseeffortsandispursuingactivitiestoconsolidateITservices
ESSENTIALACTIONS LeadaDepartment-wideefforttoidentifyandconsolidatecommodityITservices Developandimplementafederaldatacentermodernizationandconsolidationplan Reducethenumberoffederaldatacentersbysix(6)byFY2015
TaRGETED OuTCOMES
Reducednumberofdatacenters Reducedrealestatefootprint Reduceddatacentercosts
Realizedenergysavings Increasedresource-utilizationrates ReducedcostsofcommodityITservices
12of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Establishthehumancapitalandorganizationalfoundationtocreate ahigh-performingorganizationTheOCIOrecognizesthestrategicmanagementchallengerequiredtohireandretainahighly-skilledITworkforceandisworkingtoaddressthecriticalityofstrengtheninghumancapitalasadriverfororganizationaleffectivenessTheOfficeofManagementandBudget(OMB)hasidentifiedaspecifichuman-capitalinitiativethatisdirectedtowardaligningaprofessionalworkforceinsupportofaDepartmentrsquosmissiongoalsandstrategiesTheOCIOhasdevelopedrecruitmentrequirementstofocuseffortsonidentifyingqualifiedcandidateswhoareabletoeasilyadapttochangesbroughtaboutbynewtechnologiesandiscurrentlyidentifyinggapsinskillsandabilitiesofthecurrentworkforcedevelopinghiringplanscreatingtrainingandprofessionaldevelopmentplansanddocumentingnewefficientbusinessprocessesInadditioninitiativeshavebeenimplementedtofocusonmaximizingemployeeperformancebyinstitutingdevelopmentprogramsandenrichmentopportunitiesthatmotivateandinspireemployeesTheOCIOwillcontinuetorecruitandretainnewtalentforcriticalmanagementandmission-criticalpositionsinordertoachievekeyobjectivesAspartofitsstrategicplanningtheOCIOhasestablishedrolesandresponsibilitieshigh-levelprocessflowsandanorganizationstructuretopositionitselftobecomeahigh-performingorganization
ESSENTIALACTIONS Leveragepasteffectivenessefficiencyreviewsandneworganizationalandskillsassessmentstoidentifyplan andimplementchangestorolesresponsibilitiesandreportingrelationships
Re-alignexistingpersonnelresourcestomoreeffectivelymatchexistingskillstorequirements Rapidlyhiretop-qualitypersonnelasgapsareidentifiedparticularlyseniorstaffpositions Strengthenperformance-basedpersonnelmanagement Implementanewperformance-managementsystemtobetterrecognizeandrewardsuperiorperformance ensuringahigh-performingandaccountableworkforce
Implementaperformanceframeworkforaccountabilityattheemployeelevel Implementacomprehensivetrainingprogramtocloseskillgapsandsustaintechnicalcompetence
TaRGETED OuTCOMES
AlignedworkforceskillstoDOEmissionsandpriorities Increasedprofessionaldevelopmentwithin thefederalworkforce
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 13of25
strategicgoals
32 Strategic Goal 2
Identify and foster new and emerging information technology to maximize mission accomplishment and reduce costs
ThisstrategicgoalidentifiestheareasoffocusandtheprocessesbywhichnewandemergingtechnologyisassessedandcanbecomeanenablertoachievingtheDOEmissionTheOCIOrsquosroleinthisareaistosupportProgramsacrosstheDepartmenttoidentifyandfostertheacquisitionanduseofemergingITtoleveragenewcapabilitiesandrethinkhowtomanagecommunicateandinteractwithdepartmentalinformation
Objective1EstablishaformalsustainablefederaltechnologydeploymentprogramTheOCIOprovidesexpertiseand leadership topartnerorganizationsacross theDepartment in the identificationofnewandemergingtechnologythatisusefulinsupportingthemissionTosupportthisfunctionaChiefTechnologyOfficerhasbeenplacedandanOCIOOfficeofCorporateProjectshasbeenstooduptocoordinatepartnershipoutreachandtechnologyresearchefforts
ESSENTIALACTIONS Developandimplementatechnologyinnovationprocesstoensurewell-formedinputandhandoffs toITactivitiesacrosstheDepartment
DefineaprocessforeffectivelymanagingprojectswithintheOCIO RefinetheDOEITStrategicRoadmapprocess ExpandtheOCIOrsquostechnologyoutreachandleadershipviaaseriesofsummits
TaRGETED OuTCOMES
Reducedcostofmissionaccomplishmentsduetomoreproductivetoolsandprocesses
Improvedknowledgesharing
14of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2IdentifyandleverageinnovativeservicedeliverymethodsTheOCIOcontinuallymakesanefforttoprovidenecessarymissionsupportatthelowestpossiblecostandinthemosttransparentmannerByleveraginginnovativeservicedeliverymethodssuchason-demandinfrastructureviacloudcomputingtheDepartmentgainsflexibilityinmissionsupportatlowpredictablecostsTheDepartmentrsquoscloudcomputinginitiativeisfollowingtheFederalGovernmentrsquoscloudcomputingdirectionforpursuingcloudasthepreferredchoiceincapitalprojectsThisinitiativealsosupportstheFederalRiskandAuthorizationManagementProgram(FEDRAMP)certificationofprivatesectorcloudalternativesThisinitiativeiscloselylinkedtootherinitiativesincludingsustainabilityanddatacenterconsolidation
ESSENTIALACTIONS IdentifyandevaluateservicedeliverymethodsforuseatDOE Implementcloudcomputingservicedelivery Identifyandprovidebestpracticesincloudcomputingacquisition Developasourcingstrategyforinnovativeandemergingtechnologiessuchascloudcomputingvirtualizationmobilecomputingetc
TaRGETED OuTCOME
ReducedcostsofITcommodityservicesduetoincreaseduseofcloudcomputing andotherinnovativeservicedeliverymethods
Objective3IdentifyandfosteruseofgreentechnologytosupportenergyusereductiongoalsConsistentwiththeoverarchingstrategyofchangingthelandscapeofenergysupplyanddemandtheSecretaryhasestablishedenergyconsumptionreductiontargetsfortheagencyHistoricallyIToperationshavealwaysrequiredsignificantenergyinputsHowevernewtechnologiesandstrategiesareconstantlybeingdevelopedforenergyefficient ITserviceandoperations TheOCIOiscommittedtoidentifyingandleveragingnewtechnologyandtechniquestoensurethatITisasignificantcontributortothereductionofenergyconsumptionDepartment-wideTheOCIOispursuingactivitiestoimplementsoundITenergymanagementpracticesthatwillresultinreducedairconditioningcostsandsubstantialenergysavings
ESSENTIALACTIONS Promoteenergyconservationandpaperwastereductionbyraisingawarenessofpreferredalternativessuchassharedprintersandduplexprintingandtheuseofworkplacemulti-functiondevices
Reduce(metered)electricityconsumptiontoreflectofficeanddesktoppowermanagement ImproveDepartment-widepowermanagementofdesktopcomputersprintersetc IdentifyimproveddatacenterandspaceplanningthroughtheEnergySavingscontractandpublic-privatepartnerships
TaRGETED OuTCOME
ReducedDepartment-wideenergyconsumptionandintensitybyFY2015nolessthan30onaverageacrosstheentireDepartmentrelativetotheDepartmentrsquosenergyuseinFY2003
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 15of25
strategicgoals
33 Strategic Goal 3
Provide Departmental IT governance policy and oversight processes to ensure secure efficient and cost-effective use of IT resources
TheOCIOprovidesleadershipandcoordinationforDepartmentalITmanagementthrougheffectiveITgovernanceprovisioning of IT policy and the implementation of IT oversight processes related to enterprise architecture ITinvestmentmanagementandothercrosscuttingITfunctionsBypartneringwithDOEProgramsingovernanceandoversightprocessestheOCIOensuresthatITservicesandassetsremainalignedwithmissionneeds
Objective1ImplementandinstitutionalizeareformedintegratedinformationtechnologymanagementgovernanceprocessthattreatsMampOsdistinctivelydifferentthantruefederalentitiesTheOCIO is actively redesigning ITgovernancearound its strategicgoals andobjectivesanddoingawaywith thedisparateITgovernancemechanisms thatareoftenuncoordinatedand result inpoormanagement TheOCIO is rethinking itscurrentgovernancestructureandwill refocusandcoordinategovernancegroups toensureappropriateparticipationownershipandaccountability
ESSENTIALACTIONS ReviewandaddressITissuesusingtheappropriategovernancegroups IntegrateandalignexistinggovernancegroupsincludingtheInformationManagementGovernanceCouncilInformationTechnologyCouncilandassociatedworkinggroups
TaRGETED OuTCOME
Establishmentofcoordinatedgovernancegroupsandprocesseswithappropriateauthoritiesrolesandresponsibilities
16of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2EstablishandimplementrobustDepartmentalpolicyonITissues andappropriateIToversightprocessesAsadecentralizedDepartmentindividualProgramsandsitesacrosstheDOEcomplexperformtheacquisitionandmanagementofITresourcesTheOCIOisresponsibleforestablishingpolicyandstandardsandoverseeingDepartmentalITmanagementtotheappropriatedegreenecessarytoensureconsistencyinteroperabilityandsecurityImplementing IToversightprocessesensures that theDepartmentrsquosportfolioof IT investments fully addressDOErsquosbusinessneedsandstrategiesTheOCIOhassuccessfullyimplementedTechStataface-to-faceevidence-basedaccountabilityreviewofanITinvestmentresultinginconcreteactionstoevaluateITinvestmentsandtoaddressweaknessesandturnaroundtroubledinvestmentsTechStatisvitaltotheDepartmentrsquosabilitytoimproveline-of-sightbetweenteamsandseniormanagementandfacilitates closermanagement of IT project progresswith the ability to identify and address performance issues before theybecomecostlytofix
ESSENTIALACTIONS ReviewandupdateITpolicyandguidancetoaddresschangesinrequirements Identifyandaddressrequirementsfornewpolicyandguidanceinatimelymanner IdentifyHeadquarterandFieldinvestmentstobeincludedintheTechStatReviews ConductTechStatreviewsregularlyattheHeadquarterandProgramlevels MapOCIOpolicytointernalandexternalrequirements AddressgapstoensurethatasoundframeworkforITmanagementisestablished
TaRGETED OuTCOMES
Maintainedcompletedandup-to-datepolicyandguidanceonITacquisitionandmanagement EstablishedappropriateIToversightprocesses
IncreasedprecisionofongoingmeasurementofITinvestmenthealth Improvedaccountabilitywithfocusonconcreteactionstoimproveperformance
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 17of25
strategicgoals
Objective3RevitalizetherecordsmanagementprogramtoraisegeneralawarenessanddevelopplansTheDepartmenthasarenewedandreinvigoratedemphasisoncomprehensivefederalrecordsmanagementatDOEInaneraofrapidlychangingtechnologyrecordsarebeingcreatedandstoredinawidevarietyofformatsandmediaTraditionalprocessesofrecordsmanagementmustbeupdatedtoaddressthischangingenvironmentTheSecretaryofEnergyandtheDepartmentarededicatedtohavingacomprehensiverecordsmanagementprogramwherebythesystematiccontrolofthecreationmaintenancestorageanddispositionoffederalrecordsareensuredthroughtheestablishmentof andadherence to standardizedpoliciesprocesses and the trainingof federal staff andcontractors TheOCIOprovidesDepartmentalleadershipandcoordinationofthiseffort
ESSENTIALACTIONS DevelopaDepartmentRecordsManagementTacticalPlan Developarecordsinventoryanddispositionschedulelifecyclemanagementplan DevelopanddeployaDepartmentRecordsManagementTrainingcurriculum ProviderecommendationsfordocumentmanagementsystemsandRMAsystemscurrentlyavailable
TaRGETED OuTCOMES
EnsureduniformcompliancewithrecordsmanagementlawsandpracticesthroughDepartmentalrecordsmanagementgovernance UpdatedRecordsManagementpolicyviaanimprovedDOEOrder2431(B)thataddressespreviousshortcomingswithregardstorecordsmanagementandvitalrecordsgovernancemanagementandtraining
Developedcomprehensive(required)recordsmanagementtrainingthatensuresallDOEemployeesandcontractorsunderstandrecordmanagementrequirements ImplementRecordsManagementApplications(RMA) toensurethecontrolandmanagementofallldquopermanentrdquoandldquonon-permanentrdquorecordsacrosstheDepartmentincludinge-mail
Objective4EstablishstrongcooperativeinternalandexternalpartnershipsthatleadtoeffectiveinformationsharingandamutuallysupportiverelationshiptoachievingtheDOEmissionandapplicablefederalgoalsTheOCIOexercisesleadershipwithinandoutsidetheDepartmentthroughpartnershipsinsupportofAgencyandFederal-wideinitiativesSuchmutuallysupportivepartnershipsfostertrustandcommunicationandleadtotheidentificationofITmanagementbestpractices
ESSENTIALACTIONS EstablishmutuallysupportiverelationshipswithDOEProgramOfficesfunctionalmanagersandMampOCIOs Establishmutuallysupportiverelationshipswithotherfederalagencies
TaRGETED OuTCOMES
OCIOisarecognizedbusinesspartnerofDOEProgramOfficesfunctionalmanagersandMampOCIOs
ImprovedmanagementoffederalandprivatesectorpartnerinitiativessuchascloudcomputingIPv6andtheFederalRiskAuthorizationandManagementProgram(FedRAMP)
18of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
34 Strategic Goal 4
Strengthen Enterprise Situational Awareness to Foster Near-Real-Time Risk Management and Combat the Advanced Persistent Threat
Forge Interagency and Sector Partnerships to Protect Critical Infrastructure Promote Information Sharing and Advance Technologies for Cyber Defenses
TheDepartmentrsquosstrategicpathforwardforcybersecurityalignswithAdministrationprioritieswhichincludedeliveringsector-focusedcybersecuritysolutionstotheDefenseIndustrialBase(DIB)andprovidingleadershipintheexecutionoftheComprehensiveNationalCyberSecurityInitiative(CNCI)
We know that to achieve itsmissions DOEmust be forward-focused in defending its diverse infrastructure andbroadrangeofinformationassetsIncollaborationwithourNationalLaboratoriesandinter-agencypartnersweareleadingthetechnologicaladvancesnecessarytosecureoureconomicfutureanddefendGovernmentandcriticalinfrastructurefromincreasinglysophisticatedcyberattacks
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 19of25
strategicgoals
Objective1Implementaproactivecyberriskmanagementprogramthatensuresappropriateandcost-effectivesecuritytoenablemissionsandmeetlegalOMBandregulatoryrequirementsTheOCIOisleadingthedevelopmentoftheDepartmentrsquosRiskManagementApproach(RMA)fortheDepartmentrsquosCyberSecurityProgram(CSP)Thisapproachinstitutionalizesmission-focusedriskmanagementandlinemanagementaccountabilityforensuringappropriateprotectionofDOEinformationandinformationsystemsTheRMAandtheCSPrepresentanextensivecollaborativeeffortthatexemplifiestheDepartmentrsquosStrategicGoaltoldquoEstablishanoperationalandadaptableframeworkthatcombinesthebestwisdomofallDepartmentstakeholderstomaximizemissionsuccessrdquoTheRMAimplementsthefourcomponentsofriskmanagement(framingassessingrespondingandmonitoring)atallDOEorganizationlevelsTheOCIOpartnerswiththeOfficeofIntelligenceandCounterintelligence(IN)andtheIntelligenceCommunitytosharecriticalthreatinformationwiththeFederalcommunityacrosssecuritydomainsandrapidlyinformDOEprogramriskmanagementdecisionstoprotectagencyassetsTheOCIOwillcontinuetoexpandtheseeffortswhileleveragingadvancedresearchanddevelopmentcapabilitiestomitigatethefullspectrumofthreatsTheRMAdefinesgovernanceandprocessesfor assessingthreatsanalyzingrisksandsharingriskinformationthroughthecorporateriskexecutive informingrisk-baseddecisionsthatconsidermissionassuranceandcost-effectiveriskmitigationstrategiesprovidingtheappropriatebenefitfromavailablecybersecurityresourcesfirst
conveyingassuranceandconductingoversightand ensuringconsistencywithguidelinesfromtheNationalInstituteofStandardsandTechnology(NIST)andCommitteeonNationalSecuritySystems(CNSS)cyberrequirementsprocessesandprotections
TheRMAwillimplementautomatedenterpriseGovernanceRiskandCompliance(eGRC)capabilitiestoimprovedatacollectionaggregationand reportingThiseffortwill reducecosts re-direct resourcesandmanagement focus towardsoperationsandimproveOCIOcustomerservice
ESSENTIALACTIONS IdentifyanddocumentexistingRMAcapabilitiesincludingContractorAssuranceSystemssolutionsthatcouldbeleveragedinthetargetEnterprisecapability
FinalizeRMAmanagementplantoprograminputsfromSeniorDOEManagement ConductanddocumentRMAmaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimprovedRiskManagementdecisionsupport
TaRGETED OuTCOMES
Increasedresourceefficiencyandautomation Improvedsecuritypostureandenterprise situationalawareness
Increasedmissionassurancebetterinformed riskmanagementdecisions
20of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2ImplementacyberincidentmanagementprogramthatenhancessecurityoffederalandMampOnetworksandprovidesenterprise-widecoordinationandresponseThe OCIO is partnering with the NNSA OCIO the NationalLaboratoriesand INtodeveloptheDepartmentrsquosnextgenerationincidentmanagementcapabilityThis initiativeknownastheJointCyberSecurityCoordinationCenter(JC3)willintegrateDepartmentalincidentmanagementcapabilitiesintoacoordinatedresponseentitytoprovidefrontlinecyberdefenseandDepartment-levelsituationalawareness JC3 will strengthen DOErsquos role as a leader in thenational-level cybersecurity community through the timely sharingof DOE-derived cyber threat information with other agenciesJC3 will facilitate the aggregation correlation and deconflictionof inputs fromDepartment-wide sensor networks and other datasourcesprovidescomputer forensicanalysisandconductattacktrending tracking and mitigation of Advanced Persistent ThreatJC3 will coordinate incident management activities (Fxhibit 1)includingpreventiondetectioncontainmentandrecoveryforDOEElementsandcoordinatecommunicationsonbehalfoftheagencyfor cybersecurity events and emergency responsewithUS-CERTandagencypartners
ESSENTIALACTIONS IdentifyanddocumentexistingDOEIncidentManagementcapabilitiesincludingMampO-sponsoredsolutionsthatcouldbeleveragedintheJC3
DevelopJC3governancemodeltoincludeviableout-yearfundingmodel FinalizeprogrammanagementimplementationplanincludeplanforcoordinationofManagementExecutiveCouncil-DOECyberResearchandDevelopment(RampD)AdvanceTechnologiesinitiative
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimproveddecisionsupport
TaRGETED OuTCOMES
DocumentedenterprisebaselineofrequirementsmapexistingcapabilitiesincludingNationalLaboratoriesrsquoresourcesandexpertise ImprovedDOEenterpriseandGovernment-widecoordinationforresponsetosignificantcyberevents andAdvancedPersistentThreat
Improvedenterprise-wideeventmanagementreporting ImprovedleveragingofRampDandadvancedtechnologiestodetectandpreventcyberattacks
Preparationamp Prevention
Recover Era
dicat
e
ContainDet
ect
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
Figure1IncidentManagementLifecycle
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 21of25
strategicgoals
Objective3ImplementanenterprisecontinuousmonitoringstrategytocultivateactionableintelligenceandrapidlyinformmanagementactionOMBandFederalagencieshave increasingly recognized the limitedvalueofpoint-in-timesecurityauthorization for informingriskdecisionsandachievingeffectiveriskmanagementTheOCIOisleadingagencyeffortstodevelopContinuousMonitoring(CM)strategiesthatmoreeffectivelydirectandutilizeresourcesinprotectingagencyassetsThisCMprogramwillleveragetheRMAandshareOCIOeGRCcapabilitiestocultivateactionableintelligenceandenhancedecisionsupportfortheDOEanditsstakeholdersInimplementingtheCMprogramtheOCIOwill Identifyenterprise-levelCMinputsnecessarytobuildenterprisesituationalawarenessandinformriskmanagementdecisionsinnear-realtime(egthreatinformationstakeholdercommunicationflowsmissiondataetc)
Definetheprocessandperiodicityforreviewingandupdatingpoliciesstandardsandprocedurestomaintaincompliancewithcurrentstatutoryandregulatorydrivers
DescribehowCMdatawillbeaggregatedcorrelatedandanalyzedtoproduceactionableintelligenceandinformriskdecisionsincludingreporting
DevelopaCMImplementationPlanthat leveragesexistingresourcesfirst deploysinphasestocapturevaluequickly describesknowledgechainsandvaluepointsfororganization
AssessandmeasureprogrammaturitydevelopprocessesforcontinuousprogramimprovementtoincludeinnovationthroughRampDandadvancedtechnologiesoptimizationandlifecycleintegration
ESSENTIALACTIONS Identifyanddocumentgovernancecompliancerequirementsmodelsandprocessesthatimpactandcontributetocontinuousmonitoring
DevelopenterpriseCMStrategytoincludeincorporationofadvancedtechnologiesandinformationsharingwithinDOEorganizationsandexternallytotheFederalcommunity
ConductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyofCMStrategy
TaRGETED OuTCOMES
Integratedmulti-tiercontinuousmonitoringstrategythataddressesgovernanceenterpriseservicesandsystem-levelimplementation
AutomatedcommonreportingprocessforDOEHeadquartersProgramandSiteOffices InformedriskdecisionsusingcriticaldataflowsthatareidentifiedandincorporatedintoCMplans
22of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopmentNational workforce education and development initiatives such as the National Initiative for Cybersecurity Education (NICE)continue to underscore the critical importanceofwell-trained and capable cybersecurityworkforce to execute theprogramsthat support risk management and enable mission operations The OCIO is leading the enhancement of the Departmentrsquoscybersecurity trainingandworkforcedevelopmentprogram includingpartneringwithDepartmentofDefense to reducecostsbyleveragingtrainingresourcesThiseffortincludesamultiyearmulti-prongedapproachtowarddevelopingandmaintainingatrainingrepositorythatmapstrainingtocriticalcybersecurityrolesandindividualswithsignificantsecurityresponsibilitiesTheprogramiscentrallymanagedthroughtheOCIOandwillprovideafullscopeofadvancedtrainingresourcesandcapabilitiestoassistallDOEElements
ESSENTIALACTIONS DevelopenterpriseCybersecurityTrainingImplementationPlan Establishcommunicationsplantoensurecriticalrolesaremappedtoindividualsindividualtrainingplansareestablishedandcompletionratesaretracked
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyoftrainingprogram
TaRGETED OuTCOMES
Increasedworkforceawarenessandcapability improvedmitigationofinsiderthreat Improvedsecuritypostureandworkforcealignment withmissionpriorities
Identificationofkeycybersecurityroleswithineachorganizationincludingdocumentationofindividuals withsignificantsecurityresponsibility
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 23of25
appendix
Appendix A Strategic Initiatives
IdentityCredentialampAccessManagement(ICAM)This initiative establishes a framework for implementation of a variety ofidentity verification and access management capabilities It addressesrequirements related to HSPD-12 and enhances existing Public KeyInfrastructure (PKI) capabilities These key technologies enable theexchangeoftrustedidentitiesacrossDOEandwithotheragencypartnersHSPD-12 - This investment brings the Department in compliance withHomeland Security Presidential Directive 12 The initiative provides anenterprisestandards-basedauthenticationandauthorizationinfrastructurethatofferssecureseamlessbusinesstransactionsandinformationexchangewithinDOEandacrossmanydisparateagenciesandorganizationsTheprogramwillreduceexistinglogicalandphysicalsecurityvulnerabilitiesandmitigate risks toestablish theprerequisite levelofsecurity forcriticalenterprisebusinessfunctionsBoththetechnologysolutionsandongoingsupport providedby the initiativewill enableDOE to ensure that systemusers are who they claim to be (authentication) allow effective use ofdigitalsignatures(dataintegrityandaccountability)andrestrictaccesstoappropriatelyauthorizedusers(accesscontrol)PKI -ThemissionofPKISupportServicesistoprovideelectronicservicesrelated to authentication confidentiality privacy data integrity and non-repudiationthroughtheuseofdigitalidentitiesdigitalsignaturesandtwo-factorauthenticationtokensTheseservicesareavailabletoallcustomersthathaveavalidbusinessneedtosecureandtransmitsensitiveDepartmentdataandortherequirementtopositivelyidentifythemselvestoDepartmentresources
TaRGETED OuTCOMES ProvideastandardizedDOEIDCardcompliantwithHSPD-12andcapableofsupportingphysicalandlogicalaccessrequirementssuchascryptographicstorageofdigitalcredentialsintegratedstandards-basedbuildingproximitysupportandaprintedformatthatcomplieswithfederalIDcardrequirements EnhanceapublickeyinfrastructuresolutionthatcomplieswithfederalstandardsandsupportsDOErequirementsforconfidentialityintegrityandauthenticity ImplementanIIdentityCredentialandAccessManagementsolutionthatservesasthebasisofacommonsecurityinfrastructurethatcansupportdiversesystems EnsureDOEpublicexternalfacingserversand(web-enabled)servicestouseIPv6bytheendofFY2012
SustainabilityandFederalDataCenterConsolidationInitiativeThis initiative addresses requirements under the Federal Data CenterConsolidation Initiative (FDCCI) anOMB led initiative to consolidate andreducethenumberoffederaldatacentersItalsosupportsDepartmentalenergy reduction and sustainability goals as documented in the DOEStrategicSustainabilityPerformancePlanDatacenterreductiongoalswillbeachievedthroughincreasedefficienciessuchastheuseofvirtualizationconsolidation of requirements and implementation of increased use ofcloudcomputinginfrastructureasaservice
TaRGETED OuTCOMES ReducethenumberofDOEfederaldatacentersby6by2015
PerformanceManagementDashboardsThePerformanceManagementDashboards initiativeworkswithProgramOffices to develop business intelligence systems that inform seniorDOEmanagement about the effectiveness and efficiency of its program andfinancials This initiative also includes the development of Science ampTechnology in Americarsquos Reinvestment Metrics (STAR METRICS) formeasuring the effect of research on innovation competitiveness andscienceWhilethisinitiativeisintheearlystagesthegoalistouseProgramOfficeintelligencesystemstoleveragecontractorassurancesystemsandimprovethetransparencyofMampOcontractorperformance ThiswillprovideDOESenior Management visibility into contractor project performance muchearlierenablingimprovedperformancemanagement
TaRGETED OuTCOMES EstablishDOEintelligencesystemsthatprovidetransparencyandvisibilityintoprogramandfinancialperformance ProvideSeniorDOEManagementtimelyperformanceinformationtosupportdecision-makingviathePerformanceDashboards
24of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
appendix
FinancialAssistanceThe US Department of Energy (DOE) provides a significant amount offinancialassistancetosupportinnovationandprogressforAmericarsquosenergyscientificandnationalsecurityneedsevaluatingthousandsofapplicationseachyearandawardingbillionsofdollarsinfinancialassistanceDuetotheimportanceofDOErsquosinvestmentsandtheimpactofourresearchportfolioinsupportingournationalobjectivesandDOErsquosstrategicplantheDOEDeputySecretaryandOperationsManagementCouncildirectedtheOCIOtoconductanevaluationoffinancialassistancesystemswithinDOEto determine the scope of the opportunity to modernize the underlyingsystemsand services in support of financial assistanceprogramsat theDepartmentCurrentlyDOEreliesonamixofsystemsandprocessestoadministerfinancialassistanceawardsrangingfromin-housetooutsourcedproducts and has no single system or tool tomanageDOErsquos completeinvestmentportfolioAsaresulttheOCIOhasevaluatedfinancialassistancetechnologysolutionstoidentifyanoptimalapproachcontinuingourroleofprovidingtechnologyleadershippromotinginnovationandeffectiveoperationsacrossDOETherecommendationspromoteamoreintegratedenvironmentforcoordinatingexecutive insight into thefinancialassistanceactivitiesat thedepartmentandenablegreatertransparencyIn addition the effort promotes DOErsquos federal leadership initiatives suchas the STAR METRICS program which provides a common empiricalframeworktoidentifyoutcomesofresearchinvestmentsandpromotestheDepartmentrsquoscommitmenttoscienceandinnovation
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)TransitionThe IPv6 Transition initiative ensures DOE infrastructure and applicationlifecyclemanagement is aligned with the technical imperative and OMBdirectiontopreparefederalagenciestouseInternetProtocolVersion6by2014(OMBMemorandum92810)Agencydeadlinesinclude Upgradepublicexternalfacingserversandservices bytheendofFY2012
UpgradeinternalclientapplicationsbytheendofFY2014
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummitsTheOCIOhostsaseriesofsummitsfocusedonadvancedtechnologyandinnovationeffortsacrosstheDepartmentanditspartnerstohighlightwaysinwhichtheseactivitieshelpussucceedinourmissionandcontributetosuccessoftheNationrsquosgoalsandgrandchallengesThiseffortcontinuestheOCIOrsquosroleofpromotinginnovationshowcasingtechnologyleadershipandidentifyingopportunitiestomodernizeservicesandleveragethepowerof itThrough these types of forums opportunities are communicated anddiscussedinanopencollaborativeenvironmentandinitiativesacrossDOEcanbebroughttogethertopromotecollaborationandinformationsharingIndividuallysummitsprovidetopical-baseddiscussionsusecasesandbestpractices thatare linkedtoDOEandtheOCIOrsquoscontinualmodernizationandtechnologyreuseinitiativesandcreategreaterawarenessofthewaysweengageinourmissionOrganizationsparticipate fromacross theDOEenterprise includingotherfederalagenciesaswellaspublicandprivatepartnersandthesediscussionsprovide an opportunity to share stores and success helping identifycommonalitiesaswell asanunderstandingof theuniquecircumstancesencounteredbyindividualmissionsandoffices
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 25of25
appendix
FinancialAssistance
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)Transition
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummits
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
Appendix B List of Acronyms
ARB ArchitectureReviewBoardBRM BusinessReferenceModelCAM CorporateAssetManagementCampA CertificationandAccreditationCFO ChiefFinancialOfficerCIO ChiefInformationOfficerCHRIS CorporateHumanResource
InformationSystemCNCI ComprehensiveNational
CybersecurityInitiativeCNSS CommitteeforNationalSecuritySystemsCOTS CommercialOfftheShelfCPIC CapitalPlanningandInvestmentControlCRB CorporateReviewBudgetDIB DefenseIndustrialBaseDoe Department of energyEA EnterpriseArchitectureEATP EnterpriseArchitectureTransitionPlanEAWG EnterpriseArchitectureWorkingGroupEITS EnergyITServicesESNet EnergyScienceNetworkEVM EarnedValueManagementEWA EnterpriseWideAgreementEWSS Energy-WideStrategicSourcingFDCCI FederalDataCenterConsolidationInitiativeFEA FederalEnterpriseArchitectureFEDRAMP FederalRiskandAuthorization
ManagementProgramFFP FirmFixedPriceFGDC FederalGeographicDataCommitteeFISMA FederalInformationSecurity
ManagementActGLoB GeospatialLineofBusinessGPEA GovernmentPaperworkEliminationActGSA GeneralServicesAdministrationGSP GeospatialScienceProgramHSPD HomelandSecurityPresidentialDirectiveIDEA InnovativeDepartmentofEnergy
E-GovernmentApplicationsICAM IdentityCredentialampAccessManagementICPT IntegratedContractorPurchasingTeamIM InformationManagementI-MANAGE IntegratedManagementNavigationSystemIOAampT InfrastructureOfficeAutomation
andTelecommunicationsIPT IntegratedProjectTeamIPv6 InternetProtocolVersion6IRM InformationResourcesManagementIT InformationTechnologyLOB LineofBusinessMampO ManagementandOperatingNICE NationalInitiativefor
CybersecurityEducationNIST NationalInstituteofStandards
andTechnologyNNSA NationalNuclearSecurityAdministrationOCIO OfficeoftheChiefInformationOfficerOMB OfficeofManagementandBudgetOampM OperationsandMaintenancePKI PublicKeyInfrastructurePOAampM PlanofActionandMilestonesRMA RecordsManagementApplicationSPI SpectrumPolicyInitiativeSSP SharedServiceProviderSTAR ScienceampTechnologyin
AmericarsquosReinvestment
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 11of25
strategicgoals
Objective2DevelopacomprehensivebusinessmanagementandcontractingstrategytoreducethecomplexityandimprovetheagilityofinternalandexternalsupportcontractsTheOCIOrsquosbusinessmanagementandcontractingstrategywillhavetwomajorelementsestablishinganOperationalInformationTechnologyServices (OITS) contract by late FY (Fiscal Year) 2011and continuedoptimizationof the currentEnterpriseWideAgreements(EWA)ProgramAspartofanoverallITacquisitionframeworktheOCIOseekstoleveragethecostsavingsandmanagementefficienciesthatresultfromacquiringandmanagingcommodityITproductsandservicesaswellascommerciallyavailablesoftwareonagovernment-wide basis Contract administration efficiencies are achieved by reducingmultiple contracts to one and improved pricing isobtainedbyleveragingtheDepartmentrsquostotalbuyingpowerTheOITScontractwillbeestablishedinFY2011toconsolidateandoptimizecommodityITservicesthroughouttheDOEcomplexEmphasiswillbeplacedonmaximizinguseofthiscontracttodecreasetheDOErsquosITtotalcostofownershipThiscontractwillalsobestructuredtominimizesubcontractingThe OCIOrsquos EWA Program is a collection of optional-use strategic sourcing contracts for common-use software hardwareandservicesusedwithin ITorganizationsacross theDepartment TheEWAProgram isstructuredtoallowuseby theentireDOEcomplexincludingDOEProgramOfficesStaffOfficesFieldSitesNationalLaboratoriesandPowerAdministrationsandsupportsandcomplieswiththeEnergy-WideStrategicSourcing(EWSS)ProgramFederalSmartBUYinitiativeClinger-CohenActandotherlegislativeandDOEpolicies
ESSENTIALACTIONS DriveincreaseduseofboththeOITScontractandtheEWAProgramthroughanaggressive stakeholdercommunicationsandmanagementprogram
Reduceadministrativecostofadministeringcontractsbydocumentingandautomatingprocesses OptimizetheEWAprogramtocreatemorecosteffectiveoptionsforourcustomers AwardnewITsupportservicescontractforcurrentIT
TaRGETED OuTCOMES
MaximizedbuyingpowerandreducedtotalcostofITownershipbyattainingoptimalpricingthroughtheaggregationofsoftwarerequirements
StreamlinedacquisitionprocesstoincreaseITcontractadministrationefficienciesthroughconsolidationopportunitiesoflegacyITcontractsintosinglecontractvehiclesandenterpriselicenseagreements
Objective3GeneratesubstantialsavingswithinOCIOandacrossDOEthroughtheimplementationofacomprehensiveenterpriseITconsolidationandsustainabilityplanByconsolidatingITinfrastructureasdirectedintheFederalDataCenterConsolidationInitiative(FDCCI)andthroughthecontinuedimplementation and evolution of the Departmentrsquos Strategic Sustainability Performance Plan (SSPP) the Departmentwill cutcostswhilereducingitscontributionoffederalgreenhousegasesTheSSPPcontainselectronicstewardshipgoalsthatfocusonconsolidatingandreducingdatacentersandimplementingimprovementsintheenergyuseatdatacentersTheOCIOhasDepartmentalleadershipresponsibilityfortheseeffortsandispursuingactivitiestoconsolidateITservices
ESSENTIALACTIONS LeadaDepartment-wideefforttoidentifyandconsolidatecommodityITservices Developandimplementafederaldatacentermodernizationandconsolidationplan Reducethenumberoffederaldatacentersbysix(6)byFY2015
TaRGETED OuTCOMES
Reducednumberofdatacenters Reducedrealestatefootprint Reduceddatacentercosts
Realizedenergysavings Increasedresource-utilizationrates ReducedcostsofcommodityITservices
12of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Establishthehumancapitalandorganizationalfoundationtocreate ahigh-performingorganizationTheOCIOrecognizesthestrategicmanagementchallengerequiredtohireandretainahighly-skilledITworkforceandisworkingtoaddressthecriticalityofstrengtheninghumancapitalasadriverfororganizationaleffectivenessTheOfficeofManagementandBudget(OMB)hasidentifiedaspecifichuman-capitalinitiativethatisdirectedtowardaligningaprofessionalworkforceinsupportofaDepartmentrsquosmissiongoalsandstrategiesTheOCIOhasdevelopedrecruitmentrequirementstofocuseffortsonidentifyingqualifiedcandidateswhoareabletoeasilyadapttochangesbroughtaboutbynewtechnologiesandiscurrentlyidentifyinggapsinskillsandabilitiesofthecurrentworkforcedevelopinghiringplanscreatingtrainingandprofessionaldevelopmentplansanddocumentingnewefficientbusinessprocessesInadditioninitiativeshavebeenimplementedtofocusonmaximizingemployeeperformancebyinstitutingdevelopmentprogramsandenrichmentopportunitiesthatmotivateandinspireemployeesTheOCIOwillcontinuetorecruitandretainnewtalentforcriticalmanagementandmission-criticalpositionsinordertoachievekeyobjectivesAspartofitsstrategicplanningtheOCIOhasestablishedrolesandresponsibilitieshigh-levelprocessflowsandanorganizationstructuretopositionitselftobecomeahigh-performingorganization
ESSENTIALACTIONS Leveragepasteffectivenessefficiencyreviewsandneworganizationalandskillsassessmentstoidentifyplan andimplementchangestorolesresponsibilitiesandreportingrelationships
Re-alignexistingpersonnelresourcestomoreeffectivelymatchexistingskillstorequirements Rapidlyhiretop-qualitypersonnelasgapsareidentifiedparticularlyseniorstaffpositions Strengthenperformance-basedpersonnelmanagement Implementanewperformance-managementsystemtobetterrecognizeandrewardsuperiorperformance ensuringahigh-performingandaccountableworkforce
Implementaperformanceframeworkforaccountabilityattheemployeelevel Implementacomprehensivetrainingprogramtocloseskillgapsandsustaintechnicalcompetence
TaRGETED OuTCOMES
AlignedworkforceskillstoDOEmissionsandpriorities Increasedprofessionaldevelopmentwithin thefederalworkforce
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 13of25
strategicgoals
32 Strategic Goal 2
Identify and foster new and emerging information technology to maximize mission accomplishment and reduce costs
ThisstrategicgoalidentifiestheareasoffocusandtheprocessesbywhichnewandemergingtechnologyisassessedandcanbecomeanenablertoachievingtheDOEmissionTheOCIOrsquosroleinthisareaistosupportProgramsacrosstheDepartmenttoidentifyandfostertheacquisitionanduseofemergingITtoleveragenewcapabilitiesandrethinkhowtomanagecommunicateandinteractwithdepartmentalinformation
Objective1EstablishaformalsustainablefederaltechnologydeploymentprogramTheOCIOprovidesexpertiseand leadership topartnerorganizationsacross theDepartment in the identificationofnewandemergingtechnologythatisusefulinsupportingthemissionTosupportthisfunctionaChiefTechnologyOfficerhasbeenplacedandanOCIOOfficeofCorporateProjectshasbeenstooduptocoordinatepartnershipoutreachandtechnologyresearchefforts
ESSENTIALACTIONS Developandimplementatechnologyinnovationprocesstoensurewell-formedinputandhandoffs toITactivitiesacrosstheDepartment
DefineaprocessforeffectivelymanagingprojectswithintheOCIO RefinetheDOEITStrategicRoadmapprocess ExpandtheOCIOrsquostechnologyoutreachandleadershipviaaseriesofsummits
TaRGETED OuTCOMES
Reducedcostofmissionaccomplishmentsduetomoreproductivetoolsandprocesses
Improvedknowledgesharing
14of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2IdentifyandleverageinnovativeservicedeliverymethodsTheOCIOcontinuallymakesanefforttoprovidenecessarymissionsupportatthelowestpossiblecostandinthemosttransparentmannerByleveraginginnovativeservicedeliverymethodssuchason-demandinfrastructureviacloudcomputingtheDepartmentgainsflexibilityinmissionsupportatlowpredictablecostsTheDepartmentrsquoscloudcomputinginitiativeisfollowingtheFederalGovernmentrsquoscloudcomputingdirectionforpursuingcloudasthepreferredchoiceincapitalprojectsThisinitiativealsosupportstheFederalRiskandAuthorizationManagementProgram(FEDRAMP)certificationofprivatesectorcloudalternativesThisinitiativeiscloselylinkedtootherinitiativesincludingsustainabilityanddatacenterconsolidation
ESSENTIALACTIONS IdentifyandevaluateservicedeliverymethodsforuseatDOE Implementcloudcomputingservicedelivery Identifyandprovidebestpracticesincloudcomputingacquisition Developasourcingstrategyforinnovativeandemergingtechnologiessuchascloudcomputingvirtualizationmobilecomputingetc
TaRGETED OuTCOME
ReducedcostsofITcommodityservicesduetoincreaseduseofcloudcomputing andotherinnovativeservicedeliverymethods
Objective3IdentifyandfosteruseofgreentechnologytosupportenergyusereductiongoalsConsistentwiththeoverarchingstrategyofchangingthelandscapeofenergysupplyanddemandtheSecretaryhasestablishedenergyconsumptionreductiontargetsfortheagencyHistoricallyIToperationshavealwaysrequiredsignificantenergyinputsHowevernewtechnologiesandstrategiesareconstantlybeingdevelopedforenergyefficient ITserviceandoperations TheOCIOiscommittedtoidentifyingandleveragingnewtechnologyandtechniquestoensurethatITisasignificantcontributortothereductionofenergyconsumptionDepartment-wideTheOCIOispursuingactivitiestoimplementsoundITenergymanagementpracticesthatwillresultinreducedairconditioningcostsandsubstantialenergysavings
ESSENTIALACTIONS Promoteenergyconservationandpaperwastereductionbyraisingawarenessofpreferredalternativessuchassharedprintersandduplexprintingandtheuseofworkplacemulti-functiondevices
Reduce(metered)electricityconsumptiontoreflectofficeanddesktoppowermanagement ImproveDepartment-widepowermanagementofdesktopcomputersprintersetc IdentifyimproveddatacenterandspaceplanningthroughtheEnergySavingscontractandpublic-privatepartnerships
TaRGETED OuTCOME
ReducedDepartment-wideenergyconsumptionandintensitybyFY2015nolessthan30onaverageacrosstheentireDepartmentrelativetotheDepartmentrsquosenergyuseinFY2003
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 15of25
strategicgoals
33 Strategic Goal 3
Provide Departmental IT governance policy and oversight processes to ensure secure efficient and cost-effective use of IT resources
TheOCIOprovidesleadershipandcoordinationforDepartmentalITmanagementthrougheffectiveITgovernanceprovisioning of IT policy and the implementation of IT oversight processes related to enterprise architecture ITinvestmentmanagementandothercrosscuttingITfunctionsBypartneringwithDOEProgramsingovernanceandoversightprocessestheOCIOensuresthatITservicesandassetsremainalignedwithmissionneeds
Objective1ImplementandinstitutionalizeareformedintegratedinformationtechnologymanagementgovernanceprocessthattreatsMampOsdistinctivelydifferentthantruefederalentitiesTheOCIO is actively redesigning ITgovernancearound its strategicgoals andobjectivesanddoingawaywith thedisparateITgovernancemechanisms thatareoftenuncoordinatedand result inpoormanagement TheOCIO is rethinking itscurrentgovernancestructureandwill refocusandcoordinategovernancegroups toensureappropriateparticipationownershipandaccountability
ESSENTIALACTIONS ReviewandaddressITissuesusingtheappropriategovernancegroups IntegrateandalignexistinggovernancegroupsincludingtheInformationManagementGovernanceCouncilInformationTechnologyCouncilandassociatedworkinggroups
TaRGETED OuTCOME
Establishmentofcoordinatedgovernancegroupsandprocesseswithappropriateauthoritiesrolesandresponsibilities
16of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2EstablishandimplementrobustDepartmentalpolicyonITissues andappropriateIToversightprocessesAsadecentralizedDepartmentindividualProgramsandsitesacrosstheDOEcomplexperformtheacquisitionandmanagementofITresourcesTheOCIOisresponsibleforestablishingpolicyandstandardsandoverseeingDepartmentalITmanagementtotheappropriatedegreenecessarytoensureconsistencyinteroperabilityandsecurityImplementing IToversightprocessesensures that theDepartmentrsquosportfolioof IT investments fully addressDOErsquosbusinessneedsandstrategiesTheOCIOhassuccessfullyimplementedTechStataface-to-faceevidence-basedaccountabilityreviewofanITinvestmentresultinginconcreteactionstoevaluateITinvestmentsandtoaddressweaknessesandturnaroundtroubledinvestmentsTechStatisvitaltotheDepartmentrsquosabilitytoimproveline-of-sightbetweenteamsandseniormanagementandfacilitates closermanagement of IT project progresswith the ability to identify and address performance issues before theybecomecostlytofix
ESSENTIALACTIONS ReviewandupdateITpolicyandguidancetoaddresschangesinrequirements Identifyandaddressrequirementsfornewpolicyandguidanceinatimelymanner IdentifyHeadquarterandFieldinvestmentstobeincludedintheTechStatReviews ConductTechStatreviewsregularlyattheHeadquarterandProgramlevels MapOCIOpolicytointernalandexternalrequirements AddressgapstoensurethatasoundframeworkforITmanagementisestablished
TaRGETED OuTCOMES
Maintainedcompletedandup-to-datepolicyandguidanceonITacquisitionandmanagement EstablishedappropriateIToversightprocesses
IncreasedprecisionofongoingmeasurementofITinvestmenthealth Improvedaccountabilitywithfocusonconcreteactionstoimproveperformance
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 17of25
strategicgoals
Objective3RevitalizetherecordsmanagementprogramtoraisegeneralawarenessanddevelopplansTheDepartmenthasarenewedandreinvigoratedemphasisoncomprehensivefederalrecordsmanagementatDOEInaneraofrapidlychangingtechnologyrecordsarebeingcreatedandstoredinawidevarietyofformatsandmediaTraditionalprocessesofrecordsmanagementmustbeupdatedtoaddressthischangingenvironmentTheSecretaryofEnergyandtheDepartmentarededicatedtohavingacomprehensiverecordsmanagementprogramwherebythesystematiccontrolofthecreationmaintenancestorageanddispositionoffederalrecordsareensuredthroughtheestablishmentof andadherence to standardizedpoliciesprocesses and the trainingof federal staff andcontractors TheOCIOprovidesDepartmentalleadershipandcoordinationofthiseffort
ESSENTIALACTIONS DevelopaDepartmentRecordsManagementTacticalPlan Developarecordsinventoryanddispositionschedulelifecyclemanagementplan DevelopanddeployaDepartmentRecordsManagementTrainingcurriculum ProviderecommendationsfordocumentmanagementsystemsandRMAsystemscurrentlyavailable
TaRGETED OuTCOMES
EnsureduniformcompliancewithrecordsmanagementlawsandpracticesthroughDepartmentalrecordsmanagementgovernance UpdatedRecordsManagementpolicyviaanimprovedDOEOrder2431(B)thataddressespreviousshortcomingswithregardstorecordsmanagementandvitalrecordsgovernancemanagementandtraining
Developedcomprehensive(required)recordsmanagementtrainingthatensuresallDOEemployeesandcontractorsunderstandrecordmanagementrequirements ImplementRecordsManagementApplications(RMA) toensurethecontrolandmanagementofallldquopermanentrdquoandldquonon-permanentrdquorecordsacrosstheDepartmentincludinge-mail
Objective4EstablishstrongcooperativeinternalandexternalpartnershipsthatleadtoeffectiveinformationsharingandamutuallysupportiverelationshiptoachievingtheDOEmissionandapplicablefederalgoalsTheOCIOexercisesleadershipwithinandoutsidetheDepartmentthroughpartnershipsinsupportofAgencyandFederal-wideinitiativesSuchmutuallysupportivepartnershipsfostertrustandcommunicationandleadtotheidentificationofITmanagementbestpractices
ESSENTIALACTIONS EstablishmutuallysupportiverelationshipswithDOEProgramOfficesfunctionalmanagersandMampOCIOs Establishmutuallysupportiverelationshipswithotherfederalagencies
TaRGETED OuTCOMES
OCIOisarecognizedbusinesspartnerofDOEProgramOfficesfunctionalmanagersandMampOCIOs
ImprovedmanagementoffederalandprivatesectorpartnerinitiativessuchascloudcomputingIPv6andtheFederalRiskAuthorizationandManagementProgram(FedRAMP)
18of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
34 Strategic Goal 4
Strengthen Enterprise Situational Awareness to Foster Near-Real-Time Risk Management and Combat the Advanced Persistent Threat
Forge Interagency and Sector Partnerships to Protect Critical Infrastructure Promote Information Sharing and Advance Technologies for Cyber Defenses
TheDepartmentrsquosstrategicpathforwardforcybersecurityalignswithAdministrationprioritieswhichincludedeliveringsector-focusedcybersecuritysolutionstotheDefenseIndustrialBase(DIB)andprovidingleadershipintheexecutionoftheComprehensiveNationalCyberSecurityInitiative(CNCI)
We know that to achieve itsmissions DOEmust be forward-focused in defending its diverse infrastructure andbroadrangeofinformationassetsIncollaborationwithourNationalLaboratoriesandinter-agencypartnersweareleadingthetechnologicaladvancesnecessarytosecureoureconomicfutureanddefendGovernmentandcriticalinfrastructurefromincreasinglysophisticatedcyberattacks
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 19of25
strategicgoals
Objective1Implementaproactivecyberriskmanagementprogramthatensuresappropriateandcost-effectivesecuritytoenablemissionsandmeetlegalOMBandregulatoryrequirementsTheOCIOisleadingthedevelopmentoftheDepartmentrsquosRiskManagementApproach(RMA)fortheDepartmentrsquosCyberSecurityProgram(CSP)Thisapproachinstitutionalizesmission-focusedriskmanagementandlinemanagementaccountabilityforensuringappropriateprotectionofDOEinformationandinformationsystemsTheRMAandtheCSPrepresentanextensivecollaborativeeffortthatexemplifiestheDepartmentrsquosStrategicGoaltoldquoEstablishanoperationalandadaptableframeworkthatcombinesthebestwisdomofallDepartmentstakeholderstomaximizemissionsuccessrdquoTheRMAimplementsthefourcomponentsofriskmanagement(framingassessingrespondingandmonitoring)atallDOEorganizationlevelsTheOCIOpartnerswiththeOfficeofIntelligenceandCounterintelligence(IN)andtheIntelligenceCommunitytosharecriticalthreatinformationwiththeFederalcommunityacrosssecuritydomainsandrapidlyinformDOEprogramriskmanagementdecisionstoprotectagencyassetsTheOCIOwillcontinuetoexpandtheseeffortswhileleveragingadvancedresearchanddevelopmentcapabilitiestomitigatethefullspectrumofthreatsTheRMAdefinesgovernanceandprocessesfor assessingthreatsanalyzingrisksandsharingriskinformationthroughthecorporateriskexecutive informingrisk-baseddecisionsthatconsidermissionassuranceandcost-effectiveriskmitigationstrategiesprovidingtheappropriatebenefitfromavailablecybersecurityresourcesfirst
conveyingassuranceandconductingoversightand ensuringconsistencywithguidelinesfromtheNationalInstituteofStandardsandTechnology(NIST)andCommitteeonNationalSecuritySystems(CNSS)cyberrequirementsprocessesandprotections
TheRMAwillimplementautomatedenterpriseGovernanceRiskandCompliance(eGRC)capabilitiestoimprovedatacollectionaggregationand reportingThiseffortwill reducecosts re-direct resourcesandmanagement focus towardsoperationsandimproveOCIOcustomerservice
ESSENTIALACTIONS IdentifyanddocumentexistingRMAcapabilitiesincludingContractorAssuranceSystemssolutionsthatcouldbeleveragedinthetargetEnterprisecapability
FinalizeRMAmanagementplantoprograminputsfromSeniorDOEManagement ConductanddocumentRMAmaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimprovedRiskManagementdecisionsupport
TaRGETED OuTCOMES
Increasedresourceefficiencyandautomation Improvedsecuritypostureandenterprise situationalawareness
Increasedmissionassurancebetterinformed riskmanagementdecisions
20of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2ImplementacyberincidentmanagementprogramthatenhancessecurityoffederalandMampOnetworksandprovidesenterprise-widecoordinationandresponseThe OCIO is partnering with the NNSA OCIO the NationalLaboratoriesand INtodeveloptheDepartmentrsquosnextgenerationincidentmanagementcapabilityThis initiativeknownastheJointCyberSecurityCoordinationCenter(JC3)willintegrateDepartmentalincidentmanagementcapabilitiesintoacoordinatedresponseentitytoprovidefrontlinecyberdefenseandDepartment-levelsituationalawareness JC3 will strengthen DOErsquos role as a leader in thenational-level cybersecurity community through the timely sharingof DOE-derived cyber threat information with other agenciesJC3 will facilitate the aggregation correlation and deconflictionof inputs fromDepartment-wide sensor networks and other datasourcesprovidescomputer forensicanalysisandconductattacktrending tracking and mitigation of Advanced Persistent ThreatJC3 will coordinate incident management activities (Fxhibit 1)includingpreventiondetectioncontainmentandrecoveryforDOEElementsandcoordinatecommunicationsonbehalfoftheagencyfor cybersecurity events and emergency responsewithUS-CERTandagencypartners
ESSENTIALACTIONS IdentifyanddocumentexistingDOEIncidentManagementcapabilitiesincludingMampO-sponsoredsolutionsthatcouldbeleveragedintheJC3
DevelopJC3governancemodeltoincludeviableout-yearfundingmodel FinalizeprogrammanagementimplementationplanincludeplanforcoordinationofManagementExecutiveCouncil-DOECyberResearchandDevelopment(RampD)AdvanceTechnologiesinitiative
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimproveddecisionsupport
TaRGETED OuTCOMES
DocumentedenterprisebaselineofrequirementsmapexistingcapabilitiesincludingNationalLaboratoriesrsquoresourcesandexpertise ImprovedDOEenterpriseandGovernment-widecoordinationforresponsetosignificantcyberevents andAdvancedPersistentThreat
Improvedenterprise-wideeventmanagementreporting ImprovedleveragingofRampDandadvancedtechnologiestodetectandpreventcyberattacks
Preparationamp Prevention
Recover Era
dicat
e
ContainDet
ect
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
Figure1IncidentManagementLifecycle
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 21of25
strategicgoals
Objective3ImplementanenterprisecontinuousmonitoringstrategytocultivateactionableintelligenceandrapidlyinformmanagementactionOMBandFederalagencieshave increasingly recognized the limitedvalueofpoint-in-timesecurityauthorization for informingriskdecisionsandachievingeffectiveriskmanagementTheOCIOisleadingagencyeffortstodevelopContinuousMonitoring(CM)strategiesthatmoreeffectivelydirectandutilizeresourcesinprotectingagencyassetsThisCMprogramwillleveragetheRMAandshareOCIOeGRCcapabilitiestocultivateactionableintelligenceandenhancedecisionsupportfortheDOEanditsstakeholdersInimplementingtheCMprogramtheOCIOwill Identifyenterprise-levelCMinputsnecessarytobuildenterprisesituationalawarenessandinformriskmanagementdecisionsinnear-realtime(egthreatinformationstakeholdercommunicationflowsmissiondataetc)
Definetheprocessandperiodicityforreviewingandupdatingpoliciesstandardsandprocedurestomaintaincompliancewithcurrentstatutoryandregulatorydrivers
DescribehowCMdatawillbeaggregatedcorrelatedandanalyzedtoproduceactionableintelligenceandinformriskdecisionsincludingreporting
DevelopaCMImplementationPlanthat leveragesexistingresourcesfirst deploysinphasestocapturevaluequickly describesknowledgechainsandvaluepointsfororganization
AssessandmeasureprogrammaturitydevelopprocessesforcontinuousprogramimprovementtoincludeinnovationthroughRampDandadvancedtechnologiesoptimizationandlifecycleintegration
ESSENTIALACTIONS Identifyanddocumentgovernancecompliancerequirementsmodelsandprocessesthatimpactandcontributetocontinuousmonitoring
DevelopenterpriseCMStrategytoincludeincorporationofadvancedtechnologiesandinformationsharingwithinDOEorganizationsandexternallytotheFederalcommunity
ConductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyofCMStrategy
TaRGETED OuTCOMES
Integratedmulti-tiercontinuousmonitoringstrategythataddressesgovernanceenterpriseservicesandsystem-levelimplementation
AutomatedcommonreportingprocessforDOEHeadquartersProgramandSiteOffices InformedriskdecisionsusingcriticaldataflowsthatareidentifiedandincorporatedintoCMplans
22of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopmentNational workforce education and development initiatives such as the National Initiative for Cybersecurity Education (NICE)continue to underscore the critical importanceofwell-trained and capable cybersecurityworkforce to execute theprogramsthat support risk management and enable mission operations The OCIO is leading the enhancement of the Departmentrsquoscybersecurity trainingandworkforcedevelopmentprogram includingpartneringwithDepartmentofDefense to reducecostsbyleveragingtrainingresourcesThiseffortincludesamultiyearmulti-prongedapproachtowarddevelopingandmaintainingatrainingrepositorythatmapstrainingtocriticalcybersecurityrolesandindividualswithsignificantsecurityresponsibilitiesTheprogramiscentrallymanagedthroughtheOCIOandwillprovideafullscopeofadvancedtrainingresourcesandcapabilitiestoassistallDOEElements
ESSENTIALACTIONS DevelopenterpriseCybersecurityTrainingImplementationPlan Establishcommunicationsplantoensurecriticalrolesaremappedtoindividualsindividualtrainingplansareestablishedandcompletionratesaretracked
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyoftrainingprogram
TaRGETED OuTCOMES
Increasedworkforceawarenessandcapability improvedmitigationofinsiderthreat Improvedsecuritypostureandworkforcealignment withmissionpriorities
Identificationofkeycybersecurityroleswithineachorganizationincludingdocumentationofindividuals withsignificantsecurityresponsibility
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 23of25
appendix
Appendix A Strategic Initiatives
IdentityCredentialampAccessManagement(ICAM)This initiative establishes a framework for implementation of a variety ofidentity verification and access management capabilities It addressesrequirements related to HSPD-12 and enhances existing Public KeyInfrastructure (PKI) capabilities These key technologies enable theexchangeoftrustedidentitiesacrossDOEandwithotheragencypartnersHSPD-12 - This investment brings the Department in compliance withHomeland Security Presidential Directive 12 The initiative provides anenterprisestandards-basedauthenticationandauthorizationinfrastructurethatofferssecureseamlessbusinesstransactionsandinformationexchangewithinDOEandacrossmanydisparateagenciesandorganizationsTheprogramwillreduceexistinglogicalandphysicalsecurityvulnerabilitiesandmitigate risks toestablish theprerequisite levelofsecurity forcriticalenterprisebusinessfunctionsBoththetechnologysolutionsandongoingsupport providedby the initiativewill enableDOE to ensure that systemusers are who they claim to be (authentication) allow effective use ofdigitalsignatures(dataintegrityandaccountability)andrestrictaccesstoappropriatelyauthorizedusers(accesscontrol)PKI -ThemissionofPKISupportServicesistoprovideelectronicservicesrelated to authentication confidentiality privacy data integrity and non-repudiationthroughtheuseofdigitalidentitiesdigitalsignaturesandtwo-factorauthenticationtokensTheseservicesareavailabletoallcustomersthathaveavalidbusinessneedtosecureandtransmitsensitiveDepartmentdataandortherequirementtopositivelyidentifythemselvestoDepartmentresources
TaRGETED OuTCOMES ProvideastandardizedDOEIDCardcompliantwithHSPD-12andcapableofsupportingphysicalandlogicalaccessrequirementssuchascryptographicstorageofdigitalcredentialsintegratedstandards-basedbuildingproximitysupportandaprintedformatthatcomplieswithfederalIDcardrequirements EnhanceapublickeyinfrastructuresolutionthatcomplieswithfederalstandardsandsupportsDOErequirementsforconfidentialityintegrityandauthenticity ImplementanIIdentityCredentialandAccessManagementsolutionthatservesasthebasisofacommonsecurityinfrastructurethatcansupportdiversesystems EnsureDOEpublicexternalfacingserversand(web-enabled)servicestouseIPv6bytheendofFY2012
SustainabilityandFederalDataCenterConsolidationInitiativeThis initiative addresses requirements under the Federal Data CenterConsolidation Initiative (FDCCI) anOMB led initiative to consolidate andreducethenumberoffederaldatacentersItalsosupportsDepartmentalenergy reduction and sustainability goals as documented in the DOEStrategicSustainabilityPerformancePlanDatacenterreductiongoalswillbeachievedthroughincreasedefficienciessuchastheuseofvirtualizationconsolidation of requirements and implementation of increased use ofcloudcomputinginfrastructureasaservice
TaRGETED OuTCOMES ReducethenumberofDOEfederaldatacentersby6by2015
PerformanceManagementDashboardsThePerformanceManagementDashboards initiativeworkswithProgramOffices to develop business intelligence systems that inform seniorDOEmanagement about the effectiveness and efficiency of its program andfinancials This initiative also includes the development of Science ampTechnology in Americarsquos Reinvestment Metrics (STAR METRICS) formeasuring the effect of research on innovation competitiveness andscienceWhilethisinitiativeisintheearlystagesthegoalistouseProgramOfficeintelligencesystemstoleveragecontractorassurancesystemsandimprovethetransparencyofMampOcontractorperformance ThiswillprovideDOESenior Management visibility into contractor project performance muchearlierenablingimprovedperformancemanagement
TaRGETED OuTCOMES EstablishDOEintelligencesystemsthatprovidetransparencyandvisibilityintoprogramandfinancialperformance ProvideSeniorDOEManagementtimelyperformanceinformationtosupportdecision-makingviathePerformanceDashboards
24of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
appendix
FinancialAssistanceThe US Department of Energy (DOE) provides a significant amount offinancialassistancetosupportinnovationandprogressforAmericarsquosenergyscientificandnationalsecurityneedsevaluatingthousandsofapplicationseachyearandawardingbillionsofdollarsinfinancialassistanceDuetotheimportanceofDOErsquosinvestmentsandtheimpactofourresearchportfolioinsupportingournationalobjectivesandDOErsquosstrategicplantheDOEDeputySecretaryandOperationsManagementCouncildirectedtheOCIOtoconductanevaluationoffinancialassistancesystemswithinDOEto determine the scope of the opportunity to modernize the underlyingsystemsand services in support of financial assistanceprogramsat theDepartmentCurrentlyDOEreliesonamixofsystemsandprocessestoadministerfinancialassistanceawardsrangingfromin-housetooutsourcedproducts and has no single system or tool tomanageDOErsquos completeinvestmentportfolioAsaresulttheOCIOhasevaluatedfinancialassistancetechnologysolutionstoidentifyanoptimalapproachcontinuingourroleofprovidingtechnologyleadershippromotinginnovationandeffectiveoperationsacrossDOETherecommendationspromoteamoreintegratedenvironmentforcoordinatingexecutive insight into thefinancialassistanceactivitiesat thedepartmentandenablegreatertransparencyIn addition the effort promotes DOErsquos federal leadership initiatives suchas the STAR METRICS program which provides a common empiricalframeworktoidentifyoutcomesofresearchinvestmentsandpromotestheDepartmentrsquoscommitmenttoscienceandinnovation
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)TransitionThe IPv6 Transition initiative ensures DOE infrastructure and applicationlifecyclemanagement is aligned with the technical imperative and OMBdirectiontopreparefederalagenciestouseInternetProtocolVersion6by2014(OMBMemorandum92810)Agencydeadlinesinclude Upgradepublicexternalfacingserversandservices bytheendofFY2012
UpgradeinternalclientapplicationsbytheendofFY2014
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummitsTheOCIOhostsaseriesofsummitsfocusedonadvancedtechnologyandinnovationeffortsacrosstheDepartmentanditspartnerstohighlightwaysinwhichtheseactivitieshelpussucceedinourmissionandcontributetosuccessoftheNationrsquosgoalsandgrandchallengesThiseffortcontinuestheOCIOrsquosroleofpromotinginnovationshowcasingtechnologyleadershipandidentifyingopportunitiestomodernizeservicesandleveragethepowerof itThrough these types of forums opportunities are communicated anddiscussedinanopencollaborativeenvironmentandinitiativesacrossDOEcanbebroughttogethertopromotecollaborationandinformationsharingIndividuallysummitsprovidetopical-baseddiscussionsusecasesandbestpractices thatare linkedtoDOEandtheOCIOrsquoscontinualmodernizationandtechnologyreuseinitiativesandcreategreaterawarenessofthewaysweengageinourmissionOrganizationsparticipate fromacross theDOEenterprise includingotherfederalagenciesaswellaspublicandprivatepartnersandthesediscussionsprovide an opportunity to share stores and success helping identifycommonalitiesaswell asanunderstandingof theuniquecircumstancesencounteredbyindividualmissionsandoffices
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 25of25
appendix
FinancialAssistance
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)Transition
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummits
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
Appendix B List of Acronyms
ARB ArchitectureReviewBoardBRM BusinessReferenceModelCAM CorporateAssetManagementCampA CertificationandAccreditationCFO ChiefFinancialOfficerCIO ChiefInformationOfficerCHRIS CorporateHumanResource
InformationSystemCNCI ComprehensiveNational
CybersecurityInitiativeCNSS CommitteeforNationalSecuritySystemsCOTS CommercialOfftheShelfCPIC CapitalPlanningandInvestmentControlCRB CorporateReviewBudgetDIB DefenseIndustrialBaseDoe Department of energyEA EnterpriseArchitectureEATP EnterpriseArchitectureTransitionPlanEAWG EnterpriseArchitectureWorkingGroupEITS EnergyITServicesESNet EnergyScienceNetworkEVM EarnedValueManagementEWA EnterpriseWideAgreementEWSS Energy-WideStrategicSourcingFDCCI FederalDataCenterConsolidationInitiativeFEA FederalEnterpriseArchitectureFEDRAMP FederalRiskandAuthorization
ManagementProgramFFP FirmFixedPriceFGDC FederalGeographicDataCommitteeFISMA FederalInformationSecurity
ManagementActGLoB GeospatialLineofBusinessGPEA GovernmentPaperworkEliminationActGSA GeneralServicesAdministrationGSP GeospatialScienceProgramHSPD HomelandSecurityPresidentialDirectiveIDEA InnovativeDepartmentofEnergy
E-GovernmentApplicationsICAM IdentityCredentialampAccessManagementICPT IntegratedContractorPurchasingTeamIM InformationManagementI-MANAGE IntegratedManagementNavigationSystemIOAampT InfrastructureOfficeAutomation
andTelecommunicationsIPT IntegratedProjectTeamIPv6 InternetProtocolVersion6IRM InformationResourcesManagementIT InformationTechnologyLOB LineofBusinessMampO ManagementandOperatingNICE NationalInitiativefor
CybersecurityEducationNIST NationalInstituteofStandards
andTechnologyNNSA NationalNuclearSecurityAdministrationOCIO OfficeoftheChiefInformationOfficerOMB OfficeofManagementandBudgetOampM OperationsandMaintenancePKI PublicKeyInfrastructurePOAampM PlanofActionandMilestonesRMA RecordsManagementApplicationSPI SpectrumPolicyInitiativeSSP SharedServiceProviderSTAR ScienceampTechnologyin
AmericarsquosReinvestment
12of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Establishthehumancapitalandorganizationalfoundationtocreate ahigh-performingorganizationTheOCIOrecognizesthestrategicmanagementchallengerequiredtohireandretainahighly-skilledITworkforceandisworkingtoaddressthecriticalityofstrengtheninghumancapitalasadriverfororganizationaleffectivenessTheOfficeofManagementandBudget(OMB)hasidentifiedaspecifichuman-capitalinitiativethatisdirectedtowardaligningaprofessionalworkforceinsupportofaDepartmentrsquosmissiongoalsandstrategiesTheOCIOhasdevelopedrecruitmentrequirementstofocuseffortsonidentifyingqualifiedcandidateswhoareabletoeasilyadapttochangesbroughtaboutbynewtechnologiesandiscurrentlyidentifyinggapsinskillsandabilitiesofthecurrentworkforcedevelopinghiringplanscreatingtrainingandprofessionaldevelopmentplansanddocumentingnewefficientbusinessprocessesInadditioninitiativeshavebeenimplementedtofocusonmaximizingemployeeperformancebyinstitutingdevelopmentprogramsandenrichmentopportunitiesthatmotivateandinspireemployeesTheOCIOwillcontinuetorecruitandretainnewtalentforcriticalmanagementandmission-criticalpositionsinordertoachievekeyobjectivesAspartofitsstrategicplanningtheOCIOhasestablishedrolesandresponsibilitieshigh-levelprocessflowsandanorganizationstructuretopositionitselftobecomeahigh-performingorganization
ESSENTIALACTIONS Leveragepasteffectivenessefficiencyreviewsandneworganizationalandskillsassessmentstoidentifyplan andimplementchangestorolesresponsibilitiesandreportingrelationships
Re-alignexistingpersonnelresourcestomoreeffectivelymatchexistingskillstorequirements Rapidlyhiretop-qualitypersonnelasgapsareidentifiedparticularlyseniorstaffpositions Strengthenperformance-basedpersonnelmanagement Implementanewperformance-managementsystemtobetterrecognizeandrewardsuperiorperformance ensuringahigh-performingandaccountableworkforce
Implementaperformanceframeworkforaccountabilityattheemployeelevel Implementacomprehensivetrainingprogramtocloseskillgapsandsustaintechnicalcompetence
TaRGETED OuTCOMES
AlignedworkforceskillstoDOEmissionsandpriorities Increasedprofessionaldevelopmentwithin thefederalworkforce
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 13of25
strategicgoals
32 Strategic Goal 2
Identify and foster new and emerging information technology to maximize mission accomplishment and reduce costs
ThisstrategicgoalidentifiestheareasoffocusandtheprocessesbywhichnewandemergingtechnologyisassessedandcanbecomeanenablertoachievingtheDOEmissionTheOCIOrsquosroleinthisareaistosupportProgramsacrosstheDepartmenttoidentifyandfostertheacquisitionanduseofemergingITtoleveragenewcapabilitiesandrethinkhowtomanagecommunicateandinteractwithdepartmentalinformation
Objective1EstablishaformalsustainablefederaltechnologydeploymentprogramTheOCIOprovidesexpertiseand leadership topartnerorganizationsacross theDepartment in the identificationofnewandemergingtechnologythatisusefulinsupportingthemissionTosupportthisfunctionaChiefTechnologyOfficerhasbeenplacedandanOCIOOfficeofCorporateProjectshasbeenstooduptocoordinatepartnershipoutreachandtechnologyresearchefforts
ESSENTIALACTIONS Developandimplementatechnologyinnovationprocesstoensurewell-formedinputandhandoffs toITactivitiesacrosstheDepartment
DefineaprocessforeffectivelymanagingprojectswithintheOCIO RefinetheDOEITStrategicRoadmapprocess ExpandtheOCIOrsquostechnologyoutreachandleadershipviaaseriesofsummits
TaRGETED OuTCOMES
Reducedcostofmissionaccomplishmentsduetomoreproductivetoolsandprocesses
Improvedknowledgesharing
14of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2IdentifyandleverageinnovativeservicedeliverymethodsTheOCIOcontinuallymakesanefforttoprovidenecessarymissionsupportatthelowestpossiblecostandinthemosttransparentmannerByleveraginginnovativeservicedeliverymethodssuchason-demandinfrastructureviacloudcomputingtheDepartmentgainsflexibilityinmissionsupportatlowpredictablecostsTheDepartmentrsquoscloudcomputinginitiativeisfollowingtheFederalGovernmentrsquoscloudcomputingdirectionforpursuingcloudasthepreferredchoiceincapitalprojectsThisinitiativealsosupportstheFederalRiskandAuthorizationManagementProgram(FEDRAMP)certificationofprivatesectorcloudalternativesThisinitiativeiscloselylinkedtootherinitiativesincludingsustainabilityanddatacenterconsolidation
ESSENTIALACTIONS IdentifyandevaluateservicedeliverymethodsforuseatDOE Implementcloudcomputingservicedelivery Identifyandprovidebestpracticesincloudcomputingacquisition Developasourcingstrategyforinnovativeandemergingtechnologiessuchascloudcomputingvirtualizationmobilecomputingetc
TaRGETED OuTCOME
ReducedcostsofITcommodityservicesduetoincreaseduseofcloudcomputing andotherinnovativeservicedeliverymethods
Objective3IdentifyandfosteruseofgreentechnologytosupportenergyusereductiongoalsConsistentwiththeoverarchingstrategyofchangingthelandscapeofenergysupplyanddemandtheSecretaryhasestablishedenergyconsumptionreductiontargetsfortheagencyHistoricallyIToperationshavealwaysrequiredsignificantenergyinputsHowevernewtechnologiesandstrategiesareconstantlybeingdevelopedforenergyefficient ITserviceandoperations TheOCIOiscommittedtoidentifyingandleveragingnewtechnologyandtechniquestoensurethatITisasignificantcontributortothereductionofenergyconsumptionDepartment-wideTheOCIOispursuingactivitiestoimplementsoundITenergymanagementpracticesthatwillresultinreducedairconditioningcostsandsubstantialenergysavings
ESSENTIALACTIONS Promoteenergyconservationandpaperwastereductionbyraisingawarenessofpreferredalternativessuchassharedprintersandduplexprintingandtheuseofworkplacemulti-functiondevices
Reduce(metered)electricityconsumptiontoreflectofficeanddesktoppowermanagement ImproveDepartment-widepowermanagementofdesktopcomputersprintersetc IdentifyimproveddatacenterandspaceplanningthroughtheEnergySavingscontractandpublic-privatepartnerships
TaRGETED OuTCOME
ReducedDepartment-wideenergyconsumptionandintensitybyFY2015nolessthan30onaverageacrosstheentireDepartmentrelativetotheDepartmentrsquosenergyuseinFY2003
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 15of25
strategicgoals
33 Strategic Goal 3
Provide Departmental IT governance policy and oversight processes to ensure secure efficient and cost-effective use of IT resources
TheOCIOprovidesleadershipandcoordinationforDepartmentalITmanagementthrougheffectiveITgovernanceprovisioning of IT policy and the implementation of IT oversight processes related to enterprise architecture ITinvestmentmanagementandothercrosscuttingITfunctionsBypartneringwithDOEProgramsingovernanceandoversightprocessestheOCIOensuresthatITservicesandassetsremainalignedwithmissionneeds
Objective1ImplementandinstitutionalizeareformedintegratedinformationtechnologymanagementgovernanceprocessthattreatsMampOsdistinctivelydifferentthantruefederalentitiesTheOCIO is actively redesigning ITgovernancearound its strategicgoals andobjectivesanddoingawaywith thedisparateITgovernancemechanisms thatareoftenuncoordinatedand result inpoormanagement TheOCIO is rethinking itscurrentgovernancestructureandwill refocusandcoordinategovernancegroups toensureappropriateparticipationownershipandaccountability
ESSENTIALACTIONS ReviewandaddressITissuesusingtheappropriategovernancegroups IntegrateandalignexistinggovernancegroupsincludingtheInformationManagementGovernanceCouncilInformationTechnologyCouncilandassociatedworkinggroups
TaRGETED OuTCOME
Establishmentofcoordinatedgovernancegroupsandprocesseswithappropriateauthoritiesrolesandresponsibilities
16of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2EstablishandimplementrobustDepartmentalpolicyonITissues andappropriateIToversightprocessesAsadecentralizedDepartmentindividualProgramsandsitesacrosstheDOEcomplexperformtheacquisitionandmanagementofITresourcesTheOCIOisresponsibleforestablishingpolicyandstandardsandoverseeingDepartmentalITmanagementtotheappropriatedegreenecessarytoensureconsistencyinteroperabilityandsecurityImplementing IToversightprocessesensures that theDepartmentrsquosportfolioof IT investments fully addressDOErsquosbusinessneedsandstrategiesTheOCIOhassuccessfullyimplementedTechStataface-to-faceevidence-basedaccountabilityreviewofanITinvestmentresultinginconcreteactionstoevaluateITinvestmentsandtoaddressweaknessesandturnaroundtroubledinvestmentsTechStatisvitaltotheDepartmentrsquosabilitytoimproveline-of-sightbetweenteamsandseniormanagementandfacilitates closermanagement of IT project progresswith the ability to identify and address performance issues before theybecomecostlytofix
ESSENTIALACTIONS ReviewandupdateITpolicyandguidancetoaddresschangesinrequirements Identifyandaddressrequirementsfornewpolicyandguidanceinatimelymanner IdentifyHeadquarterandFieldinvestmentstobeincludedintheTechStatReviews ConductTechStatreviewsregularlyattheHeadquarterandProgramlevels MapOCIOpolicytointernalandexternalrequirements AddressgapstoensurethatasoundframeworkforITmanagementisestablished
TaRGETED OuTCOMES
Maintainedcompletedandup-to-datepolicyandguidanceonITacquisitionandmanagement EstablishedappropriateIToversightprocesses
IncreasedprecisionofongoingmeasurementofITinvestmenthealth Improvedaccountabilitywithfocusonconcreteactionstoimproveperformance
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 17of25
strategicgoals
Objective3RevitalizetherecordsmanagementprogramtoraisegeneralawarenessanddevelopplansTheDepartmenthasarenewedandreinvigoratedemphasisoncomprehensivefederalrecordsmanagementatDOEInaneraofrapidlychangingtechnologyrecordsarebeingcreatedandstoredinawidevarietyofformatsandmediaTraditionalprocessesofrecordsmanagementmustbeupdatedtoaddressthischangingenvironmentTheSecretaryofEnergyandtheDepartmentarededicatedtohavingacomprehensiverecordsmanagementprogramwherebythesystematiccontrolofthecreationmaintenancestorageanddispositionoffederalrecordsareensuredthroughtheestablishmentof andadherence to standardizedpoliciesprocesses and the trainingof federal staff andcontractors TheOCIOprovidesDepartmentalleadershipandcoordinationofthiseffort
ESSENTIALACTIONS DevelopaDepartmentRecordsManagementTacticalPlan Developarecordsinventoryanddispositionschedulelifecyclemanagementplan DevelopanddeployaDepartmentRecordsManagementTrainingcurriculum ProviderecommendationsfordocumentmanagementsystemsandRMAsystemscurrentlyavailable
TaRGETED OuTCOMES
EnsureduniformcompliancewithrecordsmanagementlawsandpracticesthroughDepartmentalrecordsmanagementgovernance UpdatedRecordsManagementpolicyviaanimprovedDOEOrder2431(B)thataddressespreviousshortcomingswithregardstorecordsmanagementandvitalrecordsgovernancemanagementandtraining
Developedcomprehensive(required)recordsmanagementtrainingthatensuresallDOEemployeesandcontractorsunderstandrecordmanagementrequirements ImplementRecordsManagementApplications(RMA) toensurethecontrolandmanagementofallldquopermanentrdquoandldquonon-permanentrdquorecordsacrosstheDepartmentincludinge-mail
Objective4EstablishstrongcooperativeinternalandexternalpartnershipsthatleadtoeffectiveinformationsharingandamutuallysupportiverelationshiptoachievingtheDOEmissionandapplicablefederalgoalsTheOCIOexercisesleadershipwithinandoutsidetheDepartmentthroughpartnershipsinsupportofAgencyandFederal-wideinitiativesSuchmutuallysupportivepartnershipsfostertrustandcommunicationandleadtotheidentificationofITmanagementbestpractices
ESSENTIALACTIONS EstablishmutuallysupportiverelationshipswithDOEProgramOfficesfunctionalmanagersandMampOCIOs Establishmutuallysupportiverelationshipswithotherfederalagencies
TaRGETED OuTCOMES
OCIOisarecognizedbusinesspartnerofDOEProgramOfficesfunctionalmanagersandMampOCIOs
ImprovedmanagementoffederalandprivatesectorpartnerinitiativessuchascloudcomputingIPv6andtheFederalRiskAuthorizationandManagementProgram(FedRAMP)
18of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
34 Strategic Goal 4
Strengthen Enterprise Situational Awareness to Foster Near-Real-Time Risk Management and Combat the Advanced Persistent Threat
Forge Interagency and Sector Partnerships to Protect Critical Infrastructure Promote Information Sharing and Advance Technologies for Cyber Defenses
TheDepartmentrsquosstrategicpathforwardforcybersecurityalignswithAdministrationprioritieswhichincludedeliveringsector-focusedcybersecuritysolutionstotheDefenseIndustrialBase(DIB)andprovidingleadershipintheexecutionoftheComprehensiveNationalCyberSecurityInitiative(CNCI)
We know that to achieve itsmissions DOEmust be forward-focused in defending its diverse infrastructure andbroadrangeofinformationassetsIncollaborationwithourNationalLaboratoriesandinter-agencypartnersweareleadingthetechnologicaladvancesnecessarytosecureoureconomicfutureanddefendGovernmentandcriticalinfrastructurefromincreasinglysophisticatedcyberattacks
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 19of25
strategicgoals
Objective1Implementaproactivecyberriskmanagementprogramthatensuresappropriateandcost-effectivesecuritytoenablemissionsandmeetlegalOMBandregulatoryrequirementsTheOCIOisleadingthedevelopmentoftheDepartmentrsquosRiskManagementApproach(RMA)fortheDepartmentrsquosCyberSecurityProgram(CSP)Thisapproachinstitutionalizesmission-focusedriskmanagementandlinemanagementaccountabilityforensuringappropriateprotectionofDOEinformationandinformationsystemsTheRMAandtheCSPrepresentanextensivecollaborativeeffortthatexemplifiestheDepartmentrsquosStrategicGoaltoldquoEstablishanoperationalandadaptableframeworkthatcombinesthebestwisdomofallDepartmentstakeholderstomaximizemissionsuccessrdquoTheRMAimplementsthefourcomponentsofriskmanagement(framingassessingrespondingandmonitoring)atallDOEorganizationlevelsTheOCIOpartnerswiththeOfficeofIntelligenceandCounterintelligence(IN)andtheIntelligenceCommunitytosharecriticalthreatinformationwiththeFederalcommunityacrosssecuritydomainsandrapidlyinformDOEprogramriskmanagementdecisionstoprotectagencyassetsTheOCIOwillcontinuetoexpandtheseeffortswhileleveragingadvancedresearchanddevelopmentcapabilitiestomitigatethefullspectrumofthreatsTheRMAdefinesgovernanceandprocessesfor assessingthreatsanalyzingrisksandsharingriskinformationthroughthecorporateriskexecutive informingrisk-baseddecisionsthatconsidermissionassuranceandcost-effectiveriskmitigationstrategiesprovidingtheappropriatebenefitfromavailablecybersecurityresourcesfirst
conveyingassuranceandconductingoversightand ensuringconsistencywithguidelinesfromtheNationalInstituteofStandardsandTechnology(NIST)andCommitteeonNationalSecuritySystems(CNSS)cyberrequirementsprocessesandprotections
TheRMAwillimplementautomatedenterpriseGovernanceRiskandCompliance(eGRC)capabilitiestoimprovedatacollectionaggregationand reportingThiseffortwill reducecosts re-direct resourcesandmanagement focus towardsoperationsandimproveOCIOcustomerservice
ESSENTIALACTIONS IdentifyanddocumentexistingRMAcapabilitiesincludingContractorAssuranceSystemssolutionsthatcouldbeleveragedinthetargetEnterprisecapability
FinalizeRMAmanagementplantoprograminputsfromSeniorDOEManagement ConductanddocumentRMAmaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimprovedRiskManagementdecisionsupport
TaRGETED OuTCOMES
Increasedresourceefficiencyandautomation Improvedsecuritypostureandenterprise situationalawareness
Increasedmissionassurancebetterinformed riskmanagementdecisions
20of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2ImplementacyberincidentmanagementprogramthatenhancessecurityoffederalandMampOnetworksandprovidesenterprise-widecoordinationandresponseThe OCIO is partnering with the NNSA OCIO the NationalLaboratoriesand INtodeveloptheDepartmentrsquosnextgenerationincidentmanagementcapabilityThis initiativeknownastheJointCyberSecurityCoordinationCenter(JC3)willintegrateDepartmentalincidentmanagementcapabilitiesintoacoordinatedresponseentitytoprovidefrontlinecyberdefenseandDepartment-levelsituationalawareness JC3 will strengthen DOErsquos role as a leader in thenational-level cybersecurity community through the timely sharingof DOE-derived cyber threat information with other agenciesJC3 will facilitate the aggregation correlation and deconflictionof inputs fromDepartment-wide sensor networks and other datasourcesprovidescomputer forensicanalysisandconductattacktrending tracking and mitigation of Advanced Persistent ThreatJC3 will coordinate incident management activities (Fxhibit 1)includingpreventiondetectioncontainmentandrecoveryforDOEElementsandcoordinatecommunicationsonbehalfoftheagencyfor cybersecurity events and emergency responsewithUS-CERTandagencypartners
ESSENTIALACTIONS IdentifyanddocumentexistingDOEIncidentManagementcapabilitiesincludingMampO-sponsoredsolutionsthatcouldbeleveragedintheJC3
DevelopJC3governancemodeltoincludeviableout-yearfundingmodel FinalizeprogrammanagementimplementationplanincludeplanforcoordinationofManagementExecutiveCouncil-DOECyberResearchandDevelopment(RampD)AdvanceTechnologiesinitiative
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimproveddecisionsupport
TaRGETED OuTCOMES
DocumentedenterprisebaselineofrequirementsmapexistingcapabilitiesincludingNationalLaboratoriesrsquoresourcesandexpertise ImprovedDOEenterpriseandGovernment-widecoordinationforresponsetosignificantcyberevents andAdvancedPersistentThreat
Improvedenterprise-wideeventmanagementreporting ImprovedleveragingofRampDandadvancedtechnologiestodetectandpreventcyberattacks
Preparationamp Prevention
Recover Era
dicat
e
ContainDet
ect
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
Figure1IncidentManagementLifecycle
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 21of25
strategicgoals
Objective3ImplementanenterprisecontinuousmonitoringstrategytocultivateactionableintelligenceandrapidlyinformmanagementactionOMBandFederalagencieshave increasingly recognized the limitedvalueofpoint-in-timesecurityauthorization for informingriskdecisionsandachievingeffectiveriskmanagementTheOCIOisleadingagencyeffortstodevelopContinuousMonitoring(CM)strategiesthatmoreeffectivelydirectandutilizeresourcesinprotectingagencyassetsThisCMprogramwillleveragetheRMAandshareOCIOeGRCcapabilitiestocultivateactionableintelligenceandenhancedecisionsupportfortheDOEanditsstakeholdersInimplementingtheCMprogramtheOCIOwill Identifyenterprise-levelCMinputsnecessarytobuildenterprisesituationalawarenessandinformriskmanagementdecisionsinnear-realtime(egthreatinformationstakeholdercommunicationflowsmissiondataetc)
Definetheprocessandperiodicityforreviewingandupdatingpoliciesstandardsandprocedurestomaintaincompliancewithcurrentstatutoryandregulatorydrivers
DescribehowCMdatawillbeaggregatedcorrelatedandanalyzedtoproduceactionableintelligenceandinformriskdecisionsincludingreporting
DevelopaCMImplementationPlanthat leveragesexistingresourcesfirst deploysinphasestocapturevaluequickly describesknowledgechainsandvaluepointsfororganization
AssessandmeasureprogrammaturitydevelopprocessesforcontinuousprogramimprovementtoincludeinnovationthroughRampDandadvancedtechnologiesoptimizationandlifecycleintegration
ESSENTIALACTIONS Identifyanddocumentgovernancecompliancerequirementsmodelsandprocessesthatimpactandcontributetocontinuousmonitoring
DevelopenterpriseCMStrategytoincludeincorporationofadvancedtechnologiesandinformationsharingwithinDOEorganizationsandexternallytotheFederalcommunity
ConductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyofCMStrategy
TaRGETED OuTCOMES
Integratedmulti-tiercontinuousmonitoringstrategythataddressesgovernanceenterpriseservicesandsystem-levelimplementation
AutomatedcommonreportingprocessforDOEHeadquartersProgramandSiteOffices InformedriskdecisionsusingcriticaldataflowsthatareidentifiedandincorporatedintoCMplans
22of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopmentNational workforce education and development initiatives such as the National Initiative for Cybersecurity Education (NICE)continue to underscore the critical importanceofwell-trained and capable cybersecurityworkforce to execute theprogramsthat support risk management and enable mission operations The OCIO is leading the enhancement of the Departmentrsquoscybersecurity trainingandworkforcedevelopmentprogram includingpartneringwithDepartmentofDefense to reducecostsbyleveragingtrainingresourcesThiseffortincludesamultiyearmulti-prongedapproachtowarddevelopingandmaintainingatrainingrepositorythatmapstrainingtocriticalcybersecurityrolesandindividualswithsignificantsecurityresponsibilitiesTheprogramiscentrallymanagedthroughtheOCIOandwillprovideafullscopeofadvancedtrainingresourcesandcapabilitiestoassistallDOEElements
ESSENTIALACTIONS DevelopenterpriseCybersecurityTrainingImplementationPlan Establishcommunicationsplantoensurecriticalrolesaremappedtoindividualsindividualtrainingplansareestablishedandcompletionratesaretracked
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyoftrainingprogram
TaRGETED OuTCOMES
Increasedworkforceawarenessandcapability improvedmitigationofinsiderthreat Improvedsecuritypostureandworkforcealignment withmissionpriorities
Identificationofkeycybersecurityroleswithineachorganizationincludingdocumentationofindividuals withsignificantsecurityresponsibility
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 23of25
appendix
Appendix A Strategic Initiatives
IdentityCredentialampAccessManagement(ICAM)This initiative establishes a framework for implementation of a variety ofidentity verification and access management capabilities It addressesrequirements related to HSPD-12 and enhances existing Public KeyInfrastructure (PKI) capabilities These key technologies enable theexchangeoftrustedidentitiesacrossDOEandwithotheragencypartnersHSPD-12 - This investment brings the Department in compliance withHomeland Security Presidential Directive 12 The initiative provides anenterprisestandards-basedauthenticationandauthorizationinfrastructurethatofferssecureseamlessbusinesstransactionsandinformationexchangewithinDOEandacrossmanydisparateagenciesandorganizationsTheprogramwillreduceexistinglogicalandphysicalsecurityvulnerabilitiesandmitigate risks toestablish theprerequisite levelofsecurity forcriticalenterprisebusinessfunctionsBoththetechnologysolutionsandongoingsupport providedby the initiativewill enableDOE to ensure that systemusers are who they claim to be (authentication) allow effective use ofdigitalsignatures(dataintegrityandaccountability)andrestrictaccesstoappropriatelyauthorizedusers(accesscontrol)PKI -ThemissionofPKISupportServicesistoprovideelectronicservicesrelated to authentication confidentiality privacy data integrity and non-repudiationthroughtheuseofdigitalidentitiesdigitalsignaturesandtwo-factorauthenticationtokensTheseservicesareavailabletoallcustomersthathaveavalidbusinessneedtosecureandtransmitsensitiveDepartmentdataandortherequirementtopositivelyidentifythemselvestoDepartmentresources
TaRGETED OuTCOMES ProvideastandardizedDOEIDCardcompliantwithHSPD-12andcapableofsupportingphysicalandlogicalaccessrequirementssuchascryptographicstorageofdigitalcredentialsintegratedstandards-basedbuildingproximitysupportandaprintedformatthatcomplieswithfederalIDcardrequirements EnhanceapublickeyinfrastructuresolutionthatcomplieswithfederalstandardsandsupportsDOErequirementsforconfidentialityintegrityandauthenticity ImplementanIIdentityCredentialandAccessManagementsolutionthatservesasthebasisofacommonsecurityinfrastructurethatcansupportdiversesystems EnsureDOEpublicexternalfacingserversand(web-enabled)servicestouseIPv6bytheendofFY2012
SustainabilityandFederalDataCenterConsolidationInitiativeThis initiative addresses requirements under the Federal Data CenterConsolidation Initiative (FDCCI) anOMB led initiative to consolidate andreducethenumberoffederaldatacentersItalsosupportsDepartmentalenergy reduction and sustainability goals as documented in the DOEStrategicSustainabilityPerformancePlanDatacenterreductiongoalswillbeachievedthroughincreasedefficienciessuchastheuseofvirtualizationconsolidation of requirements and implementation of increased use ofcloudcomputinginfrastructureasaservice
TaRGETED OuTCOMES ReducethenumberofDOEfederaldatacentersby6by2015
PerformanceManagementDashboardsThePerformanceManagementDashboards initiativeworkswithProgramOffices to develop business intelligence systems that inform seniorDOEmanagement about the effectiveness and efficiency of its program andfinancials This initiative also includes the development of Science ampTechnology in Americarsquos Reinvestment Metrics (STAR METRICS) formeasuring the effect of research on innovation competitiveness andscienceWhilethisinitiativeisintheearlystagesthegoalistouseProgramOfficeintelligencesystemstoleveragecontractorassurancesystemsandimprovethetransparencyofMampOcontractorperformance ThiswillprovideDOESenior Management visibility into contractor project performance muchearlierenablingimprovedperformancemanagement
TaRGETED OuTCOMES EstablishDOEintelligencesystemsthatprovidetransparencyandvisibilityintoprogramandfinancialperformance ProvideSeniorDOEManagementtimelyperformanceinformationtosupportdecision-makingviathePerformanceDashboards
24of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
appendix
FinancialAssistanceThe US Department of Energy (DOE) provides a significant amount offinancialassistancetosupportinnovationandprogressforAmericarsquosenergyscientificandnationalsecurityneedsevaluatingthousandsofapplicationseachyearandawardingbillionsofdollarsinfinancialassistanceDuetotheimportanceofDOErsquosinvestmentsandtheimpactofourresearchportfolioinsupportingournationalobjectivesandDOErsquosstrategicplantheDOEDeputySecretaryandOperationsManagementCouncildirectedtheOCIOtoconductanevaluationoffinancialassistancesystemswithinDOEto determine the scope of the opportunity to modernize the underlyingsystemsand services in support of financial assistanceprogramsat theDepartmentCurrentlyDOEreliesonamixofsystemsandprocessestoadministerfinancialassistanceawardsrangingfromin-housetooutsourcedproducts and has no single system or tool tomanageDOErsquos completeinvestmentportfolioAsaresulttheOCIOhasevaluatedfinancialassistancetechnologysolutionstoidentifyanoptimalapproachcontinuingourroleofprovidingtechnologyleadershippromotinginnovationandeffectiveoperationsacrossDOETherecommendationspromoteamoreintegratedenvironmentforcoordinatingexecutive insight into thefinancialassistanceactivitiesat thedepartmentandenablegreatertransparencyIn addition the effort promotes DOErsquos federal leadership initiatives suchas the STAR METRICS program which provides a common empiricalframeworktoidentifyoutcomesofresearchinvestmentsandpromotestheDepartmentrsquoscommitmenttoscienceandinnovation
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)TransitionThe IPv6 Transition initiative ensures DOE infrastructure and applicationlifecyclemanagement is aligned with the technical imperative and OMBdirectiontopreparefederalagenciestouseInternetProtocolVersion6by2014(OMBMemorandum92810)Agencydeadlinesinclude Upgradepublicexternalfacingserversandservices bytheendofFY2012
UpgradeinternalclientapplicationsbytheendofFY2014
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummitsTheOCIOhostsaseriesofsummitsfocusedonadvancedtechnologyandinnovationeffortsacrosstheDepartmentanditspartnerstohighlightwaysinwhichtheseactivitieshelpussucceedinourmissionandcontributetosuccessoftheNationrsquosgoalsandgrandchallengesThiseffortcontinuestheOCIOrsquosroleofpromotinginnovationshowcasingtechnologyleadershipandidentifyingopportunitiestomodernizeservicesandleveragethepowerof itThrough these types of forums opportunities are communicated anddiscussedinanopencollaborativeenvironmentandinitiativesacrossDOEcanbebroughttogethertopromotecollaborationandinformationsharingIndividuallysummitsprovidetopical-baseddiscussionsusecasesandbestpractices thatare linkedtoDOEandtheOCIOrsquoscontinualmodernizationandtechnologyreuseinitiativesandcreategreaterawarenessofthewaysweengageinourmissionOrganizationsparticipate fromacross theDOEenterprise includingotherfederalagenciesaswellaspublicandprivatepartnersandthesediscussionsprovide an opportunity to share stores and success helping identifycommonalitiesaswell asanunderstandingof theuniquecircumstancesencounteredbyindividualmissionsandoffices
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 25of25
appendix
FinancialAssistance
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)Transition
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummits
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
Appendix B List of Acronyms
ARB ArchitectureReviewBoardBRM BusinessReferenceModelCAM CorporateAssetManagementCampA CertificationandAccreditationCFO ChiefFinancialOfficerCIO ChiefInformationOfficerCHRIS CorporateHumanResource
InformationSystemCNCI ComprehensiveNational
CybersecurityInitiativeCNSS CommitteeforNationalSecuritySystemsCOTS CommercialOfftheShelfCPIC CapitalPlanningandInvestmentControlCRB CorporateReviewBudgetDIB DefenseIndustrialBaseDoe Department of energyEA EnterpriseArchitectureEATP EnterpriseArchitectureTransitionPlanEAWG EnterpriseArchitectureWorkingGroupEITS EnergyITServicesESNet EnergyScienceNetworkEVM EarnedValueManagementEWA EnterpriseWideAgreementEWSS Energy-WideStrategicSourcingFDCCI FederalDataCenterConsolidationInitiativeFEA FederalEnterpriseArchitectureFEDRAMP FederalRiskandAuthorization
ManagementProgramFFP FirmFixedPriceFGDC FederalGeographicDataCommitteeFISMA FederalInformationSecurity
ManagementActGLoB GeospatialLineofBusinessGPEA GovernmentPaperworkEliminationActGSA GeneralServicesAdministrationGSP GeospatialScienceProgramHSPD HomelandSecurityPresidentialDirectiveIDEA InnovativeDepartmentofEnergy
E-GovernmentApplicationsICAM IdentityCredentialampAccessManagementICPT IntegratedContractorPurchasingTeamIM InformationManagementI-MANAGE IntegratedManagementNavigationSystemIOAampT InfrastructureOfficeAutomation
andTelecommunicationsIPT IntegratedProjectTeamIPv6 InternetProtocolVersion6IRM InformationResourcesManagementIT InformationTechnologyLOB LineofBusinessMampO ManagementandOperatingNICE NationalInitiativefor
CybersecurityEducationNIST NationalInstituteofStandards
andTechnologyNNSA NationalNuclearSecurityAdministrationOCIO OfficeoftheChiefInformationOfficerOMB OfficeofManagementandBudgetOampM OperationsandMaintenancePKI PublicKeyInfrastructurePOAampM PlanofActionandMilestonesRMA RecordsManagementApplicationSPI SpectrumPolicyInitiativeSSP SharedServiceProviderSTAR ScienceampTechnologyin
AmericarsquosReinvestment
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 13of25
strategicgoals
32 Strategic Goal 2
Identify and foster new and emerging information technology to maximize mission accomplishment and reduce costs
ThisstrategicgoalidentifiestheareasoffocusandtheprocessesbywhichnewandemergingtechnologyisassessedandcanbecomeanenablertoachievingtheDOEmissionTheOCIOrsquosroleinthisareaistosupportProgramsacrosstheDepartmenttoidentifyandfostertheacquisitionanduseofemergingITtoleveragenewcapabilitiesandrethinkhowtomanagecommunicateandinteractwithdepartmentalinformation
Objective1EstablishaformalsustainablefederaltechnologydeploymentprogramTheOCIOprovidesexpertiseand leadership topartnerorganizationsacross theDepartment in the identificationofnewandemergingtechnologythatisusefulinsupportingthemissionTosupportthisfunctionaChiefTechnologyOfficerhasbeenplacedandanOCIOOfficeofCorporateProjectshasbeenstooduptocoordinatepartnershipoutreachandtechnologyresearchefforts
ESSENTIALACTIONS Developandimplementatechnologyinnovationprocesstoensurewell-formedinputandhandoffs toITactivitiesacrosstheDepartment
DefineaprocessforeffectivelymanagingprojectswithintheOCIO RefinetheDOEITStrategicRoadmapprocess ExpandtheOCIOrsquostechnologyoutreachandleadershipviaaseriesofsummits
TaRGETED OuTCOMES
Reducedcostofmissionaccomplishmentsduetomoreproductivetoolsandprocesses
Improvedknowledgesharing
14of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2IdentifyandleverageinnovativeservicedeliverymethodsTheOCIOcontinuallymakesanefforttoprovidenecessarymissionsupportatthelowestpossiblecostandinthemosttransparentmannerByleveraginginnovativeservicedeliverymethodssuchason-demandinfrastructureviacloudcomputingtheDepartmentgainsflexibilityinmissionsupportatlowpredictablecostsTheDepartmentrsquoscloudcomputinginitiativeisfollowingtheFederalGovernmentrsquoscloudcomputingdirectionforpursuingcloudasthepreferredchoiceincapitalprojectsThisinitiativealsosupportstheFederalRiskandAuthorizationManagementProgram(FEDRAMP)certificationofprivatesectorcloudalternativesThisinitiativeiscloselylinkedtootherinitiativesincludingsustainabilityanddatacenterconsolidation
ESSENTIALACTIONS IdentifyandevaluateservicedeliverymethodsforuseatDOE Implementcloudcomputingservicedelivery Identifyandprovidebestpracticesincloudcomputingacquisition Developasourcingstrategyforinnovativeandemergingtechnologiessuchascloudcomputingvirtualizationmobilecomputingetc
TaRGETED OuTCOME
ReducedcostsofITcommodityservicesduetoincreaseduseofcloudcomputing andotherinnovativeservicedeliverymethods
Objective3IdentifyandfosteruseofgreentechnologytosupportenergyusereductiongoalsConsistentwiththeoverarchingstrategyofchangingthelandscapeofenergysupplyanddemandtheSecretaryhasestablishedenergyconsumptionreductiontargetsfortheagencyHistoricallyIToperationshavealwaysrequiredsignificantenergyinputsHowevernewtechnologiesandstrategiesareconstantlybeingdevelopedforenergyefficient ITserviceandoperations TheOCIOiscommittedtoidentifyingandleveragingnewtechnologyandtechniquestoensurethatITisasignificantcontributortothereductionofenergyconsumptionDepartment-wideTheOCIOispursuingactivitiestoimplementsoundITenergymanagementpracticesthatwillresultinreducedairconditioningcostsandsubstantialenergysavings
ESSENTIALACTIONS Promoteenergyconservationandpaperwastereductionbyraisingawarenessofpreferredalternativessuchassharedprintersandduplexprintingandtheuseofworkplacemulti-functiondevices
Reduce(metered)electricityconsumptiontoreflectofficeanddesktoppowermanagement ImproveDepartment-widepowermanagementofdesktopcomputersprintersetc IdentifyimproveddatacenterandspaceplanningthroughtheEnergySavingscontractandpublic-privatepartnerships
TaRGETED OuTCOME
ReducedDepartment-wideenergyconsumptionandintensitybyFY2015nolessthan30onaverageacrosstheentireDepartmentrelativetotheDepartmentrsquosenergyuseinFY2003
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 15of25
strategicgoals
33 Strategic Goal 3
Provide Departmental IT governance policy and oversight processes to ensure secure efficient and cost-effective use of IT resources
TheOCIOprovidesleadershipandcoordinationforDepartmentalITmanagementthrougheffectiveITgovernanceprovisioning of IT policy and the implementation of IT oversight processes related to enterprise architecture ITinvestmentmanagementandothercrosscuttingITfunctionsBypartneringwithDOEProgramsingovernanceandoversightprocessestheOCIOensuresthatITservicesandassetsremainalignedwithmissionneeds
Objective1ImplementandinstitutionalizeareformedintegratedinformationtechnologymanagementgovernanceprocessthattreatsMampOsdistinctivelydifferentthantruefederalentitiesTheOCIO is actively redesigning ITgovernancearound its strategicgoals andobjectivesanddoingawaywith thedisparateITgovernancemechanisms thatareoftenuncoordinatedand result inpoormanagement TheOCIO is rethinking itscurrentgovernancestructureandwill refocusandcoordinategovernancegroups toensureappropriateparticipationownershipandaccountability
ESSENTIALACTIONS ReviewandaddressITissuesusingtheappropriategovernancegroups IntegrateandalignexistinggovernancegroupsincludingtheInformationManagementGovernanceCouncilInformationTechnologyCouncilandassociatedworkinggroups
TaRGETED OuTCOME
Establishmentofcoordinatedgovernancegroupsandprocesseswithappropriateauthoritiesrolesandresponsibilities
16of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2EstablishandimplementrobustDepartmentalpolicyonITissues andappropriateIToversightprocessesAsadecentralizedDepartmentindividualProgramsandsitesacrosstheDOEcomplexperformtheacquisitionandmanagementofITresourcesTheOCIOisresponsibleforestablishingpolicyandstandardsandoverseeingDepartmentalITmanagementtotheappropriatedegreenecessarytoensureconsistencyinteroperabilityandsecurityImplementing IToversightprocessesensures that theDepartmentrsquosportfolioof IT investments fully addressDOErsquosbusinessneedsandstrategiesTheOCIOhassuccessfullyimplementedTechStataface-to-faceevidence-basedaccountabilityreviewofanITinvestmentresultinginconcreteactionstoevaluateITinvestmentsandtoaddressweaknessesandturnaroundtroubledinvestmentsTechStatisvitaltotheDepartmentrsquosabilitytoimproveline-of-sightbetweenteamsandseniormanagementandfacilitates closermanagement of IT project progresswith the ability to identify and address performance issues before theybecomecostlytofix
ESSENTIALACTIONS ReviewandupdateITpolicyandguidancetoaddresschangesinrequirements Identifyandaddressrequirementsfornewpolicyandguidanceinatimelymanner IdentifyHeadquarterandFieldinvestmentstobeincludedintheTechStatReviews ConductTechStatreviewsregularlyattheHeadquarterandProgramlevels MapOCIOpolicytointernalandexternalrequirements AddressgapstoensurethatasoundframeworkforITmanagementisestablished
TaRGETED OuTCOMES
Maintainedcompletedandup-to-datepolicyandguidanceonITacquisitionandmanagement EstablishedappropriateIToversightprocesses
IncreasedprecisionofongoingmeasurementofITinvestmenthealth Improvedaccountabilitywithfocusonconcreteactionstoimproveperformance
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 17of25
strategicgoals
Objective3RevitalizetherecordsmanagementprogramtoraisegeneralawarenessanddevelopplansTheDepartmenthasarenewedandreinvigoratedemphasisoncomprehensivefederalrecordsmanagementatDOEInaneraofrapidlychangingtechnologyrecordsarebeingcreatedandstoredinawidevarietyofformatsandmediaTraditionalprocessesofrecordsmanagementmustbeupdatedtoaddressthischangingenvironmentTheSecretaryofEnergyandtheDepartmentarededicatedtohavingacomprehensiverecordsmanagementprogramwherebythesystematiccontrolofthecreationmaintenancestorageanddispositionoffederalrecordsareensuredthroughtheestablishmentof andadherence to standardizedpoliciesprocesses and the trainingof federal staff andcontractors TheOCIOprovidesDepartmentalleadershipandcoordinationofthiseffort
ESSENTIALACTIONS DevelopaDepartmentRecordsManagementTacticalPlan Developarecordsinventoryanddispositionschedulelifecyclemanagementplan DevelopanddeployaDepartmentRecordsManagementTrainingcurriculum ProviderecommendationsfordocumentmanagementsystemsandRMAsystemscurrentlyavailable
TaRGETED OuTCOMES
EnsureduniformcompliancewithrecordsmanagementlawsandpracticesthroughDepartmentalrecordsmanagementgovernance UpdatedRecordsManagementpolicyviaanimprovedDOEOrder2431(B)thataddressespreviousshortcomingswithregardstorecordsmanagementandvitalrecordsgovernancemanagementandtraining
Developedcomprehensive(required)recordsmanagementtrainingthatensuresallDOEemployeesandcontractorsunderstandrecordmanagementrequirements ImplementRecordsManagementApplications(RMA) toensurethecontrolandmanagementofallldquopermanentrdquoandldquonon-permanentrdquorecordsacrosstheDepartmentincludinge-mail
Objective4EstablishstrongcooperativeinternalandexternalpartnershipsthatleadtoeffectiveinformationsharingandamutuallysupportiverelationshiptoachievingtheDOEmissionandapplicablefederalgoalsTheOCIOexercisesleadershipwithinandoutsidetheDepartmentthroughpartnershipsinsupportofAgencyandFederal-wideinitiativesSuchmutuallysupportivepartnershipsfostertrustandcommunicationandleadtotheidentificationofITmanagementbestpractices
ESSENTIALACTIONS EstablishmutuallysupportiverelationshipswithDOEProgramOfficesfunctionalmanagersandMampOCIOs Establishmutuallysupportiverelationshipswithotherfederalagencies
TaRGETED OuTCOMES
OCIOisarecognizedbusinesspartnerofDOEProgramOfficesfunctionalmanagersandMampOCIOs
ImprovedmanagementoffederalandprivatesectorpartnerinitiativessuchascloudcomputingIPv6andtheFederalRiskAuthorizationandManagementProgram(FedRAMP)
18of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
34 Strategic Goal 4
Strengthen Enterprise Situational Awareness to Foster Near-Real-Time Risk Management and Combat the Advanced Persistent Threat
Forge Interagency and Sector Partnerships to Protect Critical Infrastructure Promote Information Sharing and Advance Technologies for Cyber Defenses
TheDepartmentrsquosstrategicpathforwardforcybersecurityalignswithAdministrationprioritieswhichincludedeliveringsector-focusedcybersecuritysolutionstotheDefenseIndustrialBase(DIB)andprovidingleadershipintheexecutionoftheComprehensiveNationalCyberSecurityInitiative(CNCI)
We know that to achieve itsmissions DOEmust be forward-focused in defending its diverse infrastructure andbroadrangeofinformationassetsIncollaborationwithourNationalLaboratoriesandinter-agencypartnersweareleadingthetechnologicaladvancesnecessarytosecureoureconomicfutureanddefendGovernmentandcriticalinfrastructurefromincreasinglysophisticatedcyberattacks
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 19of25
strategicgoals
Objective1Implementaproactivecyberriskmanagementprogramthatensuresappropriateandcost-effectivesecuritytoenablemissionsandmeetlegalOMBandregulatoryrequirementsTheOCIOisleadingthedevelopmentoftheDepartmentrsquosRiskManagementApproach(RMA)fortheDepartmentrsquosCyberSecurityProgram(CSP)Thisapproachinstitutionalizesmission-focusedriskmanagementandlinemanagementaccountabilityforensuringappropriateprotectionofDOEinformationandinformationsystemsTheRMAandtheCSPrepresentanextensivecollaborativeeffortthatexemplifiestheDepartmentrsquosStrategicGoaltoldquoEstablishanoperationalandadaptableframeworkthatcombinesthebestwisdomofallDepartmentstakeholderstomaximizemissionsuccessrdquoTheRMAimplementsthefourcomponentsofriskmanagement(framingassessingrespondingandmonitoring)atallDOEorganizationlevelsTheOCIOpartnerswiththeOfficeofIntelligenceandCounterintelligence(IN)andtheIntelligenceCommunitytosharecriticalthreatinformationwiththeFederalcommunityacrosssecuritydomainsandrapidlyinformDOEprogramriskmanagementdecisionstoprotectagencyassetsTheOCIOwillcontinuetoexpandtheseeffortswhileleveragingadvancedresearchanddevelopmentcapabilitiestomitigatethefullspectrumofthreatsTheRMAdefinesgovernanceandprocessesfor assessingthreatsanalyzingrisksandsharingriskinformationthroughthecorporateriskexecutive informingrisk-baseddecisionsthatconsidermissionassuranceandcost-effectiveriskmitigationstrategiesprovidingtheappropriatebenefitfromavailablecybersecurityresourcesfirst
conveyingassuranceandconductingoversightand ensuringconsistencywithguidelinesfromtheNationalInstituteofStandardsandTechnology(NIST)andCommitteeonNationalSecuritySystems(CNSS)cyberrequirementsprocessesandprotections
TheRMAwillimplementautomatedenterpriseGovernanceRiskandCompliance(eGRC)capabilitiestoimprovedatacollectionaggregationand reportingThiseffortwill reducecosts re-direct resourcesandmanagement focus towardsoperationsandimproveOCIOcustomerservice
ESSENTIALACTIONS IdentifyanddocumentexistingRMAcapabilitiesincludingContractorAssuranceSystemssolutionsthatcouldbeleveragedinthetargetEnterprisecapability
FinalizeRMAmanagementplantoprograminputsfromSeniorDOEManagement ConductanddocumentRMAmaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimprovedRiskManagementdecisionsupport
TaRGETED OuTCOMES
Increasedresourceefficiencyandautomation Improvedsecuritypostureandenterprise situationalawareness
Increasedmissionassurancebetterinformed riskmanagementdecisions
20of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2ImplementacyberincidentmanagementprogramthatenhancessecurityoffederalandMampOnetworksandprovidesenterprise-widecoordinationandresponseThe OCIO is partnering with the NNSA OCIO the NationalLaboratoriesand INtodeveloptheDepartmentrsquosnextgenerationincidentmanagementcapabilityThis initiativeknownastheJointCyberSecurityCoordinationCenter(JC3)willintegrateDepartmentalincidentmanagementcapabilitiesintoacoordinatedresponseentitytoprovidefrontlinecyberdefenseandDepartment-levelsituationalawareness JC3 will strengthen DOErsquos role as a leader in thenational-level cybersecurity community through the timely sharingof DOE-derived cyber threat information with other agenciesJC3 will facilitate the aggregation correlation and deconflictionof inputs fromDepartment-wide sensor networks and other datasourcesprovidescomputer forensicanalysisandconductattacktrending tracking and mitigation of Advanced Persistent ThreatJC3 will coordinate incident management activities (Fxhibit 1)includingpreventiondetectioncontainmentandrecoveryforDOEElementsandcoordinatecommunicationsonbehalfoftheagencyfor cybersecurity events and emergency responsewithUS-CERTandagencypartners
ESSENTIALACTIONS IdentifyanddocumentexistingDOEIncidentManagementcapabilitiesincludingMampO-sponsoredsolutionsthatcouldbeleveragedintheJC3
DevelopJC3governancemodeltoincludeviableout-yearfundingmodel FinalizeprogrammanagementimplementationplanincludeplanforcoordinationofManagementExecutiveCouncil-DOECyberResearchandDevelopment(RampD)AdvanceTechnologiesinitiative
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimproveddecisionsupport
TaRGETED OuTCOMES
DocumentedenterprisebaselineofrequirementsmapexistingcapabilitiesincludingNationalLaboratoriesrsquoresourcesandexpertise ImprovedDOEenterpriseandGovernment-widecoordinationforresponsetosignificantcyberevents andAdvancedPersistentThreat
Improvedenterprise-wideeventmanagementreporting ImprovedleveragingofRampDandadvancedtechnologiestodetectandpreventcyberattacks
Preparationamp Prevention
Recover Era
dicat
e
ContainDet
ect
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
Figure1IncidentManagementLifecycle
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 21of25
strategicgoals
Objective3ImplementanenterprisecontinuousmonitoringstrategytocultivateactionableintelligenceandrapidlyinformmanagementactionOMBandFederalagencieshave increasingly recognized the limitedvalueofpoint-in-timesecurityauthorization for informingriskdecisionsandachievingeffectiveriskmanagementTheOCIOisleadingagencyeffortstodevelopContinuousMonitoring(CM)strategiesthatmoreeffectivelydirectandutilizeresourcesinprotectingagencyassetsThisCMprogramwillleveragetheRMAandshareOCIOeGRCcapabilitiestocultivateactionableintelligenceandenhancedecisionsupportfortheDOEanditsstakeholdersInimplementingtheCMprogramtheOCIOwill Identifyenterprise-levelCMinputsnecessarytobuildenterprisesituationalawarenessandinformriskmanagementdecisionsinnear-realtime(egthreatinformationstakeholdercommunicationflowsmissiondataetc)
Definetheprocessandperiodicityforreviewingandupdatingpoliciesstandardsandprocedurestomaintaincompliancewithcurrentstatutoryandregulatorydrivers
DescribehowCMdatawillbeaggregatedcorrelatedandanalyzedtoproduceactionableintelligenceandinformriskdecisionsincludingreporting
DevelopaCMImplementationPlanthat leveragesexistingresourcesfirst deploysinphasestocapturevaluequickly describesknowledgechainsandvaluepointsfororganization
AssessandmeasureprogrammaturitydevelopprocessesforcontinuousprogramimprovementtoincludeinnovationthroughRampDandadvancedtechnologiesoptimizationandlifecycleintegration
ESSENTIALACTIONS Identifyanddocumentgovernancecompliancerequirementsmodelsandprocessesthatimpactandcontributetocontinuousmonitoring
DevelopenterpriseCMStrategytoincludeincorporationofadvancedtechnologiesandinformationsharingwithinDOEorganizationsandexternallytotheFederalcommunity
ConductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyofCMStrategy
TaRGETED OuTCOMES
Integratedmulti-tiercontinuousmonitoringstrategythataddressesgovernanceenterpriseservicesandsystem-levelimplementation
AutomatedcommonreportingprocessforDOEHeadquartersProgramandSiteOffices InformedriskdecisionsusingcriticaldataflowsthatareidentifiedandincorporatedintoCMplans
22of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopmentNational workforce education and development initiatives such as the National Initiative for Cybersecurity Education (NICE)continue to underscore the critical importanceofwell-trained and capable cybersecurityworkforce to execute theprogramsthat support risk management and enable mission operations The OCIO is leading the enhancement of the Departmentrsquoscybersecurity trainingandworkforcedevelopmentprogram includingpartneringwithDepartmentofDefense to reducecostsbyleveragingtrainingresourcesThiseffortincludesamultiyearmulti-prongedapproachtowarddevelopingandmaintainingatrainingrepositorythatmapstrainingtocriticalcybersecurityrolesandindividualswithsignificantsecurityresponsibilitiesTheprogramiscentrallymanagedthroughtheOCIOandwillprovideafullscopeofadvancedtrainingresourcesandcapabilitiestoassistallDOEElements
ESSENTIALACTIONS DevelopenterpriseCybersecurityTrainingImplementationPlan Establishcommunicationsplantoensurecriticalrolesaremappedtoindividualsindividualtrainingplansareestablishedandcompletionratesaretracked
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyoftrainingprogram
TaRGETED OuTCOMES
Increasedworkforceawarenessandcapability improvedmitigationofinsiderthreat Improvedsecuritypostureandworkforcealignment withmissionpriorities
Identificationofkeycybersecurityroleswithineachorganizationincludingdocumentationofindividuals withsignificantsecurityresponsibility
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 23of25
appendix
Appendix A Strategic Initiatives
IdentityCredentialampAccessManagement(ICAM)This initiative establishes a framework for implementation of a variety ofidentity verification and access management capabilities It addressesrequirements related to HSPD-12 and enhances existing Public KeyInfrastructure (PKI) capabilities These key technologies enable theexchangeoftrustedidentitiesacrossDOEandwithotheragencypartnersHSPD-12 - This investment brings the Department in compliance withHomeland Security Presidential Directive 12 The initiative provides anenterprisestandards-basedauthenticationandauthorizationinfrastructurethatofferssecureseamlessbusinesstransactionsandinformationexchangewithinDOEandacrossmanydisparateagenciesandorganizationsTheprogramwillreduceexistinglogicalandphysicalsecurityvulnerabilitiesandmitigate risks toestablish theprerequisite levelofsecurity forcriticalenterprisebusinessfunctionsBoththetechnologysolutionsandongoingsupport providedby the initiativewill enableDOE to ensure that systemusers are who they claim to be (authentication) allow effective use ofdigitalsignatures(dataintegrityandaccountability)andrestrictaccesstoappropriatelyauthorizedusers(accesscontrol)PKI -ThemissionofPKISupportServicesistoprovideelectronicservicesrelated to authentication confidentiality privacy data integrity and non-repudiationthroughtheuseofdigitalidentitiesdigitalsignaturesandtwo-factorauthenticationtokensTheseservicesareavailabletoallcustomersthathaveavalidbusinessneedtosecureandtransmitsensitiveDepartmentdataandortherequirementtopositivelyidentifythemselvestoDepartmentresources
TaRGETED OuTCOMES ProvideastandardizedDOEIDCardcompliantwithHSPD-12andcapableofsupportingphysicalandlogicalaccessrequirementssuchascryptographicstorageofdigitalcredentialsintegratedstandards-basedbuildingproximitysupportandaprintedformatthatcomplieswithfederalIDcardrequirements EnhanceapublickeyinfrastructuresolutionthatcomplieswithfederalstandardsandsupportsDOErequirementsforconfidentialityintegrityandauthenticity ImplementanIIdentityCredentialandAccessManagementsolutionthatservesasthebasisofacommonsecurityinfrastructurethatcansupportdiversesystems EnsureDOEpublicexternalfacingserversand(web-enabled)servicestouseIPv6bytheendofFY2012
SustainabilityandFederalDataCenterConsolidationInitiativeThis initiative addresses requirements under the Federal Data CenterConsolidation Initiative (FDCCI) anOMB led initiative to consolidate andreducethenumberoffederaldatacentersItalsosupportsDepartmentalenergy reduction and sustainability goals as documented in the DOEStrategicSustainabilityPerformancePlanDatacenterreductiongoalswillbeachievedthroughincreasedefficienciessuchastheuseofvirtualizationconsolidation of requirements and implementation of increased use ofcloudcomputinginfrastructureasaservice
TaRGETED OuTCOMES ReducethenumberofDOEfederaldatacentersby6by2015
PerformanceManagementDashboardsThePerformanceManagementDashboards initiativeworkswithProgramOffices to develop business intelligence systems that inform seniorDOEmanagement about the effectiveness and efficiency of its program andfinancials This initiative also includes the development of Science ampTechnology in Americarsquos Reinvestment Metrics (STAR METRICS) formeasuring the effect of research on innovation competitiveness andscienceWhilethisinitiativeisintheearlystagesthegoalistouseProgramOfficeintelligencesystemstoleveragecontractorassurancesystemsandimprovethetransparencyofMampOcontractorperformance ThiswillprovideDOESenior Management visibility into contractor project performance muchearlierenablingimprovedperformancemanagement
TaRGETED OuTCOMES EstablishDOEintelligencesystemsthatprovidetransparencyandvisibilityintoprogramandfinancialperformance ProvideSeniorDOEManagementtimelyperformanceinformationtosupportdecision-makingviathePerformanceDashboards
24of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
appendix
FinancialAssistanceThe US Department of Energy (DOE) provides a significant amount offinancialassistancetosupportinnovationandprogressforAmericarsquosenergyscientificandnationalsecurityneedsevaluatingthousandsofapplicationseachyearandawardingbillionsofdollarsinfinancialassistanceDuetotheimportanceofDOErsquosinvestmentsandtheimpactofourresearchportfolioinsupportingournationalobjectivesandDOErsquosstrategicplantheDOEDeputySecretaryandOperationsManagementCouncildirectedtheOCIOtoconductanevaluationoffinancialassistancesystemswithinDOEto determine the scope of the opportunity to modernize the underlyingsystemsand services in support of financial assistanceprogramsat theDepartmentCurrentlyDOEreliesonamixofsystemsandprocessestoadministerfinancialassistanceawardsrangingfromin-housetooutsourcedproducts and has no single system or tool tomanageDOErsquos completeinvestmentportfolioAsaresulttheOCIOhasevaluatedfinancialassistancetechnologysolutionstoidentifyanoptimalapproachcontinuingourroleofprovidingtechnologyleadershippromotinginnovationandeffectiveoperationsacrossDOETherecommendationspromoteamoreintegratedenvironmentforcoordinatingexecutive insight into thefinancialassistanceactivitiesat thedepartmentandenablegreatertransparencyIn addition the effort promotes DOErsquos federal leadership initiatives suchas the STAR METRICS program which provides a common empiricalframeworktoidentifyoutcomesofresearchinvestmentsandpromotestheDepartmentrsquoscommitmenttoscienceandinnovation
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)TransitionThe IPv6 Transition initiative ensures DOE infrastructure and applicationlifecyclemanagement is aligned with the technical imperative and OMBdirectiontopreparefederalagenciestouseInternetProtocolVersion6by2014(OMBMemorandum92810)Agencydeadlinesinclude Upgradepublicexternalfacingserversandservices bytheendofFY2012
UpgradeinternalclientapplicationsbytheendofFY2014
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummitsTheOCIOhostsaseriesofsummitsfocusedonadvancedtechnologyandinnovationeffortsacrosstheDepartmentanditspartnerstohighlightwaysinwhichtheseactivitieshelpussucceedinourmissionandcontributetosuccessoftheNationrsquosgoalsandgrandchallengesThiseffortcontinuestheOCIOrsquosroleofpromotinginnovationshowcasingtechnologyleadershipandidentifyingopportunitiestomodernizeservicesandleveragethepowerof itThrough these types of forums opportunities are communicated anddiscussedinanopencollaborativeenvironmentandinitiativesacrossDOEcanbebroughttogethertopromotecollaborationandinformationsharingIndividuallysummitsprovidetopical-baseddiscussionsusecasesandbestpractices thatare linkedtoDOEandtheOCIOrsquoscontinualmodernizationandtechnologyreuseinitiativesandcreategreaterawarenessofthewaysweengageinourmissionOrganizationsparticipate fromacross theDOEenterprise includingotherfederalagenciesaswellaspublicandprivatepartnersandthesediscussionsprovide an opportunity to share stores and success helping identifycommonalitiesaswell asanunderstandingof theuniquecircumstancesencounteredbyindividualmissionsandoffices
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 25of25
appendix
FinancialAssistance
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)Transition
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummits
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
Appendix B List of Acronyms
ARB ArchitectureReviewBoardBRM BusinessReferenceModelCAM CorporateAssetManagementCampA CertificationandAccreditationCFO ChiefFinancialOfficerCIO ChiefInformationOfficerCHRIS CorporateHumanResource
InformationSystemCNCI ComprehensiveNational
CybersecurityInitiativeCNSS CommitteeforNationalSecuritySystemsCOTS CommercialOfftheShelfCPIC CapitalPlanningandInvestmentControlCRB CorporateReviewBudgetDIB DefenseIndustrialBaseDoe Department of energyEA EnterpriseArchitectureEATP EnterpriseArchitectureTransitionPlanEAWG EnterpriseArchitectureWorkingGroupEITS EnergyITServicesESNet EnergyScienceNetworkEVM EarnedValueManagementEWA EnterpriseWideAgreementEWSS Energy-WideStrategicSourcingFDCCI FederalDataCenterConsolidationInitiativeFEA FederalEnterpriseArchitectureFEDRAMP FederalRiskandAuthorization
ManagementProgramFFP FirmFixedPriceFGDC FederalGeographicDataCommitteeFISMA FederalInformationSecurity
ManagementActGLoB GeospatialLineofBusinessGPEA GovernmentPaperworkEliminationActGSA GeneralServicesAdministrationGSP GeospatialScienceProgramHSPD HomelandSecurityPresidentialDirectiveIDEA InnovativeDepartmentofEnergy
E-GovernmentApplicationsICAM IdentityCredentialampAccessManagementICPT IntegratedContractorPurchasingTeamIM InformationManagementI-MANAGE IntegratedManagementNavigationSystemIOAampT InfrastructureOfficeAutomation
andTelecommunicationsIPT IntegratedProjectTeamIPv6 InternetProtocolVersion6IRM InformationResourcesManagementIT InformationTechnologyLOB LineofBusinessMampO ManagementandOperatingNICE NationalInitiativefor
CybersecurityEducationNIST NationalInstituteofStandards
andTechnologyNNSA NationalNuclearSecurityAdministrationOCIO OfficeoftheChiefInformationOfficerOMB OfficeofManagementandBudgetOampM OperationsandMaintenancePKI PublicKeyInfrastructurePOAampM PlanofActionandMilestonesRMA RecordsManagementApplicationSPI SpectrumPolicyInitiativeSSP SharedServiceProviderSTAR ScienceampTechnologyin
AmericarsquosReinvestment
14of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2IdentifyandleverageinnovativeservicedeliverymethodsTheOCIOcontinuallymakesanefforttoprovidenecessarymissionsupportatthelowestpossiblecostandinthemosttransparentmannerByleveraginginnovativeservicedeliverymethodssuchason-demandinfrastructureviacloudcomputingtheDepartmentgainsflexibilityinmissionsupportatlowpredictablecostsTheDepartmentrsquoscloudcomputinginitiativeisfollowingtheFederalGovernmentrsquoscloudcomputingdirectionforpursuingcloudasthepreferredchoiceincapitalprojectsThisinitiativealsosupportstheFederalRiskandAuthorizationManagementProgram(FEDRAMP)certificationofprivatesectorcloudalternativesThisinitiativeiscloselylinkedtootherinitiativesincludingsustainabilityanddatacenterconsolidation
ESSENTIALACTIONS IdentifyandevaluateservicedeliverymethodsforuseatDOE Implementcloudcomputingservicedelivery Identifyandprovidebestpracticesincloudcomputingacquisition Developasourcingstrategyforinnovativeandemergingtechnologiessuchascloudcomputingvirtualizationmobilecomputingetc
TaRGETED OuTCOME
ReducedcostsofITcommodityservicesduetoincreaseduseofcloudcomputing andotherinnovativeservicedeliverymethods
Objective3IdentifyandfosteruseofgreentechnologytosupportenergyusereductiongoalsConsistentwiththeoverarchingstrategyofchangingthelandscapeofenergysupplyanddemandtheSecretaryhasestablishedenergyconsumptionreductiontargetsfortheagencyHistoricallyIToperationshavealwaysrequiredsignificantenergyinputsHowevernewtechnologiesandstrategiesareconstantlybeingdevelopedforenergyefficient ITserviceandoperations TheOCIOiscommittedtoidentifyingandleveragingnewtechnologyandtechniquestoensurethatITisasignificantcontributortothereductionofenergyconsumptionDepartment-wideTheOCIOispursuingactivitiestoimplementsoundITenergymanagementpracticesthatwillresultinreducedairconditioningcostsandsubstantialenergysavings
ESSENTIALACTIONS Promoteenergyconservationandpaperwastereductionbyraisingawarenessofpreferredalternativessuchassharedprintersandduplexprintingandtheuseofworkplacemulti-functiondevices
Reduce(metered)electricityconsumptiontoreflectofficeanddesktoppowermanagement ImproveDepartment-widepowermanagementofdesktopcomputersprintersetc IdentifyimproveddatacenterandspaceplanningthroughtheEnergySavingscontractandpublic-privatepartnerships
TaRGETED OuTCOME
ReducedDepartment-wideenergyconsumptionandintensitybyFY2015nolessthan30onaverageacrosstheentireDepartmentrelativetotheDepartmentrsquosenergyuseinFY2003
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 15of25
strategicgoals
33 Strategic Goal 3
Provide Departmental IT governance policy and oversight processes to ensure secure efficient and cost-effective use of IT resources
TheOCIOprovidesleadershipandcoordinationforDepartmentalITmanagementthrougheffectiveITgovernanceprovisioning of IT policy and the implementation of IT oversight processes related to enterprise architecture ITinvestmentmanagementandothercrosscuttingITfunctionsBypartneringwithDOEProgramsingovernanceandoversightprocessestheOCIOensuresthatITservicesandassetsremainalignedwithmissionneeds
Objective1ImplementandinstitutionalizeareformedintegratedinformationtechnologymanagementgovernanceprocessthattreatsMampOsdistinctivelydifferentthantruefederalentitiesTheOCIO is actively redesigning ITgovernancearound its strategicgoals andobjectivesanddoingawaywith thedisparateITgovernancemechanisms thatareoftenuncoordinatedand result inpoormanagement TheOCIO is rethinking itscurrentgovernancestructureandwill refocusandcoordinategovernancegroups toensureappropriateparticipationownershipandaccountability
ESSENTIALACTIONS ReviewandaddressITissuesusingtheappropriategovernancegroups IntegrateandalignexistinggovernancegroupsincludingtheInformationManagementGovernanceCouncilInformationTechnologyCouncilandassociatedworkinggroups
TaRGETED OuTCOME
Establishmentofcoordinatedgovernancegroupsandprocesseswithappropriateauthoritiesrolesandresponsibilities
16of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2EstablishandimplementrobustDepartmentalpolicyonITissues andappropriateIToversightprocessesAsadecentralizedDepartmentindividualProgramsandsitesacrosstheDOEcomplexperformtheacquisitionandmanagementofITresourcesTheOCIOisresponsibleforestablishingpolicyandstandardsandoverseeingDepartmentalITmanagementtotheappropriatedegreenecessarytoensureconsistencyinteroperabilityandsecurityImplementing IToversightprocessesensures that theDepartmentrsquosportfolioof IT investments fully addressDOErsquosbusinessneedsandstrategiesTheOCIOhassuccessfullyimplementedTechStataface-to-faceevidence-basedaccountabilityreviewofanITinvestmentresultinginconcreteactionstoevaluateITinvestmentsandtoaddressweaknessesandturnaroundtroubledinvestmentsTechStatisvitaltotheDepartmentrsquosabilitytoimproveline-of-sightbetweenteamsandseniormanagementandfacilitates closermanagement of IT project progresswith the ability to identify and address performance issues before theybecomecostlytofix
ESSENTIALACTIONS ReviewandupdateITpolicyandguidancetoaddresschangesinrequirements Identifyandaddressrequirementsfornewpolicyandguidanceinatimelymanner IdentifyHeadquarterandFieldinvestmentstobeincludedintheTechStatReviews ConductTechStatreviewsregularlyattheHeadquarterandProgramlevels MapOCIOpolicytointernalandexternalrequirements AddressgapstoensurethatasoundframeworkforITmanagementisestablished
TaRGETED OuTCOMES
Maintainedcompletedandup-to-datepolicyandguidanceonITacquisitionandmanagement EstablishedappropriateIToversightprocesses
IncreasedprecisionofongoingmeasurementofITinvestmenthealth Improvedaccountabilitywithfocusonconcreteactionstoimproveperformance
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 17of25
strategicgoals
Objective3RevitalizetherecordsmanagementprogramtoraisegeneralawarenessanddevelopplansTheDepartmenthasarenewedandreinvigoratedemphasisoncomprehensivefederalrecordsmanagementatDOEInaneraofrapidlychangingtechnologyrecordsarebeingcreatedandstoredinawidevarietyofformatsandmediaTraditionalprocessesofrecordsmanagementmustbeupdatedtoaddressthischangingenvironmentTheSecretaryofEnergyandtheDepartmentarededicatedtohavingacomprehensiverecordsmanagementprogramwherebythesystematiccontrolofthecreationmaintenancestorageanddispositionoffederalrecordsareensuredthroughtheestablishmentof andadherence to standardizedpoliciesprocesses and the trainingof federal staff andcontractors TheOCIOprovidesDepartmentalleadershipandcoordinationofthiseffort
ESSENTIALACTIONS DevelopaDepartmentRecordsManagementTacticalPlan Developarecordsinventoryanddispositionschedulelifecyclemanagementplan DevelopanddeployaDepartmentRecordsManagementTrainingcurriculum ProviderecommendationsfordocumentmanagementsystemsandRMAsystemscurrentlyavailable
TaRGETED OuTCOMES
EnsureduniformcompliancewithrecordsmanagementlawsandpracticesthroughDepartmentalrecordsmanagementgovernance UpdatedRecordsManagementpolicyviaanimprovedDOEOrder2431(B)thataddressespreviousshortcomingswithregardstorecordsmanagementandvitalrecordsgovernancemanagementandtraining
Developedcomprehensive(required)recordsmanagementtrainingthatensuresallDOEemployeesandcontractorsunderstandrecordmanagementrequirements ImplementRecordsManagementApplications(RMA) toensurethecontrolandmanagementofallldquopermanentrdquoandldquonon-permanentrdquorecordsacrosstheDepartmentincludinge-mail
Objective4EstablishstrongcooperativeinternalandexternalpartnershipsthatleadtoeffectiveinformationsharingandamutuallysupportiverelationshiptoachievingtheDOEmissionandapplicablefederalgoalsTheOCIOexercisesleadershipwithinandoutsidetheDepartmentthroughpartnershipsinsupportofAgencyandFederal-wideinitiativesSuchmutuallysupportivepartnershipsfostertrustandcommunicationandleadtotheidentificationofITmanagementbestpractices
ESSENTIALACTIONS EstablishmutuallysupportiverelationshipswithDOEProgramOfficesfunctionalmanagersandMampOCIOs Establishmutuallysupportiverelationshipswithotherfederalagencies
TaRGETED OuTCOMES
OCIOisarecognizedbusinesspartnerofDOEProgramOfficesfunctionalmanagersandMampOCIOs
ImprovedmanagementoffederalandprivatesectorpartnerinitiativessuchascloudcomputingIPv6andtheFederalRiskAuthorizationandManagementProgram(FedRAMP)
18of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
34 Strategic Goal 4
Strengthen Enterprise Situational Awareness to Foster Near-Real-Time Risk Management and Combat the Advanced Persistent Threat
Forge Interagency and Sector Partnerships to Protect Critical Infrastructure Promote Information Sharing and Advance Technologies for Cyber Defenses
TheDepartmentrsquosstrategicpathforwardforcybersecurityalignswithAdministrationprioritieswhichincludedeliveringsector-focusedcybersecuritysolutionstotheDefenseIndustrialBase(DIB)andprovidingleadershipintheexecutionoftheComprehensiveNationalCyberSecurityInitiative(CNCI)
We know that to achieve itsmissions DOEmust be forward-focused in defending its diverse infrastructure andbroadrangeofinformationassetsIncollaborationwithourNationalLaboratoriesandinter-agencypartnersweareleadingthetechnologicaladvancesnecessarytosecureoureconomicfutureanddefendGovernmentandcriticalinfrastructurefromincreasinglysophisticatedcyberattacks
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 19of25
strategicgoals
Objective1Implementaproactivecyberriskmanagementprogramthatensuresappropriateandcost-effectivesecuritytoenablemissionsandmeetlegalOMBandregulatoryrequirementsTheOCIOisleadingthedevelopmentoftheDepartmentrsquosRiskManagementApproach(RMA)fortheDepartmentrsquosCyberSecurityProgram(CSP)Thisapproachinstitutionalizesmission-focusedriskmanagementandlinemanagementaccountabilityforensuringappropriateprotectionofDOEinformationandinformationsystemsTheRMAandtheCSPrepresentanextensivecollaborativeeffortthatexemplifiestheDepartmentrsquosStrategicGoaltoldquoEstablishanoperationalandadaptableframeworkthatcombinesthebestwisdomofallDepartmentstakeholderstomaximizemissionsuccessrdquoTheRMAimplementsthefourcomponentsofriskmanagement(framingassessingrespondingandmonitoring)atallDOEorganizationlevelsTheOCIOpartnerswiththeOfficeofIntelligenceandCounterintelligence(IN)andtheIntelligenceCommunitytosharecriticalthreatinformationwiththeFederalcommunityacrosssecuritydomainsandrapidlyinformDOEprogramriskmanagementdecisionstoprotectagencyassetsTheOCIOwillcontinuetoexpandtheseeffortswhileleveragingadvancedresearchanddevelopmentcapabilitiestomitigatethefullspectrumofthreatsTheRMAdefinesgovernanceandprocessesfor assessingthreatsanalyzingrisksandsharingriskinformationthroughthecorporateriskexecutive informingrisk-baseddecisionsthatconsidermissionassuranceandcost-effectiveriskmitigationstrategiesprovidingtheappropriatebenefitfromavailablecybersecurityresourcesfirst
conveyingassuranceandconductingoversightand ensuringconsistencywithguidelinesfromtheNationalInstituteofStandardsandTechnology(NIST)andCommitteeonNationalSecuritySystems(CNSS)cyberrequirementsprocessesandprotections
TheRMAwillimplementautomatedenterpriseGovernanceRiskandCompliance(eGRC)capabilitiestoimprovedatacollectionaggregationand reportingThiseffortwill reducecosts re-direct resourcesandmanagement focus towardsoperationsandimproveOCIOcustomerservice
ESSENTIALACTIONS IdentifyanddocumentexistingRMAcapabilitiesincludingContractorAssuranceSystemssolutionsthatcouldbeleveragedinthetargetEnterprisecapability
FinalizeRMAmanagementplantoprograminputsfromSeniorDOEManagement ConductanddocumentRMAmaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimprovedRiskManagementdecisionsupport
TaRGETED OuTCOMES
Increasedresourceefficiencyandautomation Improvedsecuritypostureandenterprise situationalawareness
Increasedmissionassurancebetterinformed riskmanagementdecisions
20of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2ImplementacyberincidentmanagementprogramthatenhancessecurityoffederalandMampOnetworksandprovidesenterprise-widecoordinationandresponseThe OCIO is partnering with the NNSA OCIO the NationalLaboratoriesand INtodeveloptheDepartmentrsquosnextgenerationincidentmanagementcapabilityThis initiativeknownastheJointCyberSecurityCoordinationCenter(JC3)willintegrateDepartmentalincidentmanagementcapabilitiesintoacoordinatedresponseentitytoprovidefrontlinecyberdefenseandDepartment-levelsituationalawareness JC3 will strengthen DOErsquos role as a leader in thenational-level cybersecurity community through the timely sharingof DOE-derived cyber threat information with other agenciesJC3 will facilitate the aggregation correlation and deconflictionof inputs fromDepartment-wide sensor networks and other datasourcesprovidescomputer forensicanalysisandconductattacktrending tracking and mitigation of Advanced Persistent ThreatJC3 will coordinate incident management activities (Fxhibit 1)includingpreventiondetectioncontainmentandrecoveryforDOEElementsandcoordinatecommunicationsonbehalfoftheagencyfor cybersecurity events and emergency responsewithUS-CERTandagencypartners
ESSENTIALACTIONS IdentifyanddocumentexistingDOEIncidentManagementcapabilitiesincludingMampO-sponsoredsolutionsthatcouldbeleveragedintheJC3
DevelopJC3governancemodeltoincludeviableout-yearfundingmodel FinalizeprogrammanagementimplementationplanincludeplanforcoordinationofManagementExecutiveCouncil-DOECyberResearchandDevelopment(RampD)AdvanceTechnologiesinitiative
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimproveddecisionsupport
TaRGETED OuTCOMES
DocumentedenterprisebaselineofrequirementsmapexistingcapabilitiesincludingNationalLaboratoriesrsquoresourcesandexpertise ImprovedDOEenterpriseandGovernment-widecoordinationforresponsetosignificantcyberevents andAdvancedPersistentThreat
Improvedenterprise-wideeventmanagementreporting ImprovedleveragingofRampDandadvancedtechnologiestodetectandpreventcyberattacks
Preparationamp Prevention
Recover Era
dicat
e
ContainDet
ect
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
Figure1IncidentManagementLifecycle
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 21of25
strategicgoals
Objective3ImplementanenterprisecontinuousmonitoringstrategytocultivateactionableintelligenceandrapidlyinformmanagementactionOMBandFederalagencieshave increasingly recognized the limitedvalueofpoint-in-timesecurityauthorization for informingriskdecisionsandachievingeffectiveriskmanagementTheOCIOisleadingagencyeffortstodevelopContinuousMonitoring(CM)strategiesthatmoreeffectivelydirectandutilizeresourcesinprotectingagencyassetsThisCMprogramwillleveragetheRMAandshareOCIOeGRCcapabilitiestocultivateactionableintelligenceandenhancedecisionsupportfortheDOEanditsstakeholdersInimplementingtheCMprogramtheOCIOwill Identifyenterprise-levelCMinputsnecessarytobuildenterprisesituationalawarenessandinformriskmanagementdecisionsinnear-realtime(egthreatinformationstakeholdercommunicationflowsmissiondataetc)
Definetheprocessandperiodicityforreviewingandupdatingpoliciesstandardsandprocedurestomaintaincompliancewithcurrentstatutoryandregulatorydrivers
DescribehowCMdatawillbeaggregatedcorrelatedandanalyzedtoproduceactionableintelligenceandinformriskdecisionsincludingreporting
DevelopaCMImplementationPlanthat leveragesexistingresourcesfirst deploysinphasestocapturevaluequickly describesknowledgechainsandvaluepointsfororganization
AssessandmeasureprogrammaturitydevelopprocessesforcontinuousprogramimprovementtoincludeinnovationthroughRampDandadvancedtechnologiesoptimizationandlifecycleintegration
ESSENTIALACTIONS Identifyanddocumentgovernancecompliancerequirementsmodelsandprocessesthatimpactandcontributetocontinuousmonitoring
DevelopenterpriseCMStrategytoincludeincorporationofadvancedtechnologiesandinformationsharingwithinDOEorganizationsandexternallytotheFederalcommunity
ConductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyofCMStrategy
TaRGETED OuTCOMES
Integratedmulti-tiercontinuousmonitoringstrategythataddressesgovernanceenterpriseservicesandsystem-levelimplementation
AutomatedcommonreportingprocessforDOEHeadquartersProgramandSiteOffices InformedriskdecisionsusingcriticaldataflowsthatareidentifiedandincorporatedintoCMplans
22of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopmentNational workforce education and development initiatives such as the National Initiative for Cybersecurity Education (NICE)continue to underscore the critical importanceofwell-trained and capable cybersecurityworkforce to execute theprogramsthat support risk management and enable mission operations The OCIO is leading the enhancement of the Departmentrsquoscybersecurity trainingandworkforcedevelopmentprogram includingpartneringwithDepartmentofDefense to reducecostsbyleveragingtrainingresourcesThiseffortincludesamultiyearmulti-prongedapproachtowarddevelopingandmaintainingatrainingrepositorythatmapstrainingtocriticalcybersecurityrolesandindividualswithsignificantsecurityresponsibilitiesTheprogramiscentrallymanagedthroughtheOCIOandwillprovideafullscopeofadvancedtrainingresourcesandcapabilitiestoassistallDOEElements
ESSENTIALACTIONS DevelopenterpriseCybersecurityTrainingImplementationPlan Establishcommunicationsplantoensurecriticalrolesaremappedtoindividualsindividualtrainingplansareestablishedandcompletionratesaretracked
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyoftrainingprogram
TaRGETED OuTCOMES
Increasedworkforceawarenessandcapability improvedmitigationofinsiderthreat Improvedsecuritypostureandworkforcealignment withmissionpriorities
Identificationofkeycybersecurityroleswithineachorganizationincludingdocumentationofindividuals withsignificantsecurityresponsibility
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 23of25
appendix
Appendix A Strategic Initiatives
IdentityCredentialampAccessManagement(ICAM)This initiative establishes a framework for implementation of a variety ofidentity verification and access management capabilities It addressesrequirements related to HSPD-12 and enhances existing Public KeyInfrastructure (PKI) capabilities These key technologies enable theexchangeoftrustedidentitiesacrossDOEandwithotheragencypartnersHSPD-12 - This investment brings the Department in compliance withHomeland Security Presidential Directive 12 The initiative provides anenterprisestandards-basedauthenticationandauthorizationinfrastructurethatofferssecureseamlessbusinesstransactionsandinformationexchangewithinDOEandacrossmanydisparateagenciesandorganizationsTheprogramwillreduceexistinglogicalandphysicalsecurityvulnerabilitiesandmitigate risks toestablish theprerequisite levelofsecurity forcriticalenterprisebusinessfunctionsBoththetechnologysolutionsandongoingsupport providedby the initiativewill enableDOE to ensure that systemusers are who they claim to be (authentication) allow effective use ofdigitalsignatures(dataintegrityandaccountability)andrestrictaccesstoappropriatelyauthorizedusers(accesscontrol)PKI -ThemissionofPKISupportServicesistoprovideelectronicservicesrelated to authentication confidentiality privacy data integrity and non-repudiationthroughtheuseofdigitalidentitiesdigitalsignaturesandtwo-factorauthenticationtokensTheseservicesareavailabletoallcustomersthathaveavalidbusinessneedtosecureandtransmitsensitiveDepartmentdataandortherequirementtopositivelyidentifythemselvestoDepartmentresources
TaRGETED OuTCOMES ProvideastandardizedDOEIDCardcompliantwithHSPD-12andcapableofsupportingphysicalandlogicalaccessrequirementssuchascryptographicstorageofdigitalcredentialsintegratedstandards-basedbuildingproximitysupportandaprintedformatthatcomplieswithfederalIDcardrequirements EnhanceapublickeyinfrastructuresolutionthatcomplieswithfederalstandardsandsupportsDOErequirementsforconfidentialityintegrityandauthenticity ImplementanIIdentityCredentialandAccessManagementsolutionthatservesasthebasisofacommonsecurityinfrastructurethatcansupportdiversesystems EnsureDOEpublicexternalfacingserversand(web-enabled)servicestouseIPv6bytheendofFY2012
SustainabilityandFederalDataCenterConsolidationInitiativeThis initiative addresses requirements under the Federal Data CenterConsolidation Initiative (FDCCI) anOMB led initiative to consolidate andreducethenumberoffederaldatacentersItalsosupportsDepartmentalenergy reduction and sustainability goals as documented in the DOEStrategicSustainabilityPerformancePlanDatacenterreductiongoalswillbeachievedthroughincreasedefficienciessuchastheuseofvirtualizationconsolidation of requirements and implementation of increased use ofcloudcomputinginfrastructureasaservice
TaRGETED OuTCOMES ReducethenumberofDOEfederaldatacentersby6by2015
PerformanceManagementDashboardsThePerformanceManagementDashboards initiativeworkswithProgramOffices to develop business intelligence systems that inform seniorDOEmanagement about the effectiveness and efficiency of its program andfinancials This initiative also includes the development of Science ampTechnology in Americarsquos Reinvestment Metrics (STAR METRICS) formeasuring the effect of research on innovation competitiveness andscienceWhilethisinitiativeisintheearlystagesthegoalistouseProgramOfficeintelligencesystemstoleveragecontractorassurancesystemsandimprovethetransparencyofMampOcontractorperformance ThiswillprovideDOESenior Management visibility into contractor project performance muchearlierenablingimprovedperformancemanagement
TaRGETED OuTCOMES EstablishDOEintelligencesystemsthatprovidetransparencyandvisibilityintoprogramandfinancialperformance ProvideSeniorDOEManagementtimelyperformanceinformationtosupportdecision-makingviathePerformanceDashboards
24of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
appendix
FinancialAssistanceThe US Department of Energy (DOE) provides a significant amount offinancialassistancetosupportinnovationandprogressforAmericarsquosenergyscientificandnationalsecurityneedsevaluatingthousandsofapplicationseachyearandawardingbillionsofdollarsinfinancialassistanceDuetotheimportanceofDOErsquosinvestmentsandtheimpactofourresearchportfolioinsupportingournationalobjectivesandDOErsquosstrategicplantheDOEDeputySecretaryandOperationsManagementCouncildirectedtheOCIOtoconductanevaluationoffinancialassistancesystemswithinDOEto determine the scope of the opportunity to modernize the underlyingsystemsand services in support of financial assistanceprogramsat theDepartmentCurrentlyDOEreliesonamixofsystemsandprocessestoadministerfinancialassistanceawardsrangingfromin-housetooutsourcedproducts and has no single system or tool tomanageDOErsquos completeinvestmentportfolioAsaresulttheOCIOhasevaluatedfinancialassistancetechnologysolutionstoidentifyanoptimalapproachcontinuingourroleofprovidingtechnologyleadershippromotinginnovationandeffectiveoperationsacrossDOETherecommendationspromoteamoreintegratedenvironmentforcoordinatingexecutive insight into thefinancialassistanceactivitiesat thedepartmentandenablegreatertransparencyIn addition the effort promotes DOErsquos federal leadership initiatives suchas the STAR METRICS program which provides a common empiricalframeworktoidentifyoutcomesofresearchinvestmentsandpromotestheDepartmentrsquoscommitmenttoscienceandinnovation
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)TransitionThe IPv6 Transition initiative ensures DOE infrastructure and applicationlifecyclemanagement is aligned with the technical imperative and OMBdirectiontopreparefederalagenciestouseInternetProtocolVersion6by2014(OMBMemorandum92810)Agencydeadlinesinclude Upgradepublicexternalfacingserversandservices bytheendofFY2012
UpgradeinternalclientapplicationsbytheendofFY2014
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummitsTheOCIOhostsaseriesofsummitsfocusedonadvancedtechnologyandinnovationeffortsacrosstheDepartmentanditspartnerstohighlightwaysinwhichtheseactivitieshelpussucceedinourmissionandcontributetosuccessoftheNationrsquosgoalsandgrandchallengesThiseffortcontinuestheOCIOrsquosroleofpromotinginnovationshowcasingtechnologyleadershipandidentifyingopportunitiestomodernizeservicesandleveragethepowerof itThrough these types of forums opportunities are communicated anddiscussedinanopencollaborativeenvironmentandinitiativesacrossDOEcanbebroughttogethertopromotecollaborationandinformationsharingIndividuallysummitsprovidetopical-baseddiscussionsusecasesandbestpractices thatare linkedtoDOEandtheOCIOrsquoscontinualmodernizationandtechnologyreuseinitiativesandcreategreaterawarenessofthewaysweengageinourmissionOrganizationsparticipate fromacross theDOEenterprise includingotherfederalagenciesaswellaspublicandprivatepartnersandthesediscussionsprovide an opportunity to share stores and success helping identifycommonalitiesaswell asanunderstandingof theuniquecircumstancesencounteredbyindividualmissionsandoffices
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 25of25
appendix
FinancialAssistance
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)Transition
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummits
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
Appendix B List of Acronyms
ARB ArchitectureReviewBoardBRM BusinessReferenceModelCAM CorporateAssetManagementCampA CertificationandAccreditationCFO ChiefFinancialOfficerCIO ChiefInformationOfficerCHRIS CorporateHumanResource
InformationSystemCNCI ComprehensiveNational
CybersecurityInitiativeCNSS CommitteeforNationalSecuritySystemsCOTS CommercialOfftheShelfCPIC CapitalPlanningandInvestmentControlCRB CorporateReviewBudgetDIB DefenseIndustrialBaseDoe Department of energyEA EnterpriseArchitectureEATP EnterpriseArchitectureTransitionPlanEAWG EnterpriseArchitectureWorkingGroupEITS EnergyITServicesESNet EnergyScienceNetworkEVM EarnedValueManagementEWA EnterpriseWideAgreementEWSS Energy-WideStrategicSourcingFDCCI FederalDataCenterConsolidationInitiativeFEA FederalEnterpriseArchitectureFEDRAMP FederalRiskandAuthorization
ManagementProgramFFP FirmFixedPriceFGDC FederalGeographicDataCommitteeFISMA FederalInformationSecurity
ManagementActGLoB GeospatialLineofBusinessGPEA GovernmentPaperworkEliminationActGSA GeneralServicesAdministrationGSP GeospatialScienceProgramHSPD HomelandSecurityPresidentialDirectiveIDEA InnovativeDepartmentofEnergy
E-GovernmentApplicationsICAM IdentityCredentialampAccessManagementICPT IntegratedContractorPurchasingTeamIM InformationManagementI-MANAGE IntegratedManagementNavigationSystemIOAampT InfrastructureOfficeAutomation
andTelecommunicationsIPT IntegratedProjectTeamIPv6 InternetProtocolVersion6IRM InformationResourcesManagementIT InformationTechnologyLOB LineofBusinessMampO ManagementandOperatingNICE NationalInitiativefor
CybersecurityEducationNIST NationalInstituteofStandards
andTechnologyNNSA NationalNuclearSecurityAdministrationOCIO OfficeoftheChiefInformationOfficerOMB OfficeofManagementandBudgetOampM OperationsandMaintenancePKI PublicKeyInfrastructurePOAampM PlanofActionandMilestonesRMA RecordsManagementApplicationSPI SpectrumPolicyInitiativeSSP SharedServiceProviderSTAR ScienceampTechnologyin
AmericarsquosReinvestment
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 15of25
strategicgoals
33 Strategic Goal 3
Provide Departmental IT governance policy and oversight processes to ensure secure efficient and cost-effective use of IT resources
TheOCIOprovidesleadershipandcoordinationforDepartmentalITmanagementthrougheffectiveITgovernanceprovisioning of IT policy and the implementation of IT oversight processes related to enterprise architecture ITinvestmentmanagementandothercrosscuttingITfunctionsBypartneringwithDOEProgramsingovernanceandoversightprocessestheOCIOensuresthatITservicesandassetsremainalignedwithmissionneeds
Objective1ImplementandinstitutionalizeareformedintegratedinformationtechnologymanagementgovernanceprocessthattreatsMampOsdistinctivelydifferentthantruefederalentitiesTheOCIO is actively redesigning ITgovernancearound its strategicgoals andobjectivesanddoingawaywith thedisparateITgovernancemechanisms thatareoftenuncoordinatedand result inpoormanagement TheOCIO is rethinking itscurrentgovernancestructureandwill refocusandcoordinategovernancegroups toensureappropriateparticipationownershipandaccountability
ESSENTIALACTIONS ReviewandaddressITissuesusingtheappropriategovernancegroups IntegrateandalignexistinggovernancegroupsincludingtheInformationManagementGovernanceCouncilInformationTechnologyCouncilandassociatedworkinggroups
TaRGETED OuTCOME
Establishmentofcoordinatedgovernancegroupsandprocesseswithappropriateauthoritiesrolesandresponsibilities
16of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2EstablishandimplementrobustDepartmentalpolicyonITissues andappropriateIToversightprocessesAsadecentralizedDepartmentindividualProgramsandsitesacrosstheDOEcomplexperformtheacquisitionandmanagementofITresourcesTheOCIOisresponsibleforestablishingpolicyandstandardsandoverseeingDepartmentalITmanagementtotheappropriatedegreenecessarytoensureconsistencyinteroperabilityandsecurityImplementing IToversightprocessesensures that theDepartmentrsquosportfolioof IT investments fully addressDOErsquosbusinessneedsandstrategiesTheOCIOhassuccessfullyimplementedTechStataface-to-faceevidence-basedaccountabilityreviewofanITinvestmentresultinginconcreteactionstoevaluateITinvestmentsandtoaddressweaknessesandturnaroundtroubledinvestmentsTechStatisvitaltotheDepartmentrsquosabilitytoimproveline-of-sightbetweenteamsandseniormanagementandfacilitates closermanagement of IT project progresswith the ability to identify and address performance issues before theybecomecostlytofix
ESSENTIALACTIONS ReviewandupdateITpolicyandguidancetoaddresschangesinrequirements Identifyandaddressrequirementsfornewpolicyandguidanceinatimelymanner IdentifyHeadquarterandFieldinvestmentstobeincludedintheTechStatReviews ConductTechStatreviewsregularlyattheHeadquarterandProgramlevels MapOCIOpolicytointernalandexternalrequirements AddressgapstoensurethatasoundframeworkforITmanagementisestablished
TaRGETED OuTCOMES
Maintainedcompletedandup-to-datepolicyandguidanceonITacquisitionandmanagement EstablishedappropriateIToversightprocesses
IncreasedprecisionofongoingmeasurementofITinvestmenthealth Improvedaccountabilitywithfocusonconcreteactionstoimproveperformance
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 17of25
strategicgoals
Objective3RevitalizetherecordsmanagementprogramtoraisegeneralawarenessanddevelopplansTheDepartmenthasarenewedandreinvigoratedemphasisoncomprehensivefederalrecordsmanagementatDOEInaneraofrapidlychangingtechnologyrecordsarebeingcreatedandstoredinawidevarietyofformatsandmediaTraditionalprocessesofrecordsmanagementmustbeupdatedtoaddressthischangingenvironmentTheSecretaryofEnergyandtheDepartmentarededicatedtohavingacomprehensiverecordsmanagementprogramwherebythesystematiccontrolofthecreationmaintenancestorageanddispositionoffederalrecordsareensuredthroughtheestablishmentof andadherence to standardizedpoliciesprocesses and the trainingof federal staff andcontractors TheOCIOprovidesDepartmentalleadershipandcoordinationofthiseffort
ESSENTIALACTIONS DevelopaDepartmentRecordsManagementTacticalPlan Developarecordsinventoryanddispositionschedulelifecyclemanagementplan DevelopanddeployaDepartmentRecordsManagementTrainingcurriculum ProviderecommendationsfordocumentmanagementsystemsandRMAsystemscurrentlyavailable
TaRGETED OuTCOMES
EnsureduniformcompliancewithrecordsmanagementlawsandpracticesthroughDepartmentalrecordsmanagementgovernance UpdatedRecordsManagementpolicyviaanimprovedDOEOrder2431(B)thataddressespreviousshortcomingswithregardstorecordsmanagementandvitalrecordsgovernancemanagementandtraining
Developedcomprehensive(required)recordsmanagementtrainingthatensuresallDOEemployeesandcontractorsunderstandrecordmanagementrequirements ImplementRecordsManagementApplications(RMA) toensurethecontrolandmanagementofallldquopermanentrdquoandldquonon-permanentrdquorecordsacrosstheDepartmentincludinge-mail
Objective4EstablishstrongcooperativeinternalandexternalpartnershipsthatleadtoeffectiveinformationsharingandamutuallysupportiverelationshiptoachievingtheDOEmissionandapplicablefederalgoalsTheOCIOexercisesleadershipwithinandoutsidetheDepartmentthroughpartnershipsinsupportofAgencyandFederal-wideinitiativesSuchmutuallysupportivepartnershipsfostertrustandcommunicationandleadtotheidentificationofITmanagementbestpractices
ESSENTIALACTIONS EstablishmutuallysupportiverelationshipswithDOEProgramOfficesfunctionalmanagersandMampOCIOs Establishmutuallysupportiverelationshipswithotherfederalagencies
TaRGETED OuTCOMES
OCIOisarecognizedbusinesspartnerofDOEProgramOfficesfunctionalmanagersandMampOCIOs
ImprovedmanagementoffederalandprivatesectorpartnerinitiativessuchascloudcomputingIPv6andtheFederalRiskAuthorizationandManagementProgram(FedRAMP)
18of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
34 Strategic Goal 4
Strengthen Enterprise Situational Awareness to Foster Near-Real-Time Risk Management and Combat the Advanced Persistent Threat
Forge Interagency and Sector Partnerships to Protect Critical Infrastructure Promote Information Sharing and Advance Technologies for Cyber Defenses
TheDepartmentrsquosstrategicpathforwardforcybersecurityalignswithAdministrationprioritieswhichincludedeliveringsector-focusedcybersecuritysolutionstotheDefenseIndustrialBase(DIB)andprovidingleadershipintheexecutionoftheComprehensiveNationalCyberSecurityInitiative(CNCI)
We know that to achieve itsmissions DOEmust be forward-focused in defending its diverse infrastructure andbroadrangeofinformationassetsIncollaborationwithourNationalLaboratoriesandinter-agencypartnersweareleadingthetechnologicaladvancesnecessarytosecureoureconomicfutureanddefendGovernmentandcriticalinfrastructurefromincreasinglysophisticatedcyberattacks
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 19of25
strategicgoals
Objective1Implementaproactivecyberriskmanagementprogramthatensuresappropriateandcost-effectivesecuritytoenablemissionsandmeetlegalOMBandregulatoryrequirementsTheOCIOisleadingthedevelopmentoftheDepartmentrsquosRiskManagementApproach(RMA)fortheDepartmentrsquosCyberSecurityProgram(CSP)Thisapproachinstitutionalizesmission-focusedriskmanagementandlinemanagementaccountabilityforensuringappropriateprotectionofDOEinformationandinformationsystemsTheRMAandtheCSPrepresentanextensivecollaborativeeffortthatexemplifiestheDepartmentrsquosStrategicGoaltoldquoEstablishanoperationalandadaptableframeworkthatcombinesthebestwisdomofallDepartmentstakeholderstomaximizemissionsuccessrdquoTheRMAimplementsthefourcomponentsofriskmanagement(framingassessingrespondingandmonitoring)atallDOEorganizationlevelsTheOCIOpartnerswiththeOfficeofIntelligenceandCounterintelligence(IN)andtheIntelligenceCommunitytosharecriticalthreatinformationwiththeFederalcommunityacrosssecuritydomainsandrapidlyinformDOEprogramriskmanagementdecisionstoprotectagencyassetsTheOCIOwillcontinuetoexpandtheseeffortswhileleveragingadvancedresearchanddevelopmentcapabilitiestomitigatethefullspectrumofthreatsTheRMAdefinesgovernanceandprocessesfor assessingthreatsanalyzingrisksandsharingriskinformationthroughthecorporateriskexecutive informingrisk-baseddecisionsthatconsidermissionassuranceandcost-effectiveriskmitigationstrategiesprovidingtheappropriatebenefitfromavailablecybersecurityresourcesfirst
conveyingassuranceandconductingoversightand ensuringconsistencywithguidelinesfromtheNationalInstituteofStandardsandTechnology(NIST)andCommitteeonNationalSecuritySystems(CNSS)cyberrequirementsprocessesandprotections
TheRMAwillimplementautomatedenterpriseGovernanceRiskandCompliance(eGRC)capabilitiestoimprovedatacollectionaggregationand reportingThiseffortwill reducecosts re-direct resourcesandmanagement focus towardsoperationsandimproveOCIOcustomerservice
ESSENTIALACTIONS IdentifyanddocumentexistingRMAcapabilitiesincludingContractorAssuranceSystemssolutionsthatcouldbeleveragedinthetargetEnterprisecapability
FinalizeRMAmanagementplantoprograminputsfromSeniorDOEManagement ConductanddocumentRMAmaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimprovedRiskManagementdecisionsupport
TaRGETED OuTCOMES
Increasedresourceefficiencyandautomation Improvedsecuritypostureandenterprise situationalawareness
Increasedmissionassurancebetterinformed riskmanagementdecisions
20of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2ImplementacyberincidentmanagementprogramthatenhancessecurityoffederalandMampOnetworksandprovidesenterprise-widecoordinationandresponseThe OCIO is partnering with the NNSA OCIO the NationalLaboratoriesand INtodeveloptheDepartmentrsquosnextgenerationincidentmanagementcapabilityThis initiativeknownastheJointCyberSecurityCoordinationCenter(JC3)willintegrateDepartmentalincidentmanagementcapabilitiesintoacoordinatedresponseentitytoprovidefrontlinecyberdefenseandDepartment-levelsituationalawareness JC3 will strengthen DOErsquos role as a leader in thenational-level cybersecurity community through the timely sharingof DOE-derived cyber threat information with other agenciesJC3 will facilitate the aggregation correlation and deconflictionof inputs fromDepartment-wide sensor networks and other datasourcesprovidescomputer forensicanalysisandconductattacktrending tracking and mitigation of Advanced Persistent ThreatJC3 will coordinate incident management activities (Fxhibit 1)includingpreventiondetectioncontainmentandrecoveryforDOEElementsandcoordinatecommunicationsonbehalfoftheagencyfor cybersecurity events and emergency responsewithUS-CERTandagencypartners
ESSENTIALACTIONS IdentifyanddocumentexistingDOEIncidentManagementcapabilitiesincludingMampO-sponsoredsolutionsthatcouldbeleveragedintheJC3
DevelopJC3governancemodeltoincludeviableout-yearfundingmodel FinalizeprogrammanagementimplementationplanincludeplanforcoordinationofManagementExecutiveCouncil-DOECyberResearchandDevelopment(RampD)AdvanceTechnologiesinitiative
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimproveddecisionsupport
TaRGETED OuTCOMES
DocumentedenterprisebaselineofrequirementsmapexistingcapabilitiesincludingNationalLaboratoriesrsquoresourcesandexpertise ImprovedDOEenterpriseandGovernment-widecoordinationforresponsetosignificantcyberevents andAdvancedPersistentThreat
Improvedenterprise-wideeventmanagementreporting ImprovedleveragingofRampDandadvancedtechnologiestodetectandpreventcyberattacks
Preparationamp Prevention
Recover Era
dicat
e
ContainDet
ect
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
Figure1IncidentManagementLifecycle
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 21of25
strategicgoals
Objective3ImplementanenterprisecontinuousmonitoringstrategytocultivateactionableintelligenceandrapidlyinformmanagementactionOMBandFederalagencieshave increasingly recognized the limitedvalueofpoint-in-timesecurityauthorization for informingriskdecisionsandachievingeffectiveriskmanagementTheOCIOisleadingagencyeffortstodevelopContinuousMonitoring(CM)strategiesthatmoreeffectivelydirectandutilizeresourcesinprotectingagencyassetsThisCMprogramwillleveragetheRMAandshareOCIOeGRCcapabilitiestocultivateactionableintelligenceandenhancedecisionsupportfortheDOEanditsstakeholdersInimplementingtheCMprogramtheOCIOwill Identifyenterprise-levelCMinputsnecessarytobuildenterprisesituationalawarenessandinformriskmanagementdecisionsinnear-realtime(egthreatinformationstakeholdercommunicationflowsmissiondataetc)
Definetheprocessandperiodicityforreviewingandupdatingpoliciesstandardsandprocedurestomaintaincompliancewithcurrentstatutoryandregulatorydrivers
DescribehowCMdatawillbeaggregatedcorrelatedandanalyzedtoproduceactionableintelligenceandinformriskdecisionsincludingreporting
DevelopaCMImplementationPlanthat leveragesexistingresourcesfirst deploysinphasestocapturevaluequickly describesknowledgechainsandvaluepointsfororganization
AssessandmeasureprogrammaturitydevelopprocessesforcontinuousprogramimprovementtoincludeinnovationthroughRampDandadvancedtechnologiesoptimizationandlifecycleintegration
ESSENTIALACTIONS Identifyanddocumentgovernancecompliancerequirementsmodelsandprocessesthatimpactandcontributetocontinuousmonitoring
DevelopenterpriseCMStrategytoincludeincorporationofadvancedtechnologiesandinformationsharingwithinDOEorganizationsandexternallytotheFederalcommunity
ConductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyofCMStrategy
TaRGETED OuTCOMES
Integratedmulti-tiercontinuousmonitoringstrategythataddressesgovernanceenterpriseservicesandsystem-levelimplementation
AutomatedcommonreportingprocessforDOEHeadquartersProgramandSiteOffices InformedriskdecisionsusingcriticaldataflowsthatareidentifiedandincorporatedintoCMplans
22of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopmentNational workforce education and development initiatives such as the National Initiative for Cybersecurity Education (NICE)continue to underscore the critical importanceofwell-trained and capable cybersecurityworkforce to execute theprogramsthat support risk management and enable mission operations The OCIO is leading the enhancement of the Departmentrsquoscybersecurity trainingandworkforcedevelopmentprogram includingpartneringwithDepartmentofDefense to reducecostsbyleveragingtrainingresourcesThiseffortincludesamultiyearmulti-prongedapproachtowarddevelopingandmaintainingatrainingrepositorythatmapstrainingtocriticalcybersecurityrolesandindividualswithsignificantsecurityresponsibilitiesTheprogramiscentrallymanagedthroughtheOCIOandwillprovideafullscopeofadvancedtrainingresourcesandcapabilitiestoassistallDOEElements
ESSENTIALACTIONS DevelopenterpriseCybersecurityTrainingImplementationPlan Establishcommunicationsplantoensurecriticalrolesaremappedtoindividualsindividualtrainingplansareestablishedandcompletionratesaretracked
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyoftrainingprogram
TaRGETED OuTCOMES
Increasedworkforceawarenessandcapability improvedmitigationofinsiderthreat Improvedsecuritypostureandworkforcealignment withmissionpriorities
Identificationofkeycybersecurityroleswithineachorganizationincludingdocumentationofindividuals withsignificantsecurityresponsibility
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 23of25
appendix
Appendix A Strategic Initiatives
IdentityCredentialampAccessManagement(ICAM)This initiative establishes a framework for implementation of a variety ofidentity verification and access management capabilities It addressesrequirements related to HSPD-12 and enhances existing Public KeyInfrastructure (PKI) capabilities These key technologies enable theexchangeoftrustedidentitiesacrossDOEandwithotheragencypartnersHSPD-12 - This investment brings the Department in compliance withHomeland Security Presidential Directive 12 The initiative provides anenterprisestandards-basedauthenticationandauthorizationinfrastructurethatofferssecureseamlessbusinesstransactionsandinformationexchangewithinDOEandacrossmanydisparateagenciesandorganizationsTheprogramwillreduceexistinglogicalandphysicalsecurityvulnerabilitiesandmitigate risks toestablish theprerequisite levelofsecurity forcriticalenterprisebusinessfunctionsBoththetechnologysolutionsandongoingsupport providedby the initiativewill enableDOE to ensure that systemusers are who they claim to be (authentication) allow effective use ofdigitalsignatures(dataintegrityandaccountability)andrestrictaccesstoappropriatelyauthorizedusers(accesscontrol)PKI -ThemissionofPKISupportServicesistoprovideelectronicservicesrelated to authentication confidentiality privacy data integrity and non-repudiationthroughtheuseofdigitalidentitiesdigitalsignaturesandtwo-factorauthenticationtokensTheseservicesareavailabletoallcustomersthathaveavalidbusinessneedtosecureandtransmitsensitiveDepartmentdataandortherequirementtopositivelyidentifythemselvestoDepartmentresources
TaRGETED OuTCOMES ProvideastandardizedDOEIDCardcompliantwithHSPD-12andcapableofsupportingphysicalandlogicalaccessrequirementssuchascryptographicstorageofdigitalcredentialsintegratedstandards-basedbuildingproximitysupportandaprintedformatthatcomplieswithfederalIDcardrequirements EnhanceapublickeyinfrastructuresolutionthatcomplieswithfederalstandardsandsupportsDOErequirementsforconfidentialityintegrityandauthenticity ImplementanIIdentityCredentialandAccessManagementsolutionthatservesasthebasisofacommonsecurityinfrastructurethatcansupportdiversesystems EnsureDOEpublicexternalfacingserversand(web-enabled)servicestouseIPv6bytheendofFY2012
SustainabilityandFederalDataCenterConsolidationInitiativeThis initiative addresses requirements under the Federal Data CenterConsolidation Initiative (FDCCI) anOMB led initiative to consolidate andreducethenumberoffederaldatacentersItalsosupportsDepartmentalenergy reduction and sustainability goals as documented in the DOEStrategicSustainabilityPerformancePlanDatacenterreductiongoalswillbeachievedthroughincreasedefficienciessuchastheuseofvirtualizationconsolidation of requirements and implementation of increased use ofcloudcomputinginfrastructureasaservice
TaRGETED OuTCOMES ReducethenumberofDOEfederaldatacentersby6by2015
PerformanceManagementDashboardsThePerformanceManagementDashboards initiativeworkswithProgramOffices to develop business intelligence systems that inform seniorDOEmanagement about the effectiveness and efficiency of its program andfinancials This initiative also includes the development of Science ampTechnology in Americarsquos Reinvestment Metrics (STAR METRICS) formeasuring the effect of research on innovation competitiveness andscienceWhilethisinitiativeisintheearlystagesthegoalistouseProgramOfficeintelligencesystemstoleveragecontractorassurancesystemsandimprovethetransparencyofMampOcontractorperformance ThiswillprovideDOESenior Management visibility into contractor project performance muchearlierenablingimprovedperformancemanagement
TaRGETED OuTCOMES EstablishDOEintelligencesystemsthatprovidetransparencyandvisibilityintoprogramandfinancialperformance ProvideSeniorDOEManagementtimelyperformanceinformationtosupportdecision-makingviathePerformanceDashboards
24of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
appendix
FinancialAssistanceThe US Department of Energy (DOE) provides a significant amount offinancialassistancetosupportinnovationandprogressforAmericarsquosenergyscientificandnationalsecurityneedsevaluatingthousandsofapplicationseachyearandawardingbillionsofdollarsinfinancialassistanceDuetotheimportanceofDOErsquosinvestmentsandtheimpactofourresearchportfolioinsupportingournationalobjectivesandDOErsquosstrategicplantheDOEDeputySecretaryandOperationsManagementCouncildirectedtheOCIOtoconductanevaluationoffinancialassistancesystemswithinDOEto determine the scope of the opportunity to modernize the underlyingsystemsand services in support of financial assistanceprogramsat theDepartmentCurrentlyDOEreliesonamixofsystemsandprocessestoadministerfinancialassistanceawardsrangingfromin-housetooutsourcedproducts and has no single system or tool tomanageDOErsquos completeinvestmentportfolioAsaresulttheOCIOhasevaluatedfinancialassistancetechnologysolutionstoidentifyanoptimalapproachcontinuingourroleofprovidingtechnologyleadershippromotinginnovationandeffectiveoperationsacrossDOETherecommendationspromoteamoreintegratedenvironmentforcoordinatingexecutive insight into thefinancialassistanceactivitiesat thedepartmentandenablegreatertransparencyIn addition the effort promotes DOErsquos federal leadership initiatives suchas the STAR METRICS program which provides a common empiricalframeworktoidentifyoutcomesofresearchinvestmentsandpromotestheDepartmentrsquoscommitmenttoscienceandinnovation
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)TransitionThe IPv6 Transition initiative ensures DOE infrastructure and applicationlifecyclemanagement is aligned with the technical imperative and OMBdirectiontopreparefederalagenciestouseInternetProtocolVersion6by2014(OMBMemorandum92810)Agencydeadlinesinclude Upgradepublicexternalfacingserversandservices bytheendofFY2012
UpgradeinternalclientapplicationsbytheendofFY2014
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummitsTheOCIOhostsaseriesofsummitsfocusedonadvancedtechnologyandinnovationeffortsacrosstheDepartmentanditspartnerstohighlightwaysinwhichtheseactivitieshelpussucceedinourmissionandcontributetosuccessoftheNationrsquosgoalsandgrandchallengesThiseffortcontinuestheOCIOrsquosroleofpromotinginnovationshowcasingtechnologyleadershipandidentifyingopportunitiestomodernizeservicesandleveragethepowerof itThrough these types of forums opportunities are communicated anddiscussedinanopencollaborativeenvironmentandinitiativesacrossDOEcanbebroughttogethertopromotecollaborationandinformationsharingIndividuallysummitsprovidetopical-baseddiscussionsusecasesandbestpractices thatare linkedtoDOEandtheOCIOrsquoscontinualmodernizationandtechnologyreuseinitiativesandcreategreaterawarenessofthewaysweengageinourmissionOrganizationsparticipate fromacross theDOEenterprise includingotherfederalagenciesaswellaspublicandprivatepartnersandthesediscussionsprovide an opportunity to share stores and success helping identifycommonalitiesaswell asanunderstandingof theuniquecircumstancesencounteredbyindividualmissionsandoffices
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 25of25
appendix
FinancialAssistance
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)Transition
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummits
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
Appendix B List of Acronyms
ARB ArchitectureReviewBoardBRM BusinessReferenceModelCAM CorporateAssetManagementCampA CertificationandAccreditationCFO ChiefFinancialOfficerCIO ChiefInformationOfficerCHRIS CorporateHumanResource
InformationSystemCNCI ComprehensiveNational
CybersecurityInitiativeCNSS CommitteeforNationalSecuritySystemsCOTS CommercialOfftheShelfCPIC CapitalPlanningandInvestmentControlCRB CorporateReviewBudgetDIB DefenseIndustrialBaseDoe Department of energyEA EnterpriseArchitectureEATP EnterpriseArchitectureTransitionPlanEAWG EnterpriseArchitectureWorkingGroupEITS EnergyITServicesESNet EnergyScienceNetworkEVM EarnedValueManagementEWA EnterpriseWideAgreementEWSS Energy-WideStrategicSourcingFDCCI FederalDataCenterConsolidationInitiativeFEA FederalEnterpriseArchitectureFEDRAMP FederalRiskandAuthorization
ManagementProgramFFP FirmFixedPriceFGDC FederalGeographicDataCommitteeFISMA FederalInformationSecurity
ManagementActGLoB GeospatialLineofBusinessGPEA GovernmentPaperworkEliminationActGSA GeneralServicesAdministrationGSP GeospatialScienceProgramHSPD HomelandSecurityPresidentialDirectiveIDEA InnovativeDepartmentofEnergy
E-GovernmentApplicationsICAM IdentityCredentialampAccessManagementICPT IntegratedContractorPurchasingTeamIM InformationManagementI-MANAGE IntegratedManagementNavigationSystemIOAampT InfrastructureOfficeAutomation
andTelecommunicationsIPT IntegratedProjectTeamIPv6 InternetProtocolVersion6IRM InformationResourcesManagementIT InformationTechnologyLOB LineofBusinessMampO ManagementandOperatingNICE NationalInitiativefor
CybersecurityEducationNIST NationalInstituteofStandards
andTechnologyNNSA NationalNuclearSecurityAdministrationOCIO OfficeoftheChiefInformationOfficerOMB OfficeofManagementandBudgetOampM OperationsandMaintenancePKI PublicKeyInfrastructurePOAampM PlanofActionandMilestonesRMA RecordsManagementApplicationSPI SpectrumPolicyInitiativeSSP SharedServiceProviderSTAR ScienceampTechnologyin
AmericarsquosReinvestment
16of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2EstablishandimplementrobustDepartmentalpolicyonITissues andappropriateIToversightprocessesAsadecentralizedDepartmentindividualProgramsandsitesacrosstheDOEcomplexperformtheacquisitionandmanagementofITresourcesTheOCIOisresponsibleforestablishingpolicyandstandardsandoverseeingDepartmentalITmanagementtotheappropriatedegreenecessarytoensureconsistencyinteroperabilityandsecurityImplementing IToversightprocessesensures that theDepartmentrsquosportfolioof IT investments fully addressDOErsquosbusinessneedsandstrategiesTheOCIOhassuccessfullyimplementedTechStataface-to-faceevidence-basedaccountabilityreviewofanITinvestmentresultinginconcreteactionstoevaluateITinvestmentsandtoaddressweaknessesandturnaroundtroubledinvestmentsTechStatisvitaltotheDepartmentrsquosabilitytoimproveline-of-sightbetweenteamsandseniormanagementandfacilitates closermanagement of IT project progresswith the ability to identify and address performance issues before theybecomecostlytofix
ESSENTIALACTIONS ReviewandupdateITpolicyandguidancetoaddresschangesinrequirements Identifyandaddressrequirementsfornewpolicyandguidanceinatimelymanner IdentifyHeadquarterandFieldinvestmentstobeincludedintheTechStatReviews ConductTechStatreviewsregularlyattheHeadquarterandProgramlevels MapOCIOpolicytointernalandexternalrequirements AddressgapstoensurethatasoundframeworkforITmanagementisestablished
TaRGETED OuTCOMES
Maintainedcompletedandup-to-datepolicyandguidanceonITacquisitionandmanagement EstablishedappropriateIToversightprocesses
IncreasedprecisionofongoingmeasurementofITinvestmenthealth Improvedaccountabilitywithfocusonconcreteactionstoimproveperformance
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 17of25
strategicgoals
Objective3RevitalizetherecordsmanagementprogramtoraisegeneralawarenessanddevelopplansTheDepartmenthasarenewedandreinvigoratedemphasisoncomprehensivefederalrecordsmanagementatDOEInaneraofrapidlychangingtechnologyrecordsarebeingcreatedandstoredinawidevarietyofformatsandmediaTraditionalprocessesofrecordsmanagementmustbeupdatedtoaddressthischangingenvironmentTheSecretaryofEnergyandtheDepartmentarededicatedtohavingacomprehensiverecordsmanagementprogramwherebythesystematiccontrolofthecreationmaintenancestorageanddispositionoffederalrecordsareensuredthroughtheestablishmentof andadherence to standardizedpoliciesprocesses and the trainingof federal staff andcontractors TheOCIOprovidesDepartmentalleadershipandcoordinationofthiseffort
ESSENTIALACTIONS DevelopaDepartmentRecordsManagementTacticalPlan Developarecordsinventoryanddispositionschedulelifecyclemanagementplan DevelopanddeployaDepartmentRecordsManagementTrainingcurriculum ProviderecommendationsfordocumentmanagementsystemsandRMAsystemscurrentlyavailable
TaRGETED OuTCOMES
EnsureduniformcompliancewithrecordsmanagementlawsandpracticesthroughDepartmentalrecordsmanagementgovernance UpdatedRecordsManagementpolicyviaanimprovedDOEOrder2431(B)thataddressespreviousshortcomingswithregardstorecordsmanagementandvitalrecordsgovernancemanagementandtraining
Developedcomprehensive(required)recordsmanagementtrainingthatensuresallDOEemployeesandcontractorsunderstandrecordmanagementrequirements ImplementRecordsManagementApplications(RMA) toensurethecontrolandmanagementofallldquopermanentrdquoandldquonon-permanentrdquorecordsacrosstheDepartmentincludinge-mail
Objective4EstablishstrongcooperativeinternalandexternalpartnershipsthatleadtoeffectiveinformationsharingandamutuallysupportiverelationshiptoachievingtheDOEmissionandapplicablefederalgoalsTheOCIOexercisesleadershipwithinandoutsidetheDepartmentthroughpartnershipsinsupportofAgencyandFederal-wideinitiativesSuchmutuallysupportivepartnershipsfostertrustandcommunicationandleadtotheidentificationofITmanagementbestpractices
ESSENTIALACTIONS EstablishmutuallysupportiverelationshipswithDOEProgramOfficesfunctionalmanagersandMampOCIOs Establishmutuallysupportiverelationshipswithotherfederalagencies
TaRGETED OuTCOMES
OCIOisarecognizedbusinesspartnerofDOEProgramOfficesfunctionalmanagersandMampOCIOs
ImprovedmanagementoffederalandprivatesectorpartnerinitiativessuchascloudcomputingIPv6andtheFederalRiskAuthorizationandManagementProgram(FedRAMP)
18of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
34 Strategic Goal 4
Strengthen Enterprise Situational Awareness to Foster Near-Real-Time Risk Management and Combat the Advanced Persistent Threat
Forge Interagency and Sector Partnerships to Protect Critical Infrastructure Promote Information Sharing and Advance Technologies for Cyber Defenses
TheDepartmentrsquosstrategicpathforwardforcybersecurityalignswithAdministrationprioritieswhichincludedeliveringsector-focusedcybersecuritysolutionstotheDefenseIndustrialBase(DIB)andprovidingleadershipintheexecutionoftheComprehensiveNationalCyberSecurityInitiative(CNCI)
We know that to achieve itsmissions DOEmust be forward-focused in defending its diverse infrastructure andbroadrangeofinformationassetsIncollaborationwithourNationalLaboratoriesandinter-agencypartnersweareleadingthetechnologicaladvancesnecessarytosecureoureconomicfutureanddefendGovernmentandcriticalinfrastructurefromincreasinglysophisticatedcyberattacks
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 19of25
strategicgoals
Objective1Implementaproactivecyberriskmanagementprogramthatensuresappropriateandcost-effectivesecuritytoenablemissionsandmeetlegalOMBandregulatoryrequirementsTheOCIOisleadingthedevelopmentoftheDepartmentrsquosRiskManagementApproach(RMA)fortheDepartmentrsquosCyberSecurityProgram(CSP)Thisapproachinstitutionalizesmission-focusedriskmanagementandlinemanagementaccountabilityforensuringappropriateprotectionofDOEinformationandinformationsystemsTheRMAandtheCSPrepresentanextensivecollaborativeeffortthatexemplifiestheDepartmentrsquosStrategicGoaltoldquoEstablishanoperationalandadaptableframeworkthatcombinesthebestwisdomofallDepartmentstakeholderstomaximizemissionsuccessrdquoTheRMAimplementsthefourcomponentsofriskmanagement(framingassessingrespondingandmonitoring)atallDOEorganizationlevelsTheOCIOpartnerswiththeOfficeofIntelligenceandCounterintelligence(IN)andtheIntelligenceCommunitytosharecriticalthreatinformationwiththeFederalcommunityacrosssecuritydomainsandrapidlyinformDOEprogramriskmanagementdecisionstoprotectagencyassetsTheOCIOwillcontinuetoexpandtheseeffortswhileleveragingadvancedresearchanddevelopmentcapabilitiestomitigatethefullspectrumofthreatsTheRMAdefinesgovernanceandprocessesfor assessingthreatsanalyzingrisksandsharingriskinformationthroughthecorporateriskexecutive informingrisk-baseddecisionsthatconsidermissionassuranceandcost-effectiveriskmitigationstrategiesprovidingtheappropriatebenefitfromavailablecybersecurityresourcesfirst
conveyingassuranceandconductingoversightand ensuringconsistencywithguidelinesfromtheNationalInstituteofStandardsandTechnology(NIST)andCommitteeonNationalSecuritySystems(CNSS)cyberrequirementsprocessesandprotections
TheRMAwillimplementautomatedenterpriseGovernanceRiskandCompliance(eGRC)capabilitiestoimprovedatacollectionaggregationand reportingThiseffortwill reducecosts re-direct resourcesandmanagement focus towardsoperationsandimproveOCIOcustomerservice
ESSENTIALACTIONS IdentifyanddocumentexistingRMAcapabilitiesincludingContractorAssuranceSystemssolutionsthatcouldbeleveragedinthetargetEnterprisecapability
FinalizeRMAmanagementplantoprograminputsfromSeniorDOEManagement ConductanddocumentRMAmaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimprovedRiskManagementdecisionsupport
TaRGETED OuTCOMES
Increasedresourceefficiencyandautomation Improvedsecuritypostureandenterprise situationalawareness
Increasedmissionassurancebetterinformed riskmanagementdecisions
20of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2ImplementacyberincidentmanagementprogramthatenhancessecurityoffederalandMampOnetworksandprovidesenterprise-widecoordinationandresponseThe OCIO is partnering with the NNSA OCIO the NationalLaboratoriesand INtodeveloptheDepartmentrsquosnextgenerationincidentmanagementcapabilityThis initiativeknownastheJointCyberSecurityCoordinationCenter(JC3)willintegrateDepartmentalincidentmanagementcapabilitiesintoacoordinatedresponseentitytoprovidefrontlinecyberdefenseandDepartment-levelsituationalawareness JC3 will strengthen DOErsquos role as a leader in thenational-level cybersecurity community through the timely sharingof DOE-derived cyber threat information with other agenciesJC3 will facilitate the aggregation correlation and deconflictionof inputs fromDepartment-wide sensor networks and other datasourcesprovidescomputer forensicanalysisandconductattacktrending tracking and mitigation of Advanced Persistent ThreatJC3 will coordinate incident management activities (Fxhibit 1)includingpreventiondetectioncontainmentandrecoveryforDOEElementsandcoordinatecommunicationsonbehalfoftheagencyfor cybersecurity events and emergency responsewithUS-CERTandagencypartners
ESSENTIALACTIONS IdentifyanddocumentexistingDOEIncidentManagementcapabilitiesincludingMampO-sponsoredsolutionsthatcouldbeleveragedintheJC3
DevelopJC3governancemodeltoincludeviableout-yearfundingmodel FinalizeprogrammanagementimplementationplanincludeplanforcoordinationofManagementExecutiveCouncil-DOECyberResearchandDevelopment(RampD)AdvanceTechnologiesinitiative
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimproveddecisionsupport
TaRGETED OuTCOMES
DocumentedenterprisebaselineofrequirementsmapexistingcapabilitiesincludingNationalLaboratoriesrsquoresourcesandexpertise ImprovedDOEenterpriseandGovernment-widecoordinationforresponsetosignificantcyberevents andAdvancedPersistentThreat
Improvedenterprise-wideeventmanagementreporting ImprovedleveragingofRampDandadvancedtechnologiestodetectandpreventcyberattacks
Preparationamp Prevention
Recover Era
dicat
e
ContainDet
ect
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
Figure1IncidentManagementLifecycle
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 21of25
strategicgoals
Objective3ImplementanenterprisecontinuousmonitoringstrategytocultivateactionableintelligenceandrapidlyinformmanagementactionOMBandFederalagencieshave increasingly recognized the limitedvalueofpoint-in-timesecurityauthorization for informingriskdecisionsandachievingeffectiveriskmanagementTheOCIOisleadingagencyeffortstodevelopContinuousMonitoring(CM)strategiesthatmoreeffectivelydirectandutilizeresourcesinprotectingagencyassetsThisCMprogramwillleveragetheRMAandshareOCIOeGRCcapabilitiestocultivateactionableintelligenceandenhancedecisionsupportfortheDOEanditsstakeholdersInimplementingtheCMprogramtheOCIOwill Identifyenterprise-levelCMinputsnecessarytobuildenterprisesituationalawarenessandinformriskmanagementdecisionsinnear-realtime(egthreatinformationstakeholdercommunicationflowsmissiondataetc)
Definetheprocessandperiodicityforreviewingandupdatingpoliciesstandardsandprocedurestomaintaincompliancewithcurrentstatutoryandregulatorydrivers
DescribehowCMdatawillbeaggregatedcorrelatedandanalyzedtoproduceactionableintelligenceandinformriskdecisionsincludingreporting
DevelopaCMImplementationPlanthat leveragesexistingresourcesfirst deploysinphasestocapturevaluequickly describesknowledgechainsandvaluepointsfororganization
AssessandmeasureprogrammaturitydevelopprocessesforcontinuousprogramimprovementtoincludeinnovationthroughRampDandadvancedtechnologiesoptimizationandlifecycleintegration
ESSENTIALACTIONS Identifyanddocumentgovernancecompliancerequirementsmodelsandprocessesthatimpactandcontributetocontinuousmonitoring
DevelopenterpriseCMStrategytoincludeincorporationofadvancedtechnologiesandinformationsharingwithinDOEorganizationsandexternallytotheFederalcommunity
ConductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyofCMStrategy
TaRGETED OuTCOMES
Integratedmulti-tiercontinuousmonitoringstrategythataddressesgovernanceenterpriseservicesandsystem-levelimplementation
AutomatedcommonreportingprocessforDOEHeadquartersProgramandSiteOffices InformedriskdecisionsusingcriticaldataflowsthatareidentifiedandincorporatedintoCMplans
22of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopmentNational workforce education and development initiatives such as the National Initiative for Cybersecurity Education (NICE)continue to underscore the critical importanceofwell-trained and capable cybersecurityworkforce to execute theprogramsthat support risk management and enable mission operations The OCIO is leading the enhancement of the Departmentrsquoscybersecurity trainingandworkforcedevelopmentprogram includingpartneringwithDepartmentofDefense to reducecostsbyleveragingtrainingresourcesThiseffortincludesamultiyearmulti-prongedapproachtowarddevelopingandmaintainingatrainingrepositorythatmapstrainingtocriticalcybersecurityrolesandindividualswithsignificantsecurityresponsibilitiesTheprogramiscentrallymanagedthroughtheOCIOandwillprovideafullscopeofadvancedtrainingresourcesandcapabilitiestoassistallDOEElements
ESSENTIALACTIONS DevelopenterpriseCybersecurityTrainingImplementationPlan Establishcommunicationsplantoensurecriticalrolesaremappedtoindividualsindividualtrainingplansareestablishedandcompletionratesaretracked
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyoftrainingprogram
TaRGETED OuTCOMES
Increasedworkforceawarenessandcapability improvedmitigationofinsiderthreat Improvedsecuritypostureandworkforcealignment withmissionpriorities
Identificationofkeycybersecurityroleswithineachorganizationincludingdocumentationofindividuals withsignificantsecurityresponsibility
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 23of25
appendix
Appendix A Strategic Initiatives
IdentityCredentialampAccessManagement(ICAM)This initiative establishes a framework for implementation of a variety ofidentity verification and access management capabilities It addressesrequirements related to HSPD-12 and enhances existing Public KeyInfrastructure (PKI) capabilities These key technologies enable theexchangeoftrustedidentitiesacrossDOEandwithotheragencypartnersHSPD-12 - This investment brings the Department in compliance withHomeland Security Presidential Directive 12 The initiative provides anenterprisestandards-basedauthenticationandauthorizationinfrastructurethatofferssecureseamlessbusinesstransactionsandinformationexchangewithinDOEandacrossmanydisparateagenciesandorganizationsTheprogramwillreduceexistinglogicalandphysicalsecurityvulnerabilitiesandmitigate risks toestablish theprerequisite levelofsecurity forcriticalenterprisebusinessfunctionsBoththetechnologysolutionsandongoingsupport providedby the initiativewill enableDOE to ensure that systemusers are who they claim to be (authentication) allow effective use ofdigitalsignatures(dataintegrityandaccountability)andrestrictaccesstoappropriatelyauthorizedusers(accesscontrol)PKI -ThemissionofPKISupportServicesistoprovideelectronicservicesrelated to authentication confidentiality privacy data integrity and non-repudiationthroughtheuseofdigitalidentitiesdigitalsignaturesandtwo-factorauthenticationtokensTheseservicesareavailabletoallcustomersthathaveavalidbusinessneedtosecureandtransmitsensitiveDepartmentdataandortherequirementtopositivelyidentifythemselvestoDepartmentresources
TaRGETED OuTCOMES ProvideastandardizedDOEIDCardcompliantwithHSPD-12andcapableofsupportingphysicalandlogicalaccessrequirementssuchascryptographicstorageofdigitalcredentialsintegratedstandards-basedbuildingproximitysupportandaprintedformatthatcomplieswithfederalIDcardrequirements EnhanceapublickeyinfrastructuresolutionthatcomplieswithfederalstandardsandsupportsDOErequirementsforconfidentialityintegrityandauthenticity ImplementanIIdentityCredentialandAccessManagementsolutionthatservesasthebasisofacommonsecurityinfrastructurethatcansupportdiversesystems EnsureDOEpublicexternalfacingserversand(web-enabled)servicestouseIPv6bytheendofFY2012
SustainabilityandFederalDataCenterConsolidationInitiativeThis initiative addresses requirements under the Federal Data CenterConsolidation Initiative (FDCCI) anOMB led initiative to consolidate andreducethenumberoffederaldatacentersItalsosupportsDepartmentalenergy reduction and sustainability goals as documented in the DOEStrategicSustainabilityPerformancePlanDatacenterreductiongoalswillbeachievedthroughincreasedefficienciessuchastheuseofvirtualizationconsolidation of requirements and implementation of increased use ofcloudcomputinginfrastructureasaservice
TaRGETED OuTCOMES ReducethenumberofDOEfederaldatacentersby6by2015
PerformanceManagementDashboardsThePerformanceManagementDashboards initiativeworkswithProgramOffices to develop business intelligence systems that inform seniorDOEmanagement about the effectiveness and efficiency of its program andfinancials This initiative also includes the development of Science ampTechnology in Americarsquos Reinvestment Metrics (STAR METRICS) formeasuring the effect of research on innovation competitiveness andscienceWhilethisinitiativeisintheearlystagesthegoalistouseProgramOfficeintelligencesystemstoleveragecontractorassurancesystemsandimprovethetransparencyofMampOcontractorperformance ThiswillprovideDOESenior Management visibility into contractor project performance muchearlierenablingimprovedperformancemanagement
TaRGETED OuTCOMES EstablishDOEintelligencesystemsthatprovidetransparencyandvisibilityintoprogramandfinancialperformance ProvideSeniorDOEManagementtimelyperformanceinformationtosupportdecision-makingviathePerformanceDashboards
24of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
appendix
FinancialAssistanceThe US Department of Energy (DOE) provides a significant amount offinancialassistancetosupportinnovationandprogressforAmericarsquosenergyscientificandnationalsecurityneedsevaluatingthousandsofapplicationseachyearandawardingbillionsofdollarsinfinancialassistanceDuetotheimportanceofDOErsquosinvestmentsandtheimpactofourresearchportfolioinsupportingournationalobjectivesandDOErsquosstrategicplantheDOEDeputySecretaryandOperationsManagementCouncildirectedtheOCIOtoconductanevaluationoffinancialassistancesystemswithinDOEto determine the scope of the opportunity to modernize the underlyingsystemsand services in support of financial assistanceprogramsat theDepartmentCurrentlyDOEreliesonamixofsystemsandprocessestoadministerfinancialassistanceawardsrangingfromin-housetooutsourcedproducts and has no single system or tool tomanageDOErsquos completeinvestmentportfolioAsaresulttheOCIOhasevaluatedfinancialassistancetechnologysolutionstoidentifyanoptimalapproachcontinuingourroleofprovidingtechnologyleadershippromotinginnovationandeffectiveoperationsacrossDOETherecommendationspromoteamoreintegratedenvironmentforcoordinatingexecutive insight into thefinancialassistanceactivitiesat thedepartmentandenablegreatertransparencyIn addition the effort promotes DOErsquos federal leadership initiatives suchas the STAR METRICS program which provides a common empiricalframeworktoidentifyoutcomesofresearchinvestmentsandpromotestheDepartmentrsquoscommitmenttoscienceandinnovation
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)TransitionThe IPv6 Transition initiative ensures DOE infrastructure and applicationlifecyclemanagement is aligned with the technical imperative and OMBdirectiontopreparefederalagenciestouseInternetProtocolVersion6by2014(OMBMemorandum92810)Agencydeadlinesinclude Upgradepublicexternalfacingserversandservices bytheendofFY2012
UpgradeinternalclientapplicationsbytheendofFY2014
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummitsTheOCIOhostsaseriesofsummitsfocusedonadvancedtechnologyandinnovationeffortsacrosstheDepartmentanditspartnerstohighlightwaysinwhichtheseactivitieshelpussucceedinourmissionandcontributetosuccessoftheNationrsquosgoalsandgrandchallengesThiseffortcontinuestheOCIOrsquosroleofpromotinginnovationshowcasingtechnologyleadershipandidentifyingopportunitiestomodernizeservicesandleveragethepowerof itThrough these types of forums opportunities are communicated anddiscussedinanopencollaborativeenvironmentandinitiativesacrossDOEcanbebroughttogethertopromotecollaborationandinformationsharingIndividuallysummitsprovidetopical-baseddiscussionsusecasesandbestpractices thatare linkedtoDOEandtheOCIOrsquoscontinualmodernizationandtechnologyreuseinitiativesandcreategreaterawarenessofthewaysweengageinourmissionOrganizationsparticipate fromacross theDOEenterprise includingotherfederalagenciesaswellaspublicandprivatepartnersandthesediscussionsprovide an opportunity to share stores and success helping identifycommonalitiesaswell asanunderstandingof theuniquecircumstancesencounteredbyindividualmissionsandoffices
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 25of25
appendix
FinancialAssistance
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)Transition
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummits
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
Appendix B List of Acronyms
ARB ArchitectureReviewBoardBRM BusinessReferenceModelCAM CorporateAssetManagementCampA CertificationandAccreditationCFO ChiefFinancialOfficerCIO ChiefInformationOfficerCHRIS CorporateHumanResource
InformationSystemCNCI ComprehensiveNational
CybersecurityInitiativeCNSS CommitteeforNationalSecuritySystemsCOTS CommercialOfftheShelfCPIC CapitalPlanningandInvestmentControlCRB CorporateReviewBudgetDIB DefenseIndustrialBaseDoe Department of energyEA EnterpriseArchitectureEATP EnterpriseArchitectureTransitionPlanEAWG EnterpriseArchitectureWorkingGroupEITS EnergyITServicesESNet EnergyScienceNetworkEVM EarnedValueManagementEWA EnterpriseWideAgreementEWSS Energy-WideStrategicSourcingFDCCI FederalDataCenterConsolidationInitiativeFEA FederalEnterpriseArchitectureFEDRAMP FederalRiskandAuthorization
ManagementProgramFFP FirmFixedPriceFGDC FederalGeographicDataCommitteeFISMA FederalInformationSecurity
ManagementActGLoB GeospatialLineofBusinessGPEA GovernmentPaperworkEliminationActGSA GeneralServicesAdministrationGSP GeospatialScienceProgramHSPD HomelandSecurityPresidentialDirectiveIDEA InnovativeDepartmentofEnergy
E-GovernmentApplicationsICAM IdentityCredentialampAccessManagementICPT IntegratedContractorPurchasingTeamIM InformationManagementI-MANAGE IntegratedManagementNavigationSystemIOAampT InfrastructureOfficeAutomation
andTelecommunicationsIPT IntegratedProjectTeamIPv6 InternetProtocolVersion6IRM InformationResourcesManagementIT InformationTechnologyLOB LineofBusinessMampO ManagementandOperatingNICE NationalInitiativefor
CybersecurityEducationNIST NationalInstituteofStandards
andTechnologyNNSA NationalNuclearSecurityAdministrationOCIO OfficeoftheChiefInformationOfficerOMB OfficeofManagementandBudgetOampM OperationsandMaintenancePKI PublicKeyInfrastructurePOAampM PlanofActionandMilestonesRMA RecordsManagementApplicationSPI SpectrumPolicyInitiativeSSP SharedServiceProviderSTAR ScienceampTechnologyin
AmericarsquosReinvestment
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 17of25
strategicgoals
Objective3RevitalizetherecordsmanagementprogramtoraisegeneralawarenessanddevelopplansTheDepartmenthasarenewedandreinvigoratedemphasisoncomprehensivefederalrecordsmanagementatDOEInaneraofrapidlychangingtechnologyrecordsarebeingcreatedandstoredinawidevarietyofformatsandmediaTraditionalprocessesofrecordsmanagementmustbeupdatedtoaddressthischangingenvironmentTheSecretaryofEnergyandtheDepartmentarededicatedtohavingacomprehensiverecordsmanagementprogramwherebythesystematiccontrolofthecreationmaintenancestorageanddispositionoffederalrecordsareensuredthroughtheestablishmentof andadherence to standardizedpoliciesprocesses and the trainingof federal staff andcontractors TheOCIOprovidesDepartmentalleadershipandcoordinationofthiseffort
ESSENTIALACTIONS DevelopaDepartmentRecordsManagementTacticalPlan Developarecordsinventoryanddispositionschedulelifecyclemanagementplan DevelopanddeployaDepartmentRecordsManagementTrainingcurriculum ProviderecommendationsfordocumentmanagementsystemsandRMAsystemscurrentlyavailable
TaRGETED OuTCOMES
EnsureduniformcompliancewithrecordsmanagementlawsandpracticesthroughDepartmentalrecordsmanagementgovernance UpdatedRecordsManagementpolicyviaanimprovedDOEOrder2431(B)thataddressespreviousshortcomingswithregardstorecordsmanagementandvitalrecordsgovernancemanagementandtraining
Developedcomprehensive(required)recordsmanagementtrainingthatensuresallDOEemployeesandcontractorsunderstandrecordmanagementrequirements ImplementRecordsManagementApplications(RMA) toensurethecontrolandmanagementofallldquopermanentrdquoandldquonon-permanentrdquorecordsacrosstheDepartmentincludinge-mail
Objective4EstablishstrongcooperativeinternalandexternalpartnershipsthatleadtoeffectiveinformationsharingandamutuallysupportiverelationshiptoachievingtheDOEmissionandapplicablefederalgoalsTheOCIOexercisesleadershipwithinandoutsidetheDepartmentthroughpartnershipsinsupportofAgencyandFederal-wideinitiativesSuchmutuallysupportivepartnershipsfostertrustandcommunicationandleadtotheidentificationofITmanagementbestpractices
ESSENTIALACTIONS EstablishmutuallysupportiverelationshipswithDOEProgramOfficesfunctionalmanagersandMampOCIOs Establishmutuallysupportiverelationshipswithotherfederalagencies
TaRGETED OuTCOMES
OCIOisarecognizedbusinesspartnerofDOEProgramOfficesfunctionalmanagersandMampOCIOs
ImprovedmanagementoffederalandprivatesectorpartnerinitiativessuchascloudcomputingIPv6andtheFederalRiskAuthorizationandManagementProgram(FedRAMP)
18of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
34 Strategic Goal 4
Strengthen Enterprise Situational Awareness to Foster Near-Real-Time Risk Management and Combat the Advanced Persistent Threat
Forge Interagency and Sector Partnerships to Protect Critical Infrastructure Promote Information Sharing and Advance Technologies for Cyber Defenses
TheDepartmentrsquosstrategicpathforwardforcybersecurityalignswithAdministrationprioritieswhichincludedeliveringsector-focusedcybersecuritysolutionstotheDefenseIndustrialBase(DIB)andprovidingleadershipintheexecutionoftheComprehensiveNationalCyberSecurityInitiative(CNCI)
We know that to achieve itsmissions DOEmust be forward-focused in defending its diverse infrastructure andbroadrangeofinformationassetsIncollaborationwithourNationalLaboratoriesandinter-agencypartnersweareleadingthetechnologicaladvancesnecessarytosecureoureconomicfutureanddefendGovernmentandcriticalinfrastructurefromincreasinglysophisticatedcyberattacks
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 19of25
strategicgoals
Objective1Implementaproactivecyberriskmanagementprogramthatensuresappropriateandcost-effectivesecuritytoenablemissionsandmeetlegalOMBandregulatoryrequirementsTheOCIOisleadingthedevelopmentoftheDepartmentrsquosRiskManagementApproach(RMA)fortheDepartmentrsquosCyberSecurityProgram(CSP)Thisapproachinstitutionalizesmission-focusedriskmanagementandlinemanagementaccountabilityforensuringappropriateprotectionofDOEinformationandinformationsystemsTheRMAandtheCSPrepresentanextensivecollaborativeeffortthatexemplifiestheDepartmentrsquosStrategicGoaltoldquoEstablishanoperationalandadaptableframeworkthatcombinesthebestwisdomofallDepartmentstakeholderstomaximizemissionsuccessrdquoTheRMAimplementsthefourcomponentsofriskmanagement(framingassessingrespondingandmonitoring)atallDOEorganizationlevelsTheOCIOpartnerswiththeOfficeofIntelligenceandCounterintelligence(IN)andtheIntelligenceCommunitytosharecriticalthreatinformationwiththeFederalcommunityacrosssecuritydomainsandrapidlyinformDOEprogramriskmanagementdecisionstoprotectagencyassetsTheOCIOwillcontinuetoexpandtheseeffortswhileleveragingadvancedresearchanddevelopmentcapabilitiestomitigatethefullspectrumofthreatsTheRMAdefinesgovernanceandprocessesfor assessingthreatsanalyzingrisksandsharingriskinformationthroughthecorporateriskexecutive informingrisk-baseddecisionsthatconsidermissionassuranceandcost-effectiveriskmitigationstrategiesprovidingtheappropriatebenefitfromavailablecybersecurityresourcesfirst
conveyingassuranceandconductingoversightand ensuringconsistencywithguidelinesfromtheNationalInstituteofStandardsandTechnology(NIST)andCommitteeonNationalSecuritySystems(CNSS)cyberrequirementsprocessesandprotections
TheRMAwillimplementautomatedenterpriseGovernanceRiskandCompliance(eGRC)capabilitiestoimprovedatacollectionaggregationand reportingThiseffortwill reducecosts re-direct resourcesandmanagement focus towardsoperationsandimproveOCIOcustomerservice
ESSENTIALACTIONS IdentifyanddocumentexistingRMAcapabilitiesincludingContractorAssuranceSystemssolutionsthatcouldbeleveragedinthetargetEnterprisecapability
FinalizeRMAmanagementplantoprograminputsfromSeniorDOEManagement ConductanddocumentRMAmaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimprovedRiskManagementdecisionsupport
TaRGETED OuTCOMES
Increasedresourceefficiencyandautomation Improvedsecuritypostureandenterprise situationalawareness
Increasedmissionassurancebetterinformed riskmanagementdecisions
20of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2ImplementacyberincidentmanagementprogramthatenhancessecurityoffederalandMampOnetworksandprovidesenterprise-widecoordinationandresponseThe OCIO is partnering with the NNSA OCIO the NationalLaboratoriesand INtodeveloptheDepartmentrsquosnextgenerationincidentmanagementcapabilityThis initiativeknownastheJointCyberSecurityCoordinationCenter(JC3)willintegrateDepartmentalincidentmanagementcapabilitiesintoacoordinatedresponseentitytoprovidefrontlinecyberdefenseandDepartment-levelsituationalawareness JC3 will strengthen DOErsquos role as a leader in thenational-level cybersecurity community through the timely sharingof DOE-derived cyber threat information with other agenciesJC3 will facilitate the aggregation correlation and deconflictionof inputs fromDepartment-wide sensor networks and other datasourcesprovidescomputer forensicanalysisandconductattacktrending tracking and mitigation of Advanced Persistent ThreatJC3 will coordinate incident management activities (Fxhibit 1)includingpreventiondetectioncontainmentandrecoveryforDOEElementsandcoordinatecommunicationsonbehalfoftheagencyfor cybersecurity events and emergency responsewithUS-CERTandagencypartners
ESSENTIALACTIONS IdentifyanddocumentexistingDOEIncidentManagementcapabilitiesincludingMampO-sponsoredsolutionsthatcouldbeleveragedintheJC3
DevelopJC3governancemodeltoincludeviableout-yearfundingmodel FinalizeprogrammanagementimplementationplanincludeplanforcoordinationofManagementExecutiveCouncil-DOECyberResearchandDevelopment(RampD)AdvanceTechnologiesinitiative
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimproveddecisionsupport
TaRGETED OuTCOMES
DocumentedenterprisebaselineofrequirementsmapexistingcapabilitiesincludingNationalLaboratoriesrsquoresourcesandexpertise ImprovedDOEenterpriseandGovernment-widecoordinationforresponsetosignificantcyberevents andAdvancedPersistentThreat
Improvedenterprise-wideeventmanagementreporting ImprovedleveragingofRampDandadvancedtechnologiestodetectandpreventcyberattacks
Preparationamp Prevention
Recover Era
dicat
e
ContainDet
ect
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
Figure1IncidentManagementLifecycle
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 21of25
strategicgoals
Objective3ImplementanenterprisecontinuousmonitoringstrategytocultivateactionableintelligenceandrapidlyinformmanagementactionOMBandFederalagencieshave increasingly recognized the limitedvalueofpoint-in-timesecurityauthorization for informingriskdecisionsandachievingeffectiveriskmanagementTheOCIOisleadingagencyeffortstodevelopContinuousMonitoring(CM)strategiesthatmoreeffectivelydirectandutilizeresourcesinprotectingagencyassetsThisCMprogramwillleveragetheRMAandshareOCIOeGRCcapabilitiestocultivateactionableintelligenceandenhancedecisionsupportfortheDOEanditsstakeholdersInimplementingtheCMprogramtheOCIOwill Identifyenterprise-levelCMinputsnecessarytobuildenterprisesituationalawarenessandinformriskmanagementdecisionsinnear-realtime(egthreatinformationstakeholdercommunicationflowsmissiondataetc)
Definetheprocessandperiodicityforreviewingandupdatingpoliciesstandardsandprocedurestomaintaincompliancewithcurrentstatutoryandregulatorydrivers
DescribehowCMdatawillbeaggregatedcorrelatedandanalyzedtoproduceactionableintelligenceandinformriskdecisionsincludingreporting
DevelopaCMImplementationPlanthat leveragesexistingresourcesfirst deploysinphasestocapturevaluequickly describesknowledgechainsandvaluepointsfororganization
AssessandmeasureprogrammaturitydevelopprocessesforcontinuousprogramimprovementtoincludeinnovationthroughRampDandadvancedtechnologiesoptimizationandlifecycleintegration
ESSENTIALACTIONS Identifyanddocumentgovernancecompliancerequirementsmodelsandprocessesthatimpactandcontributetocontinuousmonitoring
DevelopenterpriseCMStrategytoincludeincorporationofadvancedtechnologiesandinformationsharingwithinDOEorganizationsandexternallytotheFederalcommunity
ConductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyofCMStrategy
TaRGETED OuTCOMES
Integratedmulti-tiercontinuousmonitoringstrategythataddressesgovernanceenterpriseservicesandsystem-levelimplementation
AutomatedcommonreportingprocessforDOEHeadquartersProgramandSiteOffices InformedriskdecisionsusingcriticaldataflowsthatareidentifiedandincorporatedintoCMplans
22of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopmentNational workforce education and development initiatives such as the National Initiative for Cybersecurity Education (NICE)continue to underscore the critical importanceofwell-trained and capable cybersecurityworkforce to execute theprogramsthat support risk management and enable mission operations The OCIO is leading the enhancement of the Departmentrsquoscybersecurity trainingandworkforcedevelopmentprogram includingpartneringwithDepartmentofDefense to reducecostsbyleveragingtrainingresourcesThiseffortincludesamultiyearmulti-prongedapproachtowarddevelopingandmaintainingatrainingrepositorythatmapstrainingtocriticalcybersecurityrolesandindividualswithsignificantsecurityresponsibilitiesTheprogramiscentrallymanagedthroughtheOCIOandwillprovideafullscopeofadvancedtrainingresourcesandcapabilitiestoassistallDOEElements
ESSENTIALACTIONS DevelopenterpriseCybersecurityTrainingImplementationPlan Establishcommunicationsplantoensurecriticalrolesaremappedtoindividualsindividualtrainingplansareestablishedandcompletionratesaretracked
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyoftrainingprogram
TaRGETED OuTCOMES
Increasedworkforceawarenessandcapability improvedmitigationofinsiderthreat Improvedsecuritypostureandworkforcealignment withmissionpriorities
Identificationofkeycybersecurityroleswithineachorganizationincludingdocumentationofindividuals withsignificantsecurityresponsibility
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 23of25
appendix
Appendix A Strategic Initiatives
IdentityCredentialampAccessManagement(ICAM)This initiative establishes a framework for implementation of a variety ofidentity verification and access management capabilities It addressesrequirements related to HSPD-12 and enhances existing Public KeyInfrastructure (PKI) capabilities These key technologies enable theexchangeoftrustedidentitiesacrossDOEandwithotheragencypartnersHSPD-12 - This investment brings the Department in compliance withHomeland Security Presidential Directive 12 The initiative provides anenterprisestandards-basedauthenticationandauthorizationinfrastructurethatofferssecureseamlessbusinesstransactionsandinformationexchangewithinDOEandacrossmanydisparateagenciesandorganizationsTheprogramwillreduceexistinglogicalandphysicalsecurityvulnerabilitiesandmitigate risks toestablish theprerequisite levelofsecurity forcriticalenterprisebusinessfunctionsBoththetechnologysolutionsandongoingsupport providedby the initiativewill enableDOE to ensure that systemusers are who they claim to be (authentication) allow effective use ofdigitalsignatures(dataintegrityandaccountability)andrestrictaccesstoappropriatelyauthorizedusers(accesscontrol)PKI -ThemissionofPKISupportServicesistoprovideelectronicservicesrelated to authentication confidentiality privacy data integrity and non-repudiationthroughtheuseofdigitalidentitiesdigitalsignaturesandtwo-factorauthenticationtokensTheseservicesareavailabletoallcustomersthathaveavalidbusinessneedtosecureandtransmitsensitiveDepartmentdataandortherequirementtopositivelyidentifythemselvestoDepartmentresources
TaRGETED OuTCOMES ProvideastandardizedDOEIDCardcompliantwithHSPD-12andcapableofsupportingphysicalandlogicalaccessrequirementssuchascryptographicstorageofdigitalcredentialsintegratedstandards-basedbuildingproximitysupportandaprintedformatthatcomplieswithfederalIDcardrequirements EnhanceapublickeyinfrastructuresolutionthatcomplieswithfederalstandardsandsupportsDOErequirementsforconfidentialityintegrityandauthenticity ImplementanIIdentityCredentialandAccessManagementsolutionthatservesasthebasisofacommonsecurityinfrastructurethatcansupportdiversesystems EnsureDOEpublicexternalfacingserversand(web-enabled)servicestouseIPv6bytheendofFY2012
SustainabilityandFederalDataCenterConsolidationInitiativeThis initiative addresses requirements under the Federal Data CenterConsolidation Initiative (FDCCI) anOMB led initiative to consolidate andreducethenumberoffederaldatacentersItalsosupportsDepartmentalenergy reduction and sustainability goals as documented in the DOEStrategicSustainabilityPerformancePlanDatacenterreductiongoalswillbeachievedthroughincreasedefficienciessuchastheuseofvirtualizationconsolidation of requirements and implementation of increased use ofcloudcomputinginfrastructureasaservice
TaRGETED OuTCOMES ReducethenumberofDOEfederaldatacentersby6by2015
PerformanceManagementDashboardsThePerformanceManagementDashboards initiativeworkswithProgramOffices to develop business intelligence systems that inform seniorDOEmanagement about the effectiveness and efficiency of its program andfinancials This initiative also includes the development of Science ampTechnology in Americarsquos Reinvestment Metrics (STAR METRICS) formeasuring the effect of research on innovation competitiveness andscienceWhilethisinitiativeisintheearlystagesthegoalistouseProgramOfficeintelligencesystemstoleveragecontractorassurancesystemsandimprovethetransparencyofMampOcontractorperformance ThiswillprovideDOESenior Management visibility into contractor project performance muchearlierenablingimprovedperformancemanagement
TaRGETED OuTCOMES EstablishDOEintelligencesystemsthatprovidetransparencyandvisibilityintoprogramandfinancialperformance ProvideSeniorDOEManagementtimelyperformanceinformationtosupportdecision-makingviathePerformanceDashboards
24of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
appendix
FinancialAssistanceThe US Department of Energy (DOE) provides a significant amount offinancialassistancetosupportinnovationandprogressforAmericarsquosenergyscientificandnationalsecurityneedsevaluatingthousandsofapplicationseachyearandawardingbillionsofdollarsinfinancialassistanceDuetotheimportanceofDOErsquosinvestmentsandtheimpactofourresearchportfolioinsupportingournationalobjectivesandDOErsquosstrategicplantheDOEDeputySecretaryandOperationsManagementCouncildirectedtheOCIOtoconductanevaluationoffinancialassistancesystemswithinDOEto determine the scope of the opportunity to modernize the underlyingsystemsand services in support of financial assistanceprogramsat theDepartmentCurrentlyDOEreliesonamixofsystemsandprocessestoadministerfinancialassistanceawardsrangingfromin-housetooutsourcedproducts and has no single system or tool tomanageDOErsquos completeinvestmentportfolioAsaresulttheOCIOhasevaluatedfinancialassistancetechnologysolutionstoidentifyanoptimalapproachcontinuingourroleofprovidingtechnologyleadershippromotinginnovationandeffectiveoperationsacrossDOETherecommendationspromoteamoreintegratedenvironmentforcoordinatingexecutive insight into thefinancialassistanceactivitiesat thedepartmentandenablegreatertransparencyIn addition the effort promotes DOErsquos federal leadership initiatives suchas the STAR METRICS program which provides a common empiricalframeworktoidentifyoutcomesofresearchinvestmentsandpromotestheDepartmentrsquoscommitmenttoscienceandinnovation
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)TransitionThe IPv6 Transition initiative ensures DOE infrastructure and applicationlifecyclemanagement is aligned with the technical imperative and OMBdirectiontopreparefederalagenciestouseInternetProtocolVersion6by2014(OMBMemorandum92810)Agencydeadlinesinclude Upgradepublicexternalfacingserversandservices bytheendofFY2012
UpgradeinternalclientapplicationsbytheendofFY2014
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummitsTheOCIOhostsaseriesofsummitsfocusedonadvancedtechnologyandinnovationeffortsacrosstheDepartmentanditspartnerstohighlightwaysinwhichtheseactivitieshelpussucceedinourmissionandcontributetosuccessoftheNationrsquosgoalsandgrandchallengesThiseffortcontinuestheOCIOrsquosroleofpromotinginnovationshowcasingtechnologyleadershipandidentifyingopportunitiestomodernizeservicesandleveragethepowerof itThrough these types of forums opportunities are communicated anddiscussedinanopencollaborativeenvironmentandinitiativesacrossDOEcanbebroughttogethertopromotecollaborationandinformationsharingIndividuallysummitsprovidetopical-baseddiscussionsusecasesandbestpractices thatare linkedtoDOEandtheOCIOrsquoscontinualmodernizationandtechnologyreuseinitiativesandcreategreaterawarenessofthewaysweengageinourmissionOrganizationsparticipate fromacross theDOEenterprise includingotherfederalagenciesaswellaspublicandprivatepartnersandthesediscussionsprovide an opportunity to share stores and success helping identifycommonalitiesaswell asanunderstandingof theuniquecircumstancesencounteredbyindividualmissionsandoffices
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 25of25
appendix
FinancialAssistance
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)Transition
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummits
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
Appendix B List of Acronyms
ARB ArchitectureReviewBoardBRM BusinessReferenceModelCAM CorporateAssetManagementCampA CertificationandAccreditationCFO ChiefFinancialOfficerCIO ChiefInformationOfficerCHRIS CorporateHumanResource
InformationSystemCNCI ComprehensiveNational
CybersecurityInitiativeCNSS CommitteeforNationalSecuritySystemsCOTS CommercialOfftheShelfCPIC CapitalPlanningandInvestmentControlCRB CorporateReviewBudgetDIB DefenseIndustrialBaseDoe Department of energyEA EnterpriseArchitectureEATP EnterpriseArchitectureTransitionPlanEAWG EnterpriseArchitectureWorkingGroupEITS EnergyITServicesESNet EnergyScienceNetworkEVM EarnedValueManagementEWA EnterpriseWideAgreementEWSS Energy-WideStrategicSourcingFDCCI FederalDataCenterConsolidationInitiativeFEA FederalEnterpriseArchitectureFEDRAMP FederalRiskandAuthorization
ManagementProgramFFP FirmFixedPriceFGDC FederalGeographicDataCommitteeFISMA FederalInformationSecurity
ManagementActGLoB GeospatialLineofBusinessGPEA GovernmentPaperworkEliminationActGSA GeneralServicesAdministrationGSP GeospatialScienceProgramHSPD HomelandSecurityPresidentialDirectiveIDEA InnovativeDepartmentofEnergy
E-GovernmentApplicationsICAM IdentityCredentialampAccessManagementICPT IntegratedContractorPurchasingTeamIM InformationManagementI-MANAGE IntegratedManagementNavigationSystemIOAampT InfrastructureOfficeAutomation
andTelecommunicationsIPT IntegratedProjectTeamIPv6 InternetProtocolVersion6IRM InformationResourcesManagementIT InformationTechnologyLOB LineofBusinessMampO ManagementandOperatingNICE NationalInitiativefor
CybersecurityEducationNIST NationalInstituteofStandards
andTechnologyNNSA NationalNuclearSecurityAdministrationOCIO OfficeoftheChiefInformationOfficerOMB OfficeofManagementandBudgetOampM OperationsandMaintenancePKI PublicKeyInfrastructurePOAampM PlanofActionandMilestonesRMA RecordsManagementApplicationSPI SpectrumPolicyInitiativeSSP SharedServiceProviderSTAR ScienceampTechnologyin
AmericarsquosReinvestment
18of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
34 Strategic Goal 4
Strengthen Enterprise Situational Awareness to Foster Near-Real-Time Risk Management and Combat the Advanced Persistent Threat
Forge Interagency and Sector Partnerships to Protect Critical Infrastructure Promote Information Sharing and Advance Technologies for Cyber Defenses
TheDepartmentrsquosstrategicpathforwardforcybersecurityalignswithAdministrationprioritieswhichincludedeliveringsector-focusedcybersecuritysolutionstotheDefenseIndustrialBase(DIB)andprovidingleadershipintheexecutionoftheComprehensiveNationalCyberSecurityInitiative(CNCI)
We know that to achieve itsmissions DOEmust be forward-focused in defending its diverse infrastructure andbroadrangeofinformationassetsIncollaborationwithourNationalLaboratoriesandinter-agencypartnersweareleadingthetechnologicaladvancesnecessarytosecureoureconomicfutureanddefendGovernmentandcriticalinfrastructurefromincreasinglysophisticatedcyberattacks
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 19of25
strategicgoals
Objective1Implementaproactivecyberriskmanagementprogramthatensuresappropriateandcost-effectivesecuritytoenablemissionsandmeetlegalOMBandregulatoryrequirementsTheOCIOisleadingthedevelopmentoftheDepartmentrsquosRiskManagementApproach(RMA)fortheDepartmentrsquosCyberSecurityProgram(CSP)Thisapproachinstitutionalizesmission-focusedriskmanagementandlinemanagementaccountabilityforensuringappropriateprotectionofDOEinformationandinformationsystemsTheRMAandtheCSPrepresentanextensivecollaborativeeffortthatexemplifiestheDepartmentrsquosStrategicGoaltoldquoEstablishanoperationalandadaptableframeworkthatcombinesthebestwisdomofallDepartmentstakeholderstomaximizemissionsuccessrdquoTheRMAimplementsthefourcomponentsofriskmanagement(framingassessingrespondingandmonitoring)atallDOEorganizationlevelsTheOCIOpartnerswiththeOfficeofIntelligenceandCounterintelligence(IN)andtheIntelligenceCommunitytosharecriticalthreatinformationwiththeFederalcommunityacrosssecuritydomainsandrapidlyinformDOEprogramriskmanagementdecisionstoprotectagencyassetsTheOCIOwillcontinuetoexpandtheseeffortswhileleveragingadvancedresearchanddevelopmentcapabilitiestomitigatethefullspectrumofthreatsTheRMAdefinesgovernanceandprocessesfor assessingthreatsanalyzingrisksandsharingriskinformationthroughthecorporateriskexecutive informingrisk-baseddecisionsthatconsidermissionassuranceandcost-effectiveriskmitigationstrategiesprovidingtheappropriatebenefitfromavailablecybersecurityresourcesfirst
conveyingassuranceandconductingoversightand ensuringconsistencywithguidelinesfromtheNationalInstituteofStandardsandTechnology(NIST)andCommitteeonNationalSecuritySystems(CNSS)cyberrequirementsprocessesandprotections
TheRMAwillimplementautomatedenterpriseGovernanceRiskandCompliance(eGRC)capabilitiestoimprovedatacollectionaggregationand reportingThiseffortwill reducecosts re-direct resourcesandmanagement focus towardsoperationsandimproveOCIOcustomerservice
ESSENTIALACTIONS IdentifyanddocumentexistingRMAcapabilitiesincludingContractorAssuranceSystemssolutionsthatcouldbeleveragedinthetargetEnterprisecapability
FinalizeRMAmanagementplantoprograminputsfromSeniorDOEManagement ConductanddocumentRMAmaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimprovedRiskManagementdecisionsupport
TaRGETED OuTCOMES
Increasedresourceefficiencyandautomation Improvedsecuritypostureandenterprise situationalawareness
Increasedmissionassurancebetterinformed riskmanagementdecisions
20of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2ImplementacyberincidentmanagementprogramthatenhancessecurityoffederalandMampOnetworksandprovidesenterprise-widecoordinationandresponseThe OCIO is partnering with the NNSA OCIO the NationalLaboratoriesand INtodeveloptheDepartmentrsquosnextgenerationincidentmanagementcapabilityThis initiativeknownastheJointCyberSecurityCoordinationCenter(JC3)willintegrateDepartmentalincidentmanagementcapabilitiesintoacoordinatedresponseentitytoprovidefrontlinecyberdefenseandDepartment-levelsituationalawareness JC3 will strengthen DOErsquos role as a leader in thenational-level cybersecurity community through the timely sharingof DOE-derived cyber threat information with other agenciesJC3 will facilitate the aggregation correlation and deconflictionof inputs fromDepartment-wide sensor networks and other datasourcesprovidescomputer forensicanalysisandconductattacktrending tracking and mitigation of Advanced Persistent ThreatJC3 will coordinate incident management activities (Fxhibit 1)includingpreventiondetectioncontainmentandrecoveryforDOEElementsandcoordinatecommunicationsonbehalfoftheagencyfor cybersecurity events and emergency responsewithUS-CERTandagencypartners
ESSENTIALACTIONS IdentifyanddocumentexistingDOEIncidentManagementcapabilitiesincludingMampO-sponsoredsolutionsthatcouldbeleveragedintheJC3
DevelopJC3governancemodeltoincludeviableout-yearfundingmodel FinalizeprogrammanagementimplementationplanincludeplanforcoordinationofManagementExecutiveCouncil-DOECyberResearchandDevelopment(RampD)AdvanceTechnologiesinitiative
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimproveddecisionsupport
TaRGETED OuTCOMES
DocumentedenterprisebaselineofrequirementsmapexistingcapabilitiesincludingNationalLaboratoriesrsquoresourcesandexpertise ImprovedDOEenterpriseandGovernment-widecoordinationforresponsetosignificantcyberevents andAdvancedPersistentThreat
Improvedenterprise-wideeventmanagementreporting ImprovedleveragingofRampDandadvancedtechnologiestodetectandpreventcyberattacks
Preparationamp Prevention
Recover Era
dicat
e
ContainDet
ect
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
Figure1IncidentManagementLifecycle
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 21of25
strategicgoals
Objective3ImplementanenterprisecontinuousmonitoringstrategytocultivateactionableintelligenceandrapidlyinformmanagementactionOMBandFederalagencieshave increasingly recognized the limitedvalueofpoint-in-timesecurityauthorization for informingriskdecisionsandachievingeffectiveriskmanagementTheOCIOisleadingagencyeffortstodevelopContinuousMonitoring(CM)strategiesthatmoreeffectivelydirectandutilizeresourcesinprotectingagencyassetsThisCMprogramwillleveragetheRMAandshareOCIOeGRCcapabilitiestocultivateactionableintelligenceandenhancedecisionsupportfortheDOEanditsstakeholdersInimplementingtheCMprogramtheOCIOwill Identifyenterprise-levelCMinputsnecessarytobuildenterprisesituationalawarenessandinformriskmanagementdecisionsinnear-realtime(egthreatinformationstakeholdercommunicationflowsmissiondataetc)
Definetheprocessandperiodicityforreviewingandupdatingpoliciesstandardsandprocedurestomaintaincompliancewithcurrentstatutoryandregulatorydrivers
DescribehowCMdatawillbeaggregatedcorrelatedandanalyzedtoproduceactionableintelligenceandinformriskdecisionsincludingreporting
DevelopaCMImplementationPlanthat leveragesexistingresourcesfirst deploysinphasestocapturevaluequickly describesknowledgechainsandvaluepointsfororganization
AssessandmeasureprogrammaturitydevelopprocessesforcontinuousprogramimprovementtoincludeinnovationthroughRampDandadvancedtechnologiesoptimizationandlifecycleintegration
ESSENTIALACTIONS Identifyanddocumentgovernancecompliancerequirementsmodelsandprocessesthatimpactandcontributetocontinuousmonitoring
DevelopenterpriseCMStrategytoincludeincorporationofadvancedtechnologiesandinformationsharingwithinDOEorganizationsandexternallytotheFederalcommunity
ConductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyofCMStrategy
TaRGETED OuTCOMES
Integratedmulti-tiercontinuousmonitoringstrategythataddressesgovernanceenterpriseservicesandsystem-levelimplementation
AutomatedcommonreportingprocessforDOEHeadquartersProgramandSiteOffices InformedriskdecisionsusingcriticaldataflowsthatareidentifiedandincorporatedintoCMplans
22of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopmentNational workforce education and development initiatives such as the National Initiative for Cybersecurity Education (NICE)continue to underscore the critical importanceofwell-trained and capable cybersecurityworkforce to execute theprogramsthat support risk management and enable mission operations The OCIO is leading the enhancement of the Departmentrsquoscybersecurity trainingandworkforcedevelopmentprogram includingpartneringwithDepartmentofDefense to reducecostsbyleveragingtrainingresourcesThiseffortincludesamultiyearmulti-prongedapproachtowarddevelopingandmaintainingatrainingrepositorythatmapstrainingtocriticalcybersecurityrolesandindividualswithsignificantsecurityresponsibilitiesTheprogramiscentrallymanagedthroughtheOCIOandwillprovideafullscopeofadvancedtrainingresourcesandcapabilitiestoassistallDOEElements
ESSENTIALACTIONS DevelopenterpriseCybersecurityTrainingImplementationPlan Establishcommunicationsplantoensurecriticalrolesaremappedtoindividualsindividualtrainingplansareestablishedandcompletionratesaretracked
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyoftrainingprogram
TaRGETED OuTCOMES
Increasedworkforceawarenessandcapability improvedmitigationofinsiderthreat Improvedsecuritypostureandworkforcealignment withmissionpriorities
Identificationofkeycybersecurityroleswithineachorganizationincludingdocumentationofindividuals withsignificantsecurityresponsibility
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 23of25
appendix
Appendix A Strategic Initiatives
IdentityCredentialampAccessManagement(ICAM)This initiative establishes a framework for implementation of a variety ofidentity verification and access management capabilities It addressesrequirements related to HSPD-12 and enhances existing Public KeyInfrastructure (PKI) capabilities These key technologies enable theexchangeoftrustedidentitiesacrossDOEandwithotheragencypartnersHSPD-12 - This investment brings the Department in compliance withHomeland Security Presidential Directive 12 The initiative provides anenterprisestandards-basedauthenticationandauthorizationinfrastructurethatofferssecureseamlessbusinesstransactionsandinformationexchangewithinDOEandacrossmanydisparateagenciesandorganizationsTheprogramwillreduceexistinglogicalandphysicalsecurityvulnerabilitiesandmitigate risks toestablish theprerequisite levelofsecurity forcriticalenterprisebusinessfunctionsBoththetechnologysolutionsandongoingsupport providedby the initiativewill enableDOE to ensure that systemusers are who they claim to be (authentication) allow effective use ofdigitalsignatures(dataintegrityandaccountability)andrestrictaccesstoappropriatelyauthorizedusers(accesscontrol)PKI -ThemissionofPKISupportServicesistoprovideelectronicservicesrelated to authentication confidentiality privacy data integrity and non-repudiationthroughtheuseofdigitalidentitiesdigitalsignaturesandtwo-factorauthenticationtokensTheseservicesareavailabletoallcustomersthathaveavalidbusinessneedtosecureandtransmitsensitiveDepartmentdataandortherequirementtopositivelyidentifythemselvestoDepartmentresources
TaRGETED OuTCOMES ProvideastandardizedDOEIDCardcompliantwithHSPD-12andcapableofsupportingphysicalandlogicalaccessrequirementssuchascryptographicstorageofdigitalcredentialsintegratedstandards-basedbuildingproximitysupportandaprintedformatthatcomplieswithfederalIDcardrequirements EnhanceapublickeyinfrastructuresolutionthatcomplieswithfederalstandardsandsupportsDOErequirementsforconfidentialityintegrityandauthenticity ImplementanIIdentityCredentialandAccessManagementsolutionthatservesasthebasisofacommonsecurityinfrastructurethatcansupportdiversesystems EnsureDOEpublicexternalfacingserversand(web-enabled)servicestouseIPv6bytheendofFY2012
SustainabilityandFederalDataCenterConsolidationInitiativeThis initiative addresses requirements under the Federal Data CenterConsolidation Initiative (FDCCI) anOMB led initiative to consolidate andreducethenumberoffederaldatacentersItalsosupportsDepartmentalenergy reduction and sustainability goals as documented in the DOEStrategicSustainabilityPerformancePlanDatacenterreductiongoalswillbeachievedthroughincreasedefficienciessuchastheuseofvirtualizationconsolidation of requirements and implementation of increased use ofcloudcomputinginfrastructureasaservice
TaRGETED OuTCOMES ReducethenumberofDOEfederaldatacentersby6by2015
PerformanceManagementDashboardsThePerformanceManagementDashboards initiativeworkswithProgramOffices to develop business intelligence systems that inform seniorDOEmanagement about the effectiveness and efficiency of its program andfinancials This initiative also includes the development of Science ampTechnology in Americarsquos Reinvestment Metrics (STAR METRICS) formeasuring the effect of research on innovation competitiveness andscienceWhilethisinitiativeisintheearlystagesthegoalistouseProgramOfficeintelligencesystemstoleveragecontractorassurancesystemsandimprovethetransparencyofMampOcontractorperformance ThiswillprovideDOESenior Management visibility into contractor project performance muchearlierenablingimprovedperformancemanagement
TaRGETED OuTCOMES EstablishDOEintelligencesystemsthatprovidetransparencyandvisibilityintoprogramandfinancialperformance ProvideSeniorDOEManagementtimelyperformanceinformationtosupportdecision-makingviathePerformanceDashboards
24of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
appendix
FinancialAssistanceThe US Department of Energy (DOE) provides a significant amount offinancialassistancetosupportinnovationandprogressforAmericarsquosenergyscientificandnationalsecurityneedsevaluatingthousandsofapplicationseachyearandawardingbillionsofdollarsinfinancialassistanceDuetotheimportanceofDOErsquosinvestmentsandtheimpactofourresearchportfolioinsupportingournationalobjectivesandDOErsquosstrategicplantheDOEDeputySecretaryandOperationsManagementCouncildirectedtheOCIOtoconductanevaluationoffinancialassistancesystemswithinDOEto determine the scope of the opportunity to modernize the underlyingsystemsand services in support of financial assistanceprogramsat theDepartmentCurrentlyDOEreliesonamixofsystemsandprocessestoadministerfinancialassistanceawardsrangingfromin-housetooutsourcedproducts and has no single system or tool tomanageDOErsquos completeinvestmentportfolioAsaresulttheOCIOhasevaluatedfinancialassistancetechnologysolutionstoidentifyanoptimalapproachcontinuingourroleofprovidingtechnologyleadershippromotinginnovationandeffectiveoperationsacrossDOETherecommendationspromoteamoreintegratedenvironmentforcoordinatingexecutive insight into thefinancialassistanceactivitiesat thedepartmentandenablegreatertransparencyIn addition the effort promotes DOErsquos federal leadership initiatives suchas the STAR METRICS program which provides a common empiricalframeworktoidentifyoutcomesofresearchinvestmentsandpromotestheDepartmentrsquoscommitmenttoscienceandinnovation
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)TransitionThe IPv6 Transition initiative ensures DOE infrastructure and applicationlifecyclemanagement is aligned with the technical imperative and OMBdirectiontopreparefederalagenciestouseInternetProtocolVersion6by2014(OMBMemorandum92810)Agencydeadlinesinclude Upgradepublicexternalfacingserversandservices bytheendofFY2012
UpgradeinternalclientapplicationsbytheendofFY2014
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummitsTheOCIOhostsaseriesofsummitsfocusedonadvancedtechnologyandinnovationeffortsacrosstheDepartmentanditspartnerstohighlightwaysinwhichtheseactivitieshelpussucceedinourmissionandcontributetosuccessoftheNationrsquosgoalsandgrandchallengesThiseffortcontinuestheOCIOrsquosroleofpromotinginnovationshowcasingtechnologyleadershipandidentifyingopportunitiestomodernizeservicesandleveragethepowerof itThrough these types of forums opportunities are communicated anddiscussedinanopencollaborativeenvironmentandinitiativesacrossDOEcanbebroughttogethertopromotecollaborationandinformationsharingIndividuallysummitsprovidetopical-baseddiscussionsusecasesandbestpractices thatare linkedtoDOEandtheOCIOrsquoscontinualmodernizationandtechnologyreuseinitiativesandcreategreaterawarenessofthewaysweengageinourmissionOrganizationsparticipate fromacross theDOEenterprise includingotherfederalagenciesaswellaspublicandprivatepartnersandthesediscussionsprovide an opportunity to share stores and success helping identifycommonalitiesaswell asanunderstandingof theuniquecircumstancesencounteredbyindividualmissionsandoffices
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 25of25
appendix
FinancialAssistance
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)Transition
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummits
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
Appendix B List of Acronyms
ARB ArchitectureReviewBoardBRM BusinessReferenceModelCAM CorporateAssetManagementCampA CertificationandAccreditationCFO ChiefFinancialOfficerCIO ChiefInformationOfficerCHRIS CorporateHumanResource
InformationSystemCNCI ComprehensiveNational
CybersecurityInitiativeCNSS CommitteeforNationalSecuritySystemsCOTS CommercialOfftheShelfCPIC CapitalPlanningandInvestmentControlCRB CorporateReviewBudgetDIB DefenseIndustrialBaseDoe Department of energyEA EnterpriseArchitectureEATP EnterpriseArchitectureTransitionPlanEAWG EnterpriseArchitectureWorkingGroupEITS EnergyITServicesESNet EnergyScienceNetworkEVM EarnedValueManagementEWA EnterpriseWideAgreementEWSS Energy-WideStrategicSourcingFDCCI FederalDataCenterConsolidationInitiativeFEA FederalEnterpriseArchitectureFEDRAMP FederalRiskandAuthorization
ManagementProgramFFP FirmFixedPriceFGDC FederalGeographicDataCommitteeFISMA FederalInformationSecurity
ManagementActGLoB GeospatialLineofBusinessGPEA GovernmentPaperworkEliminationActGSA GeneralServicesAdministrationGSP GeospatialScienceProgramHSPD HomelandSecurityPresidentialDirectiveIDEA InnovativeDepartmentofEnergy
E-GovernmentApplicationsICAM IdentityCredentialampAccessManagementICPT IntegratedContractorPurchasingTeamIM InformationManagementI-MANAGE IntegratedManagementNavigationSystemIOAampT InfrastructureOfficeAutomation
andTelecommunicationsIPT IntegratedProjectTeamIPv6 InternetProtocolVersion6IRM InformationResourcesManagementIT InformationTechnologyLOB LineofBusinessMampO ManagementandOperatingNICE NationalInitiativefor
CybersecurityEducationNIST NationalInstituteofStandards
andTechnologyNNSA NationalNuclearSecurityAdministrationOCIO OfficeoftheChiefInformationOfficerOMB OfficeofManagementandBudgetOampM OperationsandMaintenancePKI PublicKeyInfrastructurePOAampM PlanofActionandMilestonesRMA RecordsManagementApplicationSPI SpectrumPolicyInitiativeSSP SharedServiceProviderSTAR ScienceampTechnologyin
AmericarsquosReinvestment
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 19of25
strategicgoals
Objective1Implementaproactivecyberriskmanagementprogramthatensuresappropriateandcost-effectivesecuritytoenablemissionsandmeetlegalOMBandregulatoryrequirementsTheOCIOisleadingthedevelopmentoftheDepartmentrsquosRiskManagementApproach(RMA)fortheDepartmentrsquosCyberSecurityProgram(CSP)Thisapproachinstitutionalizesmission-focusedriskmanagementandlinemanagementaccountabilityforensuringappropriateprotectionofDOEinformationandinformationsystemsTheRMAandtheCSPrepresentanextensivecollaborativeeffortthatexemplifiestheDepartmentrsquosStrategicGoaltoldquoEstablishanoperationalandadaptableframeworkthatcombinesthebestwisdomofallDepartmentstakeholderstomaximizemissionsuccessrdquoTheRMAimplementsthefourcomponentsofriskmanagement(framingassessingrespondingandmonitoring)atallDOEorganizationlevelsTheOCIOpartnerswiththeOfficeofIntelligenceandCounterintelligence(IN)andtheIntelligenceCommunitytosharecriticalthreatinformationwiththeFederalcommunityacrosssecuritydomainsandrapidlyinformDOEprogramriskmanagementdecisionstoprotectagencyassetsTheOCIOwillcontinuetoexpandtheseeffortswhileleveragingadvancedresearchanddevelopmentcapabilitiestomitigatethefullspectrumofthreatsTheRMAdefinesgovernanceandprocessesfor assessingthreatsanalyzingrisksandsharingriskinformationthroughthecorporateriskexecutive informingrisk-baseddecisionsthatconsidermissionassuranceandcost-effectiveriskmitigationstrategiesprovidingtheappropriatebenefitfromavailablecybersecurityresourcesfirst
conveyingassuranceandconductingoversightand ensuringconsistencywithguidelinesfromtheNationalInstituteofStandardsandTechnology(NIST)andCommitteeonNationalSecuritySystems(CNSS)cyberrequirementsprocessesandprotections
TheRMAwillimplementautomatedenterpriseGovernanceRiskandCompliance(eGRC)capabilitiestoimprovedatacollectionaggregationand reportingThiseffortwill reducecosts re-direct resourcesandmanagement focus towardsoperationsandimproveOCIOcustomerservice
ESSENTIALACTIONS IdentifyanddocumentexistingRMAcapabilitiesincludingContractorAssuranceSystemssolutionsthatcouldbeleveragedinthetargetEnterprisecapability
FinalizeRMAmanagementplantoprograminputsfromSeniorDOEManagement ConductanddocumentRMAmaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimprovedRiskManagementdecisionsupport
TaRGETED OuTCOMES
Increasedresourceefficiencyandautomation Improvedsecuritypostureandenterprise situationalawareness
Increasedmissionassurancebetterinformed riskmanagementdecisions
20of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2ImplementacyberincidentmanagementprogramthatenhancessecurityoffederalandMampOnetworksandprovidesenterprise-widecoordinationandresponseThe OCIO is partnering with the NNSA OCIO the NationalLaboratoriesand INtodeveloptheDepartmentrsquosnextgenerationincidentmanagementcapabilityThis initiativeknownastheJointCyberSecurityCoordinationCenter(JC3)willintegrateDepartmentalincidentmanagementcapabilitiesintoacoordinatedresponseentitytoprovidefrontlinecyberdefenseandDepartment-levelsituationalawareness JC3 will strengthen DOErsquos role as a leader in thenational-level cybersecurity community through the timely sharingof DOE-derived cyber threat information with other agenciesJC3 will facilitate the aggregation correlation and deconflictionof inputs fromDepartment-wide sensor networks and other datasourcesprovidescomputer forensicanalysisandconductattacktrending tracking and mitigation of Advanced Persistent ThreatJC3 will coordinate incident management activities (Fxhibit 1)includingpreventiondetectioncontainmentandrecoveryforDOEElementsandcoordinatecommunicationsonbehalfoftheagencyfor cybersecurity events and emergency responsewithUS-CERTandagencypartners
ESSENTIALACTIONS IdentifyanddocumentexistingDOEIncidentManagementcapabilitiesincludingMampO-sponsoredsolutionsthatcouldbeleveragedintheJC3
DevelopJC3governancemodeltoincludeviableout-yearfundingmodel FinalizeprogrammanagementimplementationplanincludeplanforcoordinationofManagementExecutiveCouncil-DOECyberResearchandDevelopment(RampD)AdvanceTechnologiesinitiative
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimproveddecisionsupport
TaRGETED OuTCOMES
DocumentedenterprisebaselineofrequirementsmapexistingcapabilitiesincludingNationalLaboratoriesrsquoresourcesandexpertise ImprovedDOEenterpriseandGovernment-widecoordinationforresponsetosignificantcyberevents andAdvancedPersistentThreat
Improvedenterprise-wideeventmanagementreporting ImprovedleveragingofRampDandadvancedtechnologiestodetectandpreventcyberattacks
Preparationamp Prevention
Recover Era
dicat
e
ContainDet
ect
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
Figure1IncidentManagementLifecycle
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 21of25
strategicgoals
Objective3ImplementanenterprisecontinuousmonitoringstrategytocultivateactionableintelligenceandrapidlyinformmanagementactionOMBandFederalagencieshave increasingly recognized the limitedvalueofpoint-in-timesecurityauthorization for informingriskdecisionsandachievingeffectiveriskmanagementTheOCIOisleadingagencyeffortstodevelopContinuousMonitoring(CM)strategiesthatmoreeffectivelydirectandutilizeresourcesinprotectingagencyassetsThisCMprogramwillleveragetheRMAandshareOCIOeGRCcapabilitiestocultivateactionableintelligenceandenhancedecisionsupportfortheDOEanditsstakeholdersInimplementingtheCMprogramtheOCIOwill Identifyenterprise-levelCMinputsnecessarytobuildenterprisesituationalawarenessandinformriskmanagementdecisionsinnear-realtime(egthreatinformationstakeholdercommunicationflowsmissiondataetc)
Definetheprocessandperiodicityforreviewingandupdatingpoliciesstandardsandprocedurestomaintaincompliancewithcurrentstatutoryandregulatorydrivers
DescribehowCMdatawillbeaggregatedcorrelatedandanalyzedtoproduceactionableintelligenceandinformriskdecisionsincludingreporting
DevelopaCMImplementationPlanthat leveragesexistingresourcesfirst deploysinphasestocapturevaluequickly describesknowledgechainsandvaluepointsfororganization
AssessandmeasureprogrammaturitydevelopprocessesforcontinuousprogramimprovementtoincludeinnovationthroughRampDandadvancedtechnologiesoptimizationandlifecycleintegration
ESSENTIALACTIONS Identifyanddocumentgovernancecompliancerequirementsmodelsandprocessesthatimpactandcontributetocontinuousmonitoring
DevelopenterpriseCMStrategytoincludeincorporationofadvancedtechnologiesandinformationsharingwithinDOEorganizationsandexternallytotheFederalcommunity
ConductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyofCMStrategy
TaRGETED OuTCOMES
Integratedmulti-tiercontinuousmonitoringstrategythataddressesgovernanceenterpriseservicesandsystem-levelimplementation
AutomatedcommonreportingprocessforDOEHeadquartersProgramandSiteOffices InformedriskdecisionsusingcriticaldataflowsthatareidentifiedandincorporatedintoCMplans
22of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopmentNational workforce education and development initiatives such as the National Initiative for Cybersecurity Education (NICE)continue to underscore the critical importanceofwell-trained and capable cybersecurityworkforce to execute theprogramsthat support risk management and enable mission operations The OCIO is leading the enhancement of the Departmentrsquoscybersecurity trainingandworkforcedevelopmentprogram includingpartneringwithDepartmentofDefense to reducecostsbyleveragingtrainingresourcesThiseffortincludesamultiyearmulti-prongedapproachtowarddevelopingandmaintainingatrainingrepositorythatmapstrainingtocriticalcybersecurityrolesandindividualswithsignificantsecurityresponsibilitiesTheprogramiscentrallymanagedthroughtheOCIOandwillprovideafullscopeofadvancedtrainingresourcesandcapabilitiestoassistallDOEElements
ESSENTIALACTIONS DevelopenterpriseCybersecurityTrainingImplementationPlan Establishcommunicationsplantoensurecriticalrolesaremappedtoindividualsindividualtrainingplansareestablishedandcompletionratesaretracked
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyoftrainingprogram
TaRGETED OuTCOMES
Increasedworkforceawarenessandcapability improvedmitigationofinsiderthreat Improvedsecuritypostureandworkforcealignment withmissionpriorities
Identificationofkeycybersecurityroleswithineachorganizationincludingdocumentationofindividuals withsignificantsecurityresponsibility
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 23of25
appendix
Appendix A Strategic Initiatives
IdentityCredentialampAccessManagement(ICAM)This initiative establishes a framework for implementation of a variety ofidentity verification and access management capabilities It addressesrequirements related to HSPD-12 and enhances existing Public KeyInfrastructure (PKI) capabilities These key technologies enable theexchangeoftrustedidentitiesacrossDOEandwithotheragencypartnersHSPD-12 - This investment brings the Department in compliance withHomeland Security Presidential Directive 12 The initiative provides anenterprisestandards-basedauthenticationandauthorizationinfrastructurethatofferssecureseamlessbusinesstransactionsandinformationexchangewithinDOEandacrossmanydisparateagenciesandorganizationsTheprogramwillreduceexistinglogicalandphysicalsecurityvulnerabilitiesandmitigate risks toestablish theprerequisite levelofsecurity forcriticalenterprisebusinessfunctionsBoththetechnologysolutionsandongoingsupport providedby the initiativewill enableDOE to ensure that systemusers are who they claim to be (authentication) allow effective use ofdigitalsignatures(dataintegrityandaccountability)andrestrictaccesstoappropriatelyauthorizedusers(accesscontrol)PKI -ThemissionofPKISupportServicesistoprovideelectronicservicesrelated to authentication confidentiality privacy data integrity and non-repudiationthroughtheuseofdigitalidentitiesdigitalsignaturesandtwo-factorauthenticationtokensTheseservicesareavailabletoallcustomersthathaveavalidbusinessneedtosecureandtransmitsensitiveDepartmentdataandortherequirementtopositivelyidentifythemselvestoDepartmentresources
TaRGETED OuTCOMES ProvideastandardizedDOEIDCardcompliantwithHSPD-12andcapableofsupportingphysicalandlogicalaccessrequirementssuchascryptographicstorageofdigitalcredentialsintegratedstandards-basedbuildingproximitysupportandaprintedformatthatcomplieswithfederalIDcardrequirements EnhanceapublickeyinfrastructuresolutionthatcomplieswithfederalstandardsandsupportsDOErequirementsforconfidentialityintegrityandauthenticity ImplementanIIdentityCredentialandAccessManagementsolutionthatservesasthebasisofacommonsecurityinfrastructurethatcansupportdiversesystems EnsureDOEpublicexternalfacingserversand(web-enabled)servicestouseIPv6bytheendofFY2012
SustainabilityandFederalDataCenterConsolidationInitiativeThis initiative addresses requirements under the Federal Data CenterConsolidation Initiative (FDCCI) anOMB led initiative to consolidate andreducethenumberoffederaldatacentersItalsosupportsDepartmentalenergy reduction and sustainability goals as documented in the DOEStrategicSustainabilityPerformancePlanDatacenterreductiongoalswillbeachievedthroughincreasedefficienciessuchastheuseofvirtualizationconsolidation of requirements and implementation of increased use ofcloudcomputinginfrastructureasaservice
TaRGETED OuTCOMES ReducethenumberofDOEfederaldatacentersby6by2015
PerformanceManagementDashboardsThePerformanceManagementDashboards initiativeworkswithProgramOffices to develop business intelligence systems that inform seniorDOEmanagement about the effectiveness and efficiency of its program andfinancials This initiative also includes the development of Science ampTechnology in Americarsquos Reinvestment Metrics (STAR METRICS) formeasuring the effect of research on innovation competitiveness andscienceWhilethisinitiativeisintheearlystagesthegoalistouseProgramOfficeintelligencesystemstoleveragecontractorassurancesystemsandimprovethetransparencyofMampOcontractorperformance ThiswillprovideDOESenior Management visibility into contractor project performance muchearlierenablingimprovedperformancemanagement
TaRGETED OuTCOMES EstablishDOEintelligencesystemsthatprovidetransparencyandvisibilityintoprogramandfinancialperformance ProvideSeniorDOEManagementtimelyperformanceinformationtosupportdecision-makingviathePerformanceDashboards
24of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
appendix
FinancialAssistanceThe US Department of Energy (DOE) provides a significant amount offinancialassistancetosupportinnovationandprogressforAmericarsquosenergyscientificandnationalsecurityneedsevaluatingthousandsofapplicationseachyearandawardingbillionsofdollarsinfinancialassistanceDuetotheimportanceofDOErsquosinvestmentsandtheimpactofourresearchportfolioinsupportingournationalobjectivesandDOErsquosstrategicplantheDOEDeputySecretaryandOperationsManagementCouncildirectedtheOCIOtoconductanevaluationoffinancialassistancesystemswithinDOEto determine the scope of the opportunity to modernize the underlyingsystemsand services in support of financial assistanceprogramsat theDepartmentCurrentlyDOEreliesonamixofsystemsandprocessestoadministerfinancialassistanceawardsrangingfromin-housetooutsourcedproducts and has no single system or tool tomanageDOErsquos completeinvestmentportfolioAsaresulttheOCIOhasevaluatedfinancialassistancetechnologysolutionstoidentifyanoptimalapproachcontinuingourroleofprovidingtechnologyleadershippromotinginnovationandeffectiveoperationsacrossDOETherecommendationspromoteamoreintegratedenvironmentforcoordinatingexecutive insight into thefinancialassistanceactivitiesat thedepartmentandenablegreatertransparencyIn addition the effort promotes DOErsquos federal leadership initiatives suchas the STAR METRICS program which provides a common empiricalframeworktoidentifyoutcomesofresearchinvestmentsandpromotestheDepartmentrsquoscommitmenttoscienceandinnovation
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)TransitionThe IPv6 Transition initiative ensures DOE infrastructure and applicationlifecyclemanagement is aligned with the technical imperative and OMBdirectiontopreparefederalagenciestouseInternetProtocolVersion6by2014(OMBMemorandum92810)Agencydeadlinesinclude Upgradepublicexternalfacingserversandservices bytheendofFY2012
UpgradeinternalclientapplicationsbytheendofFY2014
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummitsTheOCIOhostsaseriesofsummitsfocusedonadvancedtechnologyandinnovationeffortsacrosstheDepartmentanditspartnerstohighlightwaysinwhichtheseactivitieshelpussucceedinourmissionandcontributetosuccessoftheNationrsquosgoalsandgrandchallengesThiseffortcontinuestheOCIOrsquosroleofpromotinginnovationshowcasingtechnologyleadershipandidentifyingopportunitiestomodernizeservicesandleveragethepowerof itThrough these types of forums opportunities are communicated anddiscussedinanopencollaborativeenvironmentandinitiativesacrossDOEcanbebroughttogethertopromotecollaborationandinformationsharingIndividuallysummitsprovidetopical-baseddiscussionsusecasesandbestpractices thatare linkedtoDOEandtheOCIOrsquoscontinualmodernizationandtechnologyreuseinitiativesandcreategreaterawarenessofthewaysweengageinourmissionOrganizationsparticipate fromacross theDOEenterprise includingotherfederalagenciesaswellaspublicandprivatepartnersandthesediscussionsprovide an opportunity to share stores and success helping identifycommonalitiesaswell asanunderstandingof theuniquecircumstancesencounteredbyindividualmissionsandoffices
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 25of25
appendix
FinancialAssistance
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)Transition
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummits
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
Appendix B List of Acronyms
ARB ArchitectureReviewBoardBRM BusinessReferenceModelCAM CorporateAssetManagementCampA CertificationandAccreditationCFO ChiefFinancialOfficerCIO ChiefInformationOfficerCHRIS CorporateHumanResource
InformationSystemCNCI ComprehensiveNational
CybersecurityInitiativeCNSS CommitteeforNationalSecuritySystemsCOTS CommercialOfftheShelfCPIC CapitalPlanningandInvestmentControlCRB CorporateReviewBudgetDIB DefenseIndustrialBaseDoe Department of energyEA EnterpriseArchitectureEATP EnterpriseArchitectureTransitionPlanEAWG EnterpriseArchitectureWorkingGroupEITS EnergyITServicesESNet EnergyScienceNetworkEVM EarnedValueManagementEWA EnterpriseWideAgreementEWSS Energy-WideStrategicSourcingFDCCI FederalDataCenterConsolidationInitiativeFEA FederalEnterpriseArchitectureFEDRAMP FederalRiskandAuthorization
ManagementProgramFFP FirmFixedPriceFGDC FederalGeographicDataCommitteeFISMA FederalInformationSecurity
ManagementActGLoB GeospatialLineofBusinessGPEA GovernmentPaperworkEliminationActGSA GeneralServicesAdministrationGSP GeospatialScienceProgramHSPD HomelandSecurityPresidentialDirectiveIDEA InnovativeDepartmentofEnergy
E-GovernmentApplicationsICAM IdentityCredentialampAccessManagementICPT IntegratedContractorPurchasingTeamIM InformationManagementI-MANAGE IntegratedManagementNavigationSystemIOAampT InfrastructureOfficeAutomation
andTelecommunicationsIPT IntegratedProjectTeamIPv6 InternetProtocolVersion6IRM InformationResourcesManagementIT InformationTechnologyLOB LineofBusinessMampO ManagementandOperatingNICE NationalInitiativefor
CybersecurityEducationNIST NationalInstituteofStandards
andTechnologyNNSA NationalNuclearSecurityAdministrationOCIO OfficeoftheChiefInformationOfficerOMB OfficeofManagementandBudgetOampM OperationsandMaintenancePKI PublicKeyInfrastructurePOAampM PlanofActionandMilestonesRMA RecordsManagementApplicationSPI SpectrumPolicyInitiativeSSP SharedServiceProviderSTAR ScienceampTechnologyin
AmericarsquosReinvestment
20of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective2ImplementacyberincidentmanagementprogramthatenhancessecurityoffederalandMampOnetworksandprovidesenterprise-widecoordinationandresponseThe OCIO is partnering with the NNSA OCIO the NationalLaboratoriesand INtodeveloptheDepartmentrsquosnextgenerationincidentmanagementcapabilityThis initiativeknownastheJointCyberSecurityCoordinationCenter(JC3)willintegrateDepartmentalincidentmanagementcapabilitiesintoacoordinatedresponseentitytoprovidefrontlinecyberdefenseandDepartment-levelsituationalawareness JC3 will strengthen DOErsquos role as a leader in thenational-level cybersecurity community through the timely sharingof DOE-derived cyber threat information with other agenciesJC3 will facilitate the aggregation correlation and deconflictionof inputs fromDepartment-wide sensor networks and other datasourcesprovidescomputer forensicanalysisandconductattacktrending tracking and mitigation of Advanced Persistent ThreatJC3 will coordinate incident management activities (Fxhibit 1)includingpreventiondetectioncontainmentandrecoveryforDOEElementsandcoordinatecommunicationsonbehalfoftheagencyfor cybersecurity events and emergency responsewithUS-CERTandagencypartners
ESSENTIALACTIONS IdentifyanddocumentexistingDOEIncidentManagementcapabilitiesincludingMampO-sponsoredsolutionsthatcouldbeleveragedintheJC3
DevelopJC3governancemodeltoincludeviableout-yearfundingmodel FinalizeprogrammanagementimplementationplanincludeplanforcoordinationofManagementExecutiveCouncil-DOECyberResearchandDevelopment(RampD)AdvanceTechnologiesinitiative
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateincreasedsituationalawarenessandimproveddecisionsupport
TaRGETED OuTCOMES
DocumentedenterprisebaselineofrequirementsmapexistingcapabilitiesincludingNationalLaboratoriesrsquoresourcesandexpertise ImprovedDOEenterpriseandGovernment-widecoordinationforresponsetosignificantcyberevents andAdvancedPersistentThreat
Improvedenterprise-wideeventmanagementreporting ImprovedleveragingofRampDandadvancedtechnologiestodetectandpreventcyberattacks
Preparationamp Prevention
Recover Era
dicat
e
ContainDet
ect
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
LESSONS
LEARNED
REPORTING
LESSONS
LEARNEDREPORTING
Figure1IncidentManagementLifecycle
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 21of25
strategicgoals
Objective3ImplementanenterprisecontinuousmonitoringstrategytocultivateactionableintelligenceandrapidlyinformmanagementactionOMBandFederalagencieshave increasingly recognized the limitedvalueofpoint-in-timesecurityauthorization for informingriskdecisionsandachievingeffectiveriskmanagementTheOCIOisleadingagencyeffortstodevelopContinuousMonitoring(CM)strategiesthatmoreeffectivelydirectandutilizeresourcesinprotectingagencyassetsThisCMprogramwillleveragetheRMAandshareOCIOeGRCcapabilitiestocultivateactionableintelligenceandenhancedecisionsupportfortheDOEanditsstakeholdersInimplementingtheCMprogramtheOCIOwill Identifyenterprise-levelCMinputsnecessarytobuildenterprisesituationalawarenessandinformriskmanagementdecisionsinnear-realtime(egthreatinformationstakeholdercommunicationflowsmissiondataetc)
Definetheprocessandperiodicityforreviewingandupdatingpoliciesstandardsandprocedurestomaintaincompliancewithcurrentstatutoryandregulatorydrivers
DescribehowCMdatawillbeaggregatedcorrelatedandanalyzedtoproduceactionableintelligenceandinformriskdecisionsincludingreporting
DevelopaCMImplementationPlanthat leveragesexistingresourcesfirst deploysinphasestocapturevaluequickly describesknowledgechainsandvaluepointsfororganization
AssessandmeasureprogrammaturitydevelopprocessesforcontinuousprogramimprovementtoincludeinnovationthroughRampDandadvancedtechnologiesoptimizationandlifecycleintegration
ESSENTIALACTIONS Identifyanddocumentgovernancecompliancerequirementsmodelsandprocessesthatimpactandcontributetocontinuousmonitoring
DevelopenterpriseCMStrategytoincludeincorporationofadvancedtechnologiesandinformationsharingwithinDOEorganizationsandexternallytotheFederalcommunity
ConductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyofCMStrategy
TaRGETED OuTCOMES
Integratedmulti-tiercontinuousmonitoringstrategythataddressesgovernanceenterpriseservicesandsystem-levelimplementation
AutomatedcommonreportingprocessforDOEHeadquartersProgramandSiteOffices InformedriskdecisionsusingcriticaldataflowsthatareidentifiedandincorporatedintoCMplans
22of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopmentNational workforce education and development initiatives such as the National Initiative for Cybersecurity Education (NICE)continue to underscore the critical importanceofwell-trained and capable cybersecurityworkforce to execute theprogramsthat support risk management and enable mission operations The OCIO is leading the enhancement of the Departmentrsquoscybersecurity trainingandworkforcedevelopmentprogram includingpartneringwithDepartmentofDefense to reducecostsbyleveragingtrainingresourcesThiseffortincludesamultiyearmulti-prongedapproachtowarddevelopingandmaintainingatrainingrepositorythatmapstrainingtocriticalcybersecurityrolesandindividualswithsignificantsecurityresponsibilitiesTheprogramiscentrallymanagedthroughtheOCIOandwillprovideafullscopeofadvancedtrainingresourcesandcapabilitiestoassistallDOEElements
ESSENTIALACTIONS DevelopenterpriseCybersecurityTrainingImplementationPlan Establishcommunicationsplantoensurecriticalrolesaremappedtoindividualsindividualtrainingplansareestablishedandcompletionratesaretracked
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyoftrainingprogram
TaRGETED OuTCOMES
Increasedworkforceawarenessandcapability improvedmitigationofinsiderthreat Improvedsecuritypostureandworkforcealignment withmissionpriorities
Identificationofkeycybersecurityroleswithineachorganizationincludingdocumentationofindividuals withsignificantsecurityresponsibility
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 23of25
appendix
Appendix A Strategic Initiatives
IdentityCredentialampAccessManagement(ICAM)This initiative establishes a framework for implementation of a variety ofidentity verification and access management capabilities It addressesrequirements related to HSPD-12 and enhances existing Public KeyInfrastructure (PKI) capabilities These key technologies enable theexchangeoftrustedidentitiesacrossDOEandwithotheragencypartnersHSPD-12 - This investment brings the Department in compliance withHomeland Security Presidential Directive 12 The initiative provides anenterprisestandards-basedauthenticationandauthorizationinfrastructurethatofferssecureseamlessbusinesstransactionsandinformationexchangewithinDOEandacrossmanydisparateagenciesandorganizationsTheprogramwillreduceexistinglogicalandphysicalsecurityvulnerabilitiesandmitigate risks toestablish theprerequisite levelofsecurity forcriticalenterprisebusinessfunctionsBoththetechnologysolutionsandongoingsupport providedby the initiativewill enableDOE to ensure that systemusers are who they claim to be (authentication) allow effective use ofdigitalsignatures(dataintegrityandaccountability)andrestrictaccesstoappropriatelyauthorizedusers(accesscontrol)PKI -ThemissionofPKISupportServicesistoprovideelectronicservicesrelated to authentication confidentiality privacy data integrity and non-repudiationthroughtheuseofdigitalidentitiesdigitalsignaturesandtwo-factorauthenticationtokensTheseservicesareavailabletoallcustomersthathaveavalidbusinessneedtosecureandtransmitsensitiveDepartmentdataandortherequirementtopositivelyidentifythemselvestoDepartmentresources
TaRGETED OuTCOMES ProvideastandardizedDOEIDCardcompliantwithHSPD-12andcapableofsupportingphysicalandlogicalaccessrequirementssuchascryptographicstorageofdigitalcredentialsintegratedstandards-basedbuildingproximitysupportandaprintedformatthatcomplieswithfederalIDcardrequirements EnhanceapublickeyinfrastructuresolutionthatcomplieswithfederalstandardsandsupportsDOErequirementsforconfidentialityintegrityandauthenticity ImplementanIIdentityCredentialandAccessManagementsolutionthatservesasthebasisofacommonsecurityinfrastructurethatcansupportdiversesystems EnsureDOEpublicexternalfacingserversand(web-enabled)servicestouseIPv6bytheendofFY2012
SustainabilityandFederalDataCenterConsolidationInitiativeThis initiative addresses requirements under the Federal Data CenterConsolidation Initiative (FDCCI) anOMB led initiative to consolidate andreducethenumberoffederaldatacentersItalsosupportsDepartmentalenergy reduction and sustainability goals as documented in the DOEStrategicSustainabilityPerformancePlanDatacenterreductiongoalswillbeachievedthroughincreasedefficienciessuchastheuseofvirtualizationconsolidation of requirements and implementation of increased use ofcloudcomputinginfrastructureasaservice
TaRGETED OuTCOMES ReducethenumberofDOEfederaldatacentersby6by2015
PerformanceManagementDashboardsThePerformanceManagementDashboards initiativeworkswithProgramOffices to develop business intelligence systems that inform seniorDOEmanagement about the effectiveness and efficiency of its program andfinancials This initiative also includes the development of Science ampTechnology in Americarsquos Reinvestment Metrics (STAR METRICS) formeasuring the effect of research on innovation competitiveness andscienceWhilethisinitiativeisintheearlystagesthegoalistouseProgramOfficeintelligencesystemstoleveragecontractorassurancesystemsandimprovethetransparencyofMampOcontractorperformance ThiswillprovideDOESenior Management visibility into contractor project performance muchearlierenablingimprovedperformancemanagement
TaRGETED OuTCOMES EstablishDOEintelligencesystemsthatprovidetransparencyandvisibilityintoprogramandfinancialperformance ProvideSeniorDOEManagementtimelyperformanceinformationtosupportdecision-makingviathePerformanceDashboards
24of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
appendix
FinancialAssistanceThe US Department of Energy (DOE) provides a significant amount offinancialassistancetosupportinnovationandprogressforAmericarsquosenergyscientificandnationalsecurityneedsevaluatingthousandsofapplicationseachyearandawardingbillionsofdollarsinfinancialassistanceDuetotheimportanceofDOErsquosinvestmentsandtheimpactofourresearchportfolioinsupportingournationalobjectivesandDOErsquosstrategicplantheDOEDeputySecretaryandOperationsManagementCouncildirectedtheOCIOtoconductanevaluationoffinancialassistancesystemswithinDOEto determine the scope of the opportunity to modernize the underlyingsystemsand services in support of financial assistanceprogramsat theDepartmentCurrentlyDOEreliesonamixofsystemsandprocessestoadministerfinancialassistanceawardsrangingfromin-housetooutsourcedproducts and has no single system or tool tomanageDOErsquos completeinvestmentportfolioAsaresulttheOCIOhasevaluatedfinancialassistancetechnologysolutionstoidentifyanoptimalapproachcontinuingourroleofprovidingtechnologyleadershippromotinginnovationandeffectiveoperationsacrossDOETherecommendationspromoteamoreintegratedenvironmentforcoordinatingexecutive insight into thefinancialassistanceactivitiesat thedepartmentandenablegreatertransparencyIn addition the effort promotes DOErsquos federal leadership initiatives suchas the STAR METRICS program which provides a common empiricalframeworktoidentifyoutcomesofresearchinvestmentsandpromotestheDepartmentrsquoscommitmenttoscienceandinnovation
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)TransitionThe IPv6 Transition initiative ensures DOE infrastructure and applicationlifecyclemanagement is aligned with the technical imperative and OMBdirectiontopreparefederalagenciestouseInternetProtocolVersion6by2014(OMBMemorandum92810)Agencydeadlinesinclude Upgradepublicexternalfacingserversandservices bytheendofFY2012
UpgradeinternalclientapplicationsbytheendofFY2014
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummitsTheOCIOhostsaseriesofsummitsfocusedonadvancedtechnologyandinnovationeffortsacrosstheDepartmentanditspartnerstohighlightwaysinwhichtheseactivitieshelpussucceedinourmissionandcontributetosuccessoftheNationrsquosgoalsandgrandchallengesThiseffortcontinuestheOCIOrsquosroleofpromotinginnovationshowcasingtechnologyleadershipandidentifyingopportunitiestomodernizeservicesandleveragethepowerof itThrough these types of forums opportunities are communicated anddiscussedinanopencollaborativeenvironmentandinitiativesacrossDOEcanbebroughttogethertopromotecollaborationandinformationsharingIndividuallysummitsprovidetopical-baseddiscussionsusecasesandbestpractices thatare linkedtoDOEandtheOCIOrsquoscontinualmodernizationandtechnologyreuseinitiativesandcreategreaterawarenessofthewaysweengageinourmissionOrganizationsparticipate fromacross theDOEenterprise includingotherfederalagenciesaswellaspublicandprivatepartnersandthesediscussionsprovide an opportunity to share stores and success helping identifycommonalitiesaswell asanunderstandingof theuniquecircumstancesencounteredbyindividualmissionsandoffices
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 25of25
appendix
FinancialAssistance
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)Transition
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummits
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
Appendix B List of Acronyms
ARB ArchitectureReviewBoardBRM BusinessReferenceModelCAM CorporateAssetManagementCampA CertificationandAccreditationCFO ChiefFinancialOfficerCIO ChiefInformationOfficerCHRIS CorporateHumanResource
InformationSystemCNCI ComprehensiveNational
CybersecurityInitiativeCNSS CommitteeforNationalSecuritySystemsCOTS CommercialOfftheShelfCPIC CapitalPlanningandInvestmentControlCRB CorporateReviewBudgetDIB DefenseIndustrialBaseDoe Department of energyEA EnterpriseArchitectureEATP EnterpriseArchitectureTransitionPlanEAWG EnterpriseArchitectureWorkingGroupEITS EnergyITServicesESNet EnergyScienceNetworkEVM EarnedValueManagementEWA EnterpriseWideAgreementEWSS Energy-WideStrategicSourcingFDCCI FederalDataCenterConsolidationInitiativeFEA FederalEnterpriseArchitectureFEDRAMP FederalRiskandAuthorization
ManagementProgramFFP FirmFixedPriceFGDC FederalGeographicDataCommitteeFISMA FederalInformationSecurity
ManagementActGLoB GeospatialLineofBusinessGPEA GovernmentPaperworkEliminationActGSA GeneralServicesAdministrationGSP GeospatialScienceProgramHSPD HomelandSecurityPresidentialDirectiveIDEA InnovativeDepartmentofEnergy
E-GovernmentApplicationsICAM IdentityCredentialampAccessManagementICPT IntegratedContractorPurchasingTeamIM InformationManagementI-MANAGE IntegratedManagementNavigationSystemIOAampT InfrastructureOfficeAutomation
andTelecommunicationsIPT IntegratedProjectTeamIPv6 InternetProtocolVersion6IRM InformationResourcesManagementIT InformationTechnologyLOB LineofBusinessMampO ManagementandOperatingNICE NationalInitiativefor
CybersecurityEducationNIST NationalInstituteofStandards
andTechnologyNNSA NationalNuclearSecurityAdministrationOCIO OfficeoftheChiefInformationOfficerOMB OfficeofManagementandBudgetOampM OperationsandMaintenancePKI PublicKeyInfrastructurePOAampM PlanofActionandMilestonesRMA RecordsManagementApplicationSPI SpectrumPolicyInitiativeSSP SharedServiceProviderSTAR ScienceampTechnologyin
AmericarsquosReinvestment
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 21of25
strategicgoals
Objective3ImplementanenterprisecontinuousmonitoringstrategytocultivateactionableintelligenceandrapidlyinformmanagementactionOMBandFederalagencieshave increasingly recognized the limitedvalueofpoint-in-timesecurityauthorization for informingriskdecisionsandachievingeffectiveriskmanagementTheOCIOisleadingagencyeffortstodevelopContinuousMonitoring(CM)strategiesthatmoreeffectivelydirectandutilizeresourcesinprotectingagencyassetsThisCMprogramwillleveragetheRMAandshareOCIOeGRCcapabilitiestocultivateactionableintelligenceandenhancedecisionsupportfortheDOEanditsstakeholdersInimplementingtheCMprogramtheOCIOwill Identifyenterprise-levelCMinputsnecessarytobuildenterprisesituationalawarenessandinformriskmanagementdecisionsinnear-realtime(egthreatinformationstakeholdercommunicationflowsmissiondataetc)
Definetheprocessandperiodicityforreviewingandupdatingpoliciesstandardsandprocedurestomaintaincompliancewithcurrentstatutoryandregulatorydrivers
DescribehowCMdatawillbeaggregatedcorrelatedandanalyzedtoproduceactionableintelligenceandinformriskdecisionsincludingreporting
DevelopaCMImplementationPlanthat leveragesexistingresourcesfirst deploysinphasestocapturevaluequickly describesknowledgechainsandvaluepointsfororganization
AssessandmeasureprogrammaturitydevelopprocessesforcontinuousprogramimprovementtoincludeinnovationthroughRampDandadvancedtechnologiesoptimizationandlifecycleintegration
ESSENTIALACTIONS Identifyanddocumentgovernancecompliancerequirementsmodelsandprocessesthatimpactandcontributetocontinuousmonitoring
DevelopenterpriseCMStrategytoincludeincorporationofadvancedtechnologiesandinformationsharingwithinDOEorganizationsandexternallytotheFederalcommunity
ConductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyofCMStrategy
TaRGETED OuTCOMES
Integratedmulti-tiercontinuousmonitoringstrategythataddressesgovernanceenterpriseservicesandsystem-levelimplementation
AutomatedcommonreportingprocessforDOEHeadquartersProgramandSiteOffices InformedriskdecisionsusingcriticaldataflowsthatareidentifiedandincorporatedintoCMplans
22of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopmentNational workforce education and development initiatives such as the National Initiative for Cybersecurity Education (NICE)continue to underscore the critical importanceofwell-trained and capable cybersecurityworkforce to execute theprogramsthat support risk management and enable mission operations The OCIO is leading the enhancement of the Departmentrsquoscybersecurity trainingandworkforcedevelopmentprogram includingpartneringwithDepartmentofDefense to reducecostsbyleveragingtrainingresourcesThiseffortincludesamultiyearmulti-prongedapproachtowarddevelopingandmaintainingatrainingrepositorythatmapstrainingtocriticalcybersecurityrolesandindividualswithsignificantsecurityresponsibilitiesTheprogramiscentrallymanagedthroughtheOCIOandwillprovideafullscopeofadvancedtrainingresourcesandcapabilitiestoassistallDOEElements
ESSENTIALACTIONS DevelopenterpriseCybersecurityTrainingImplementationPlan Establishcommunicationsplantoensurecriticalrolesaremappedtoindividualsindividualtrainingplansareestablishedandcompletionratesaretracked
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyoftrainingprogram
TaRGETED OuTCOMES
Increasedworkforceawarenessandcapability improvedmitigationofinsiderthreat Improvedsecuritypostureandworkforcealignment withmissionpriorities
Identificationofkeycybersecurityroleswithineachorganizationincludingdocumentationofindividuals withsignificantsecurityresponsibility
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 23of25
appendix
Appendix A Strategic Initiatives
IdentityCredentialampAccessManagement(ICAM)This initiative establishes a framework for implementation of a variety ofidentity verification and access management capabilities It addressesrequirements related to HSPD-12 and enhances existing Public KeyInfrastructure (PKI) capabilities These key technologies enable theexchangeoftrustedidentitiesacrossDOEandwithotheragencypartnersHSPD-12 - This investment brings the Department in compliance withHomeland Security Presidential Directive 12 The initiative provides anenterprisestandards-basedauthenticationandauthorizationinfrastructurethatofferssecureseamlessbusinesstransactionsandinformationexchangewithinDOEandacrossmanydisparateagenciesandorganizationsTheprogramwillreduceexistinglogicalandphysicalsecurityvulnerabilitiesandmitigate risks toestablish theprerequisite levelofsecurity forcriticalenterprisebusinessfunctionsBoththetechnologysolutionsandongoingsupport providedby the initiativewill enableDOE to ensure that systemusers are who they claim to be (authentication) allow effective use ofdigitalsignatures(dataintegrityandaccountability)andrestrictaccesstoappropriatelyauthorizedusers(accesscontrol)PKI -ThemissionofPKISupportServicesistoprovideelectronicservicesrelated to authentication confidentiality privacy data integrity and non-repudiationthroughtheuseofdigitalidentitiesdigitalsignaturesandtwo-factorauthenticationtokensTheseservicesareavailabletoallcustomersthathaveavalidbusinessneedtosecureandtransmitsensitiveDepartmentdataandortherequirementtopositivelyidentifythemselvestoDepartmentresources
TaRGETED OuTCOMES ProvideastandardizedDOEIDCardcompliantwithHSPD-12andcapableofsupportingphysicalandlogicalaccessrequirementssuchascryptographicstorageofdigitalcredentialsintegratedstandards-basedbuildingproximitysupportandaprintedformatthatcomplieswithfederalIDcardrequirements EnhanceapublickeyinfrastructuresolutionthatcomplieswithfederalstandardsandsupportsDOErequirementsforconfidentialityintegrityandauthenticity ImplementanIIdentityCredentialandAccessManagementsolutionthatservesasthebasisofacommonsecurityinfrastructurethatcansupportdiversesystems EnsureDOEpublicexternalfacingserversand(web-enabled)servicestouseIPv6bytheendofFY2012
SustainabilityandFederalDataCenterConsolidationInitiativeThis initiative addresses requirements under the Federal Data CenterConsolidation Initiative (FDCCI) anOMB led initiative to consolidate andreducethenumberoffederaldatacentersItalsosupportsDepartmentalenergy reduction and sustainability goals as documented in the DOEStrategicSustainabilityPerformancePlanDatacenterreductiongoalswillbeachievedthroughincreasedefficienciessuchastheuseofvirtualizationconsolidation of requirements and implementation of increased use ofcloudcomputinginfrastructureasaservice
TaRGETED OuTCOMES ReducethenumberofDOEfederaldatacentersby6by2015
PerformanceManagementDashboardsThePerformanceManagementDashboards initiativeworkswithProgramOffices to develop business intelligence systems that inform seniorDOEmanagement about the effectiveness and efficiency of its program andfinancials This initiative also includes the development of Science ampTechnology in Americarsquos Reinvestment Metrics (STAR METRICS) formeasuring the effect of research on innovation competitiveness andscienceWhilethisinitiativeisintheearlystagesthegoalistouseProgramOfficeintelligencesystemstoleveragecontractorassurancesystemsandimprovethetransparencyofMampOcontractorperformance ThiswillprovideDOESenior Management visibility into contractor project performance muchearlierenablingimprovedperformancemanagement
TaRGETED OuTCOMES EstablishDOEintelligencesystemsthatprovidetransparencyandvisibilityintoprogramandfinancialperformance ProvideSeniorDOEManagementtimelyperformanceinformationtosupportdecision-makingviathePerformanceDashboards
24of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
appendix
FinancialAssistanceThe US Department of Energy (DOE) provides a significant amount offinancialassistancetosupportinnovationandprogressforAmericarsquosenergyscientificandnationalsecurityneedsevaluatingthousandsofapplicationseachyearandawardingbillionsofdollarsinfinancialassistanceDuetotheimportanceofDOErsquosinvestmentsandtheimpactofourresearchportfolioinsupportingournationalobjectivesandDOErsquosstrategicplantheDOEDeputySecretaryandOperationsManagementCouncildirectedtheOCIOtoconductanevaluationoffinancialassistancesystemswithinDOEto determine the scope of the opportunity to modernize the underlyingsystemsand services in support of financial assistanceprogramsat theDepartmentCurrentlyDOEreliesonamixofsystemsandprocessestoadministerfinancialassistanceawardsrangingfromin-housetooutsourcedproducts and has no single system or tool tomanageDOErsquos completeinvestmentportfolioAsaresulttheOCIOhasevaluatedfinancialassistancetechnologysolutionstoidentifyanoptimalapproachcontinuingourroleofprovidingtechnologyleadershippromotinginnovationandeffectiveoperationsacrossDOETherecommendationspromoteamoreintegratedenvironmentforcoordinatingexecutive insight into thefinancialassistanceactivitiesat thedepartmentandenablegreatertransparencyIn addition the effort promotes DOErsquos federal leadership initiatives suchas the STAR METRICS program which provides a common empiricalframeworktoidentifyoutcomesofresearchinvestmentsandpromotestheDepartmentrsquoscommitmenttoscienceandinnovation
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)TransitionThe IPv6 Transition initiative ensures DOE infrastructure and applicationlifecyclemanagement is aligned with the technical imperative and OMBdirectiontopreparefederalagenciestouseInternetProtocolVersion6by2014(OMBMemorandum92810)Agencydeadlinesinclude Upgradepublicexternalfacingserversandservices bytheendofFY2012
UpgradeinternalclientapplicationsbytheendofFY2014
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummitsTheOCIOhostsaseriesofsummitsfocusedonadvancedtechnologyandinnovationeffortsacrosstheDepartmentanditspartnerstohighlightwaysinwhichtheseactivitieshelpussucceedinourmissionandcontributetosuccessoftheNationrsquosgoalsandgrandchallengesThiseffortcontinuestheOCIOrsquosroleofpromotinginnovationshowcasingtechnologyleadershipandidentifyingopportunitiestomodernizeservicesandleveragethepowerof itThrough these types of forums opportunities are communicated anddiscussedinanopencollaborativeenvironmentandinitiativesacrossDOEcanbebroughttogethertopromotecollaborationandinformationsharingIndividuallysummitsprovidetopical-baseddiscussionsusecasesandbestpractices thatare linkedtoDOEandtheOCIOrsquoscontinualmodernizationandtechnologyreuseinitiativesandcreategreaterawarenessofthewaysweengageinourmissionOrganizationsparticipate fromacross theDOEenterprise includingotherfederalagenciesaswellaspublicandprivatepartnersandthesediscussionsprovide an opportunity to share stores and success helping identifycommonalitiesaswell asanunderstandingof theuniquecircumstancesencounteredbyindividualmissionsandoffices
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 25of25
appendix
FinancialAssistance
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)Transition
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummits
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
Appendix B List of Acronyms
ARB ArchitectureReviewBoardBRM BusinessReferenceModelCAM CorporateAssetManagementCampA CertificationandAccreditationCFO ChiefFinancialOfficerCIO ChiefInformationOfficerCHRIS CorporateHumanResource
InformationSystemCNCI ComprehensiveNational
CybersecurityInitiativeCNSS CommitteeforNationalSecuritySystemsCOTS CommercialOfftheShelfCPIC CapitalPlanningandInvestmentControlCRB CorporateReviewBudgetDIB DefenseIndustrialBaseDoe Department of energyEA EnterpriseArchitectureEATP EnterpriseArchitectureTransitionPlanEAWG EnterpriseArchitectureWorkingGroupEITS EnergyITServicesESNet EnergyScienceNetworkEVM EarnedValueManagementEWA EnterpriseWideAgreementEWSS Energy-WideStrategicSourcingFDCCI FederalDataCenterConsolidationInitiativeFEA FederalEnterpriseArchitectureFEDRAMP FederalRiskandAuthorization
ManagementProgramFFP FirmFixedPriceFGDC FederalGeographicDataCommitteeFISMA FederalInformationSecurity
ManagementActGLoB GeospatialLineofBusinessGPEA GovernmentPaperworkEliminationActGSA GeneralServicesAdministrationGSP GeospatialScienceProgramHSPD HomelandSecurityPresidentialDirectiveIDEA InnovativeDepartmentofEnergy
E-GovernmentApplicationsICAM IdentityCredentialampAccessManagementICPT IntegratedContractorPurchasingTeamIM InformationManagementI-MANAGE IntegratedManagementNavigationSystemIOAampT InfrastructureOfficeAutomation
andTelecommunicationsIPT IntegratedProjectTeamIPv6 InternetProtocolVersion6IRM InformationResourcesManagementIT InformationTechnologyLOB LineofBusinessMampO ManagementandOperatingNICE NationalInitiativefor
CybersecurityEducationNIST NationalInstituteofStandards
andTechnologyNNSA NationalNuclearSecurityAdministrationOCIO OfficeoftheChiefInformationOfficerOMB OfficeofManagementandBudgetOampM OperationsandMaintenancePKI PublicKeyInfrastructurePOAampM PlanofActionandMilestonesRMA RecordsManagementApplicationSPI SpectrumPolicyInitiativeSSP SharedServiceProviderSTAR ScienceampTechnologyin
AmericarsquosReinvestment
22of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
strategicgoals
Objective4Promotehighly-capablecyberworkforcethroughspecializedrole-basedtraininganddevelopmentNational workforce education and development initiatives such as the National Initiative for Cybersecurity Education (NICE)continue to underscore the critical importanceofwell-trained and capable cybersecurityworkforce to execute theprogramsthat support risk management and enable mission operations The OCIO is leading the enhancement of the Departmentrsquoscybersecurity trainingandworkforcedevelopmentprogram includingpartneringwithDepartmentofDefense to reducecostsbyleveragingtrainingresourcesThiseffortincludesamultiyearmulti-prongedapproachtowarddevelopingandmaintainingatrainingrepositorythatmapstrainingtocriticalcybersecurityrolesandindividualswithsignificantsecurityresponsibilitiesTheprogramiscentrallymanagedthroughtheOCIOandwillprovideafullscopeofadvancedtrainingresourcesandcapabilitiestoassistallDOEElements
ESSENTIALACTIONS DevelopenterpriseCybersecurityTrainingImplementationPlan Establishcommunicationsplantoensurecriticalrolesaremappedtoindividualsindividualtrainingplansareestablishedandcompletionratesaretracked
Conductanddocumentprogrammaturityassessmentincludingreportingmetricsthatdemonstrateefficacyoftrainingprogram
TaRGETED OuTCOMES
Increasedworkforceawarenessandcapability improvedmitigationofinsiderthreat Improvedsecuritypostureandworkforcealignment withmissionpriorities
Identificationofkeycybersecurityroleswithineachorganizationincludingdocumentationofindividuals withsignificantsecurityresponsibility
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 23of25
appendix
Appendix A Strategic Initiatives
IdentityCredentialampAccessManagement(ICAM)This initiative establishes a framework for implementation of a variety ofidentity verification and access management capabilities It addressesrequirements related to HSPD-12 and enhances existing Public KeyInfrastructure (PKI) capabilities These key technologies enable theexchangeoftrustedidentitiesacrossDOEandwithotheragencypartnersHSPD-12 - This investment brings the Department in compliance withHomeland Security Presidential Directive 12 The initiative provides anenterprisestandards-basedauthenticationandauthorizationinfrastructurethatofferssecureseamlessbusinesstransactionsandinformationexchangewithinDOEandacrossmanydisparateagenciesandorganizationsTheprogramwillreduceexistinglogicalandphysicalsecurityvulnerabilitiesandmitigate risks toestablish theprerequisite levelofsecurity forcriticalenterprisebusinessfunctionsBoththetechnologysolutionsandongoingsupport providedby the initiativewill enableDOE to ensure that systemusers are who they claim to be (authentication) allow effective use ofdigitalsignatures(dataintegrityandaccountability)andrestrictaccesstoappropriatelyauthorizedusers(accesscontrol)PKI -ThemissionofPKISupportServicesistoprovideelectronicservicesrelated to authentication confidentiality privacy data integrity and non-repudiationthroughtheuseofdigitalidentitiesdigitalsignaturesandtwo-factorauthenticationtokensTheseservicesareavailabletoallcustomersthathaveavalidbusinessneedtosecureandtransmitsensitiveDepartmentdataandortherequirementtopositivelyidentifythemselvestoDepartmentresources
TaRGETED OuTCOMES ProvideastandardizedDOEIDCardcompliantwithHSPD-12andcapableofsupportingphysicalandlogicalaccessrequirementssuchascryptographicstorageofdigitalcredentialsintegratedstandards-basedbuildingproximitysupportandaprintedformatthatcomplieswithfederalIDcardrequirements EnhanceapublickeyinfrastructuresolutionthatcomplieswithfederalstandardsandsupportsDOErequirementsforconfidentialityintegrityandauthenticity ImplementanIIdentityCredentialandAccessManagementsolutionthatservesasthebasisofacommonsecurityinfrastructurethatcansupportdiversesystems EnsureDOEpublicexternalfacingserversand(web-enabled)servicestouseIPv6bytheendofFY2012
SustainabilityandFederalDataCenterConsolidationInitiativeThis initiative addresses requirements under the Federal Data CenterConsolidation Initiative (FDCCI) anOMB led initiative to consolidate andreducethenumberoffederaldatacentersItalsosupportsDepartmentalenergy reduction and sustainability goals as documented in the DOEStrategicSustainabilityPerformancePlanDatacenterreductiongoalswillbeachievedthroughincreasedefficienciessuchastheuseofvirtualizationconsolidation of requirements and implementation of increased use ofcloudcomputinginfrastructureasaservice
TaRGETED OuTCOMES ReducethenumberofDOEfederaldatacentersby6by2015
PerformanceManagementDashboardsThePerformanceManagementDashboards initiativeworkswithProgramOffices to develop business intelligence systems that inform seniorDOEmanagement about the effectiveness and efficiency of its program andfinancials This initiative also includes the development of Science ampTechnology in Americarsquos Reinvestment Metrics (STAR METRICS) formeasuring the effect of research on innovation competitiveness andscienceWhilethisinitiativeisintheearlystagesthegoalistouseProgramOfficeintelligencesystemstoleveragecontractorassurancesystemsandimprovethetransparencyofMampOcontractorperformance ThiswillprovideDOESenior Management visibility into contractor project performance muchearlierenablingimprovedperformancemanagement
TaRGETED OuTCOMES EstablishDOEintelligencesystemsthatprovidetransparencyandvisibilityintoprogramandfinancialperformance ProvideSeniorDOEManagementtimelyperformanceinformationtosupportdecision-makingviathePerformanceDashboards
24of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
appendix
FinancialAssistanceThe US Department of Energy (DOE) provides a significant amount offinancialassistancetosupportinnovationandprogressforAmericarsquosenergyscientificandnationalsecurityneedsevaluatingthousandsofapplicationseachyearandawardingbillionsofdollarsinfinancialassistanceDuetotheimportanceofDOErsquosinvestmentsandtheimpactofourresearchportfolioinsupportingournationalobjectivesandDOErsquosstrategicplantheDOEDeputySecretaryandOperationsManagementCouncildirectedtheOCIOtoconductanevaluationoffinancialassistancesystemswithinDOEto determine the scope of the opportunity to modernize the underlyingsystemsand services in support of financial assistanceprogramsat theDepartmentCurrentlyDOEreliesonamixofsystemsandprocessestoadministerfinancialassistanceawardsrangingfromin-housetooutsourcedproducts and has no single system or tool tomanageDOErsquos completeinvestmentportfolioAsaresulttheOCIOhasevaluatedfinancialassistancetechnologysolutionstoidentifyanoptimalapproachcontinuingourroleofprovidingtechnologyleadershippromotinginnovationandeffectiveoperationsacrossDOETherecommendationspromoteamoreintegratedenvironmentforcoordinatingexecutive insight into thefinancialassistanceactivitiesat thedepartmentandenablegreatertransparencyIn addition the effort promotes DOErsquos federal leadership initiatives suchas the STAR METRICS program which provides a common empiricalframeworktoidentifyoutcomesofresearchinvestmentsandpromotestheDepartmentrsquoscommitmenttoscienceandinnovation
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)TransitionThe IPv6 Transition initiative ensures DOE infrastructure and applicationlifecyclemanagement is aligned with the technical imperative and OMBdirectiontopreparefederalagenciestouseInternetProtocolVersion6by2014(OMBMemorandum92810)Agencydeadlinesinclude Upgradepublicexternalfacingserversandservices bytheendofFY2012
UpgradeinternalclientapplicationsbytheendofFY2014
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummitsTheOCIOhostsaseriesofsummitsfocusedonadvancedtechnologyandinnovationeffortsacrosstheDepartmentanditspartnerstohighlightwaysinwhichtheseactivitieshelpussucceedinourmissionandcontributetosuccessoftheNationrsquosgoalsandgrandchallengesThiseffortcontinuestheOCIOrsquosroleofpromotinginnovationshowcasingtechnologyleadershipandidentifyingopportunitiestomodernizeservicesandleveragethepowerof itThrough these types of forums opportunities are communicated anddiscussedinanopencollaborativeenvironmentandinitiativesacrossDOEcanbebroughttogethertopromotecollaborationandinformationsharingIndividuallysummitsprovidetopical-baseddiscussionsusecasesandbestpractices thatare linkedtoDOEandtheOCIOrsquoscontinualmodernizationandtechnologyreuseinitiativesandcreategreaterawarenessofthewaysweengageinourmissionOrganizationsparticipate fromacross theDOEenterprise includingotherfederalagenciesaswellaspublicandprivatepartnersandthesediscussionsprovide an opportunity to share stores and success helping identifycommonalitiesaswell asanunderstandingof theuniquecircumstancesencounteredbyindividualmissionsandoffices
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 25of25
appendix
FinancialAssistance
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)Transition
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummits
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
Appendix B List of Acronyms
ARB ArchitectureReviewBoardBRM BusinessReferenceModelCAM CorporateAssetManagementCampA CertificationandAccreditationCFO ChiefFinancialOfficerCIO ChiefInformationOfficerCHRIS CorporateHumanResource
InformationSystemCNCI ComprehensiveNational
CybersecurityInitiativeCNSS CommitteeforNationalSecuritySystemsCOTS CommercialOfftheShelfCPIC CapitalPlanningandInvestmentControlCRB CorporateReviewBudgetDIB DefenseIndustrialBaseDoe Department of energyEA EnterpriseArchitectureEATP EnterpriseArchitectureTransitionPlanEAWG EnterpriseArchitectureWorkingGroupEITS EnergyITServicesESNet EnergyScienceNetworkEVM EarnedValueManagementEWA EnterpriseWideAgreementEWSS Energy-WideStrategicSourcingFDCCI FederalDataCenterConsolidationInitiativeFEA FederalEnterpriseArchitectureFEDRAMP FederalRiskandAuthorization
ManagementProgramFFP FirmFixedPriceFGDC FederalGeographicDataCommitteeFISMA FederalInformationSecurity
ManagementActGLoB GeospatialLineofBusinessGPEA GovernmentPaperworkEliminationActGSA GeneralServicesAdministrationGSP GeospatialScienceProgramHSPD HomelandSecurityPresidentialDirectiveIDEA InnovativeDepartmentofEnergy
E-GovernmentApplicationsICAM IdentityCredentialampAccessManagementICPT IntegratedContractorPurchasingTeamIM InformationManagementI-MANAGE IntegratedManagementNavigationSystemIOAampT InfrastructureOfficeAutomation
andTelecommunicationsIPT IntegratedProjectTeamIPv6 InternetProtocolVersion6IRM InformationResourcesManagementIT InformationTechnologyLOB LineofBusinessMampO ManagementandOperatingNICE NationalInitiativefor
CybersecurityEducationNIST NationalInstituteofStandards
andTechnologyNNSA NationalNuclearSecurityAdministrationOCIO OfficeoftheChiefInformationOfficerOMB OfficeofManagementandBudgetOampM OperationsandMaintenancePKI PublicKeyInfrastructurePOAampM PlanofActionandMilestonesRMA RecordsManagementApplicationSPI SpectrumPolicyInitiativeSSP SharedServiceProviderSTAR ScienceampTechnologyin
AmericarsquosReinvestment
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 23of25
appendix
Appendix A Strategic Initiatives
IdentityCredentialampAccessManagement(ICAM)This initiative establishes a framework for implementation of a variety ofidentity verification and access management capabilities It addressesrequirements related to HSPD-12 and enhances existing Public KeyInfrastructure (PKI) capabilities These key technologies enable theexchangeoftrustedidentitiesacrossDOEandwithotheragencypartnersHSPD-12 - This investment brings the Department in compliance withHomeland Security Presidential Directive 12 The initiative provides anenterprisestandards-basedauthenticationandauthorizationinfrastructurethatofferssecureseamlessbusinesstransactionsandinformationexchangewithinDOEandacrossmanydisparateagenciesandorganizationsTheprogramwillreduceexistinglogicalandphysicalsecurityvulnerabilitiesandmitigate risks toestablish theprerequisite levelofsecurity forcriticalenterprisebusinessfunctionsBoththetechnologysolutionsandongoingsupport providedby the initiativewill enableDOE to ensure that systemusers are who they claim to be (authentication) allow effective use ofdigitalsignatures(dataintegrityandaccountability)andrestrictaccesstoappropriatelyauthorizedusers(accesscontrol)PKI -ThemissionofPKISupportServicesistoprovideelectronicservicesrelated to authentication confidentiality privacy data integrity and non-repudiationthroughtheuseofdigitalidentitiesdigitalsignaturesandtwo-factorauthenticationtokensTheseservicesareavailabletoallcustomersthathaveavalidbusinessneedtosecureandtransmitsensitiveDepartmentdataandortherequirementtopositivelyidentifythemselvestoDepartmentresources
TaRGETED OuTCOMES ProvideastandardizedDOEIDCardcompliantwithHSPD-12andcapableofsupportingphysicalandlogicalaccessrequirementssuchascryptographicstorageofdigitalcredentialsintegratedstandards-basedbuildingproximitysupportandaprintedformatthatcomplieswithfederalIDcardrequirements EnhanceapublickeyinfrastructuresolutionthatcomplieswithfederalstandardsandsupportsDOErequirementsforconfidentialityintegrityandauthenticity ImplementanIIdentityCredentialandAccessManagementsolutionthatservesasthebasisofacommonsecurityinfrastructurethatcansupportdiversesystems EnsureDOEpublicexternalfacingserversand(web-enabled)servicestouseIPv6bytheendofFY2012
SustainabilityandFederalDataCenterConsolidationInitiativeThis initiative addresses requirements under the Federal Data CenterConsolidation Initiative (FDCCI) anOMB led initiative to consolidate andreducethenumberoffederaldatacentersItalsosupportsDepartmentalenergy reduction and sustainability goals as documented in the DOEStrategicSustainabilityPerformancePlanDatacenterreductiongoalswillbeachievedthroughincreasedefficienciessuchastheuseofvirtualizationconsolidation of requirements and implementation of increased use ofcloudcomputinginfrastructureasaservice
TaRGETED OuTCOMES ReducethenumberofDOEfederaldatacentersby6by2015
PerformanceManagementDashboardsThePerformanceManagementDashboards initiativeworkswithProgramOffices to develop business intelligence systems that inform seniorDOEmanagement about the effectiveness and efficiency of its program andfinancials This initiative also includes the development of Science ampTechnology in Americarsquos Reinvestment Metrics (STAR METRICS) formeasuring the effect of research on innovation competitiveness andscienceWhilethisinitiativeisintheearlystagesthegoalistouseProgramOfficeintelligencesystemstoleveragecontractorassurancesystemsandimprovethetransparencyofMampOcontractorperformance ThiswillprovideDOESenior Management visibility into contractor project performance muchearlierenablingimprovedperformancemanagement
TaRGETED OuTCOMES EstablishDOEintelligencesystemsthatprovidetransparencyandvisibilityintoprogramandfinancialperformance ProvideSeniorDOEManagementtimelyperformanceinformationtosupportdecision-makingviathePerformanceDashboards
24of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
appendix
FinancialAssistanceThe US Department of Energy (DOE) provides a significant amount offinancialassistancetosupportinnovationandprogressforAmericarsquosenergyscientificandnationalsecurityneedsevaluatingthousandsofapplicationseachyearandawardingbillionsofdollarsinfinancialassistanceDuetotheimportanceofDOErsquosinvestmentsandtheimpactofourresearchportfolioinsupportingournationalobjectivesandDOErsquosstrategicplantheDOEDeputySecretaryandOperationsManagementCouncildirectedtheOCIOtoconductanevaluationoffinancialassistancesystemswithinDOEto determine the scope of the opportunity to modernize the underlyingsystemsand services in support of financial assistanceprogramsat theDepartmentCurrentlyDOEreliesonamixofsystemsandprocessestoadministerfinancialassistanceawardsrangingfromin-housetooutsourcedproducts and has no single system or tool tomanageDOErsquos completeinvestmentportfolioAsaresulttheOCIOhasevaluatedfinancialassistancetechnologysolutionstoidentifyanoptimalapproachcontinuingourroleofprovidingtechnologyleadershippromotinginnovationandeffectiveoperationsacrossDOETherecommendationspromoteamoreintegratedenvironmentforcoordinatingexecutive insight into thefinancialassistanceactivitiesat thedepartmentandenablegreatertransparencyIn addition the effort promotes DOErsquos federal leadership initiatives suchas the STAR METRICS program which provides a common empiricalframeworktoidentifyoutcomesofresearchinvestmentsandpromotestheDepartmentrsquoscommitmenttoscienceandinnovation
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)TransitionThe IPv6 Transition initiative ensures DOE infrastructure and applicationlifecyclemanagement is aligned with the technical imperative and OMBdirectiontopreparefederalagenciestouseInternetProtocolVersion6by2014(OMBMemorandum92810)Agencydeadlinesinclude Upgradepublicexternalfacingserversandservices bytheendofFY2012
UpgradeinternalclientapplicationsbytheendofFY2014
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummitsTheOCIOhostsaseriesofsummitsfocusedonadvancedtechnologyandinnovationeffortsacrosstheDepartmentanditspartnerstohighlightwaysinwhichtheseactivitieshelpussucceedinourmissionandcontributetosuccessoftheNationrsquosgoalsandgrandchallengesThiseffortcontinuestheOCIOrsquosroleofpromotinginnovationshowcasingtechnologyleadershipandidentifyingopportunitiestomodernizeservicesandleveragethepowerof itThrough these types of forums opportunities are communicated anddiscussedinanopencollaborativeenvironmentandinitiativesacrossDOEcanbebroughttogethertopromotecollaborationandinformationsharingIndividuallysummitsprovidetopical-baseddiscussionsusecasesandbestpractices thatare linkedtoDOEandtheOCIOrsquoscontinualmodernizationandtechnologyreuseinitiativesandcreategreaterawarenessofthewaysweengageinourmissionOrganizationsparticipate fromacross theDOEenterprise includingotherfederalagenciesaswellaspublicandprivatepartnersandthesediscussionsprovide an opportunity to share stores and success helping identifycommonalitiesaswell asanunderstandingof theuniquecircumstancesencounteredbyindividualmissionsandoffices
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 25of25
appendix
FinancialAssistance
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)Transition
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummits
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
Appendix B List of Acronyms
ARB ArchitectureReviewBoardBRM BusinessReferenceModelCAM CorporateAssetManagementCampA CertificationandAccreditationCFO ChiefFinancialOfficerCIO ChiefInformationOfficerCHRIS CorporateHumanResource
InformationSystemCNCI ComprehensiveNational
CybersecurityInitiativeCNSS CommitteeforNationalSecuritySystemsCOTS CommercialOfftheShelfCPIC CapitalPlanningandInvestmentControlCRB CorporateReviewBudgetDIB DefenseIndustrialBaseDoe Department of energyEA EnterpriseArchitectureEATP EnterpriseArchitectureTransitionPlanEAWG EnterpriseArchitectureWorkingGroupEITS EnergyITServicesESNet EnergyScienceNetworkEVM EarnedValueManagementEWA EnterpriseWideAgreementEWSS Energy-WideStrategicSourcingFDCCI FederalDataCenterConsolidationInitiativeFEA FederalEnterpriseArchitectureFEDRAMP FederalRiskandAuthorization
ManagementProgramFFP FirmFixedPriceFGDC FederalGeographicDataCommitteeFISMA FederalInformationSecurity
ManagementActGLoB GeospatialLineofBusinessGPEA GovernmentPaperworkEliminationActGSA GeneralServicesAdministrationGSP GeospatialScienceProgramHSPD HomelandSecurityPresidentialDirectiveIDEA InnovativeDepartmentofEnergy
E-GovernmentApplicationsICAM IdentityCredentialampAccessManagementICPT IntegratedContractorPurchasingTeamIM InformationManagementI-MANAGE IntegratedManagementNavigationSystemIOAampT InfrastructureOfficeAutomation
andTelecommunicationsIPT IntegratedProjectTeamIPv6 InternetProtocolVersion6IRM InformationResourcesManagementIT InformationTechnologyLOB LineofBusinessMampO ManagementandOperatingNICE NationalInitiativefor
CybersecurityEducationNIST NationalInstituteofStandards
andTechnologyNNSA NationalNuclearSecurityAdministrationOCIO OfficeoftheChiefInformationOfficerOMB OfficeofManagementandBudgetOampM OperationsandMaintenancePKI PublicKeyInfrastructurePOAampM PlanofActionandMilestonesRMA RecordsManagementApplicationSPI SpectrumPolicyInitiativeSSP SharedServiceProviderSTAR ScienceampTechnologyin
AmericarsquosReinvestment
24of25 USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan
appendix
FinancialAssistanceThe US Department of Energy (DOE) provides a significant amount offinancialassistancetosupportinnovationandprogressforAmericarsquosenergyscientificandnationalsecurityneedsevaluatingthousandsofapplicationseachyearandawardingbillionsofdollarsinfinancialassistanceDuetotheimportanceofDOErsquosinvestmentsandtheimpactofourresearchportfolioinsupportingournationalobjectivesandDOErsquosstrategicplantheDOEDeputySecretaryandOperationsManagementCouncildirectedtheOCIOtoconductanevaluationoffinancialassistancesystemswithinDOEto determine the scope of the opportunity to modernize the underlyingsystemsand services in support of financial assistanceprogramsat theDepartmentCurrentlyDOEreliesonamixofsystemsandprocessestoadministerfinancialassistanceawardsrangingfromin-housetooutsourcedproducts and has no single system or tool tomanageDOErsquos completeinvestmentportfolioAsaresulttheOCIOhasevaluatedfinancialassistancetechnologysolutionstoidentifyanoptimalapproachcontinuingourroleofprovidingtechnologyleadershippromotinginnovationandeffectiveoperationsacrossDOETherecommendationspromoteamoreintegratedenvironmentforcoordinatingexecutive insight into thefinancialassistanceactivitiesat thedepartmentandenablegreatertransparencyIn addition the effort promotes DOErsquos federal leadership initiatives suchas the STAR METRICS program which provides a common empiricalframeworktoidentifyoutcomesofresearchinvestmentsandpromotestheDepartmentrsquoscommitmenttoscienceandinnovation
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)TransitionThe IPv6 Transition initiative ensures DOE infrastructure and applicationlifecyclemanagement is aligned with the technical imperative and OMBdirectiontopreparefederalagenciestouseInternetProtocolVersion6by2014(OMBMemorandum92810)Agencydeadlinesinclude Upgradepublicexternalfacingserversandservices bytheendofFY2012
UpgradeinternalclientapplicationsbytheendofFY2014
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummitsTheOCIOhostsaseriesofsummitsfocusedonadvancedtechnologyandinnovationeffortsacrosstheDepartmentanditspartnerstohighlightwaysinwhichtheseactivitieshelpussucceedinourmissionandcontributetosuccessoftheNationrsquosgoalsandgrandchallengesThiseffortcontinuestheOCIOrsquosroleofpromotinginnovationshowcasingtechnologyleadershipandidentifyingopportunitiestomodernizeservicesandleveragethepowerof itThrough these types of forums opportunities are communicated anddiscussedinanopencollaborativeenvironmentandinitiativesacrossDOEcanbebroughttogethertopromotecollaborationandinformationsharingIndividuallysummitsprovidetopical-baseddiscussionsusecasesandbestpractices thatare linkedtoDOEandtheOCIOrsquoscontinualmodernizationandtechnologyreuseinitiativesandcreategreaterawarenessofthewaysweengageinourmissionOrganizationsparticipate fromacross theDOEenterprise includingotherfederalagenciesaswellaspublicandprivatepartnersandthesediscussionsprovide an opportunity to share stores and success helping identifycommonalitiesaswell asanunderstandingof theuniquecircumstancesencounteredbyindividualmissionsandoffices
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 25of25
appendix
FinancialAssistance
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)Transition
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummits
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
Appendix B List of Acronyms
ARB ArchitectureReviewBoardBRM BusinessReferenceModelCAM CorporateAssetManagementCampA CertificationandAccreditationCFO ChiefFinancialOfficerCIO ChiefInformationOfficerCHRIS CorporateHumanResource
InformationSystemCNCI ComprehensiveNational
CybersecurityInitiativeCNSS CommitteeforNationalSecuritySystemsCOTS CommercialOfftheShelfCPIC CapitalPlanningandInvestmentControlCRB CorporateReviewBudgetDIB DefenseIndustrialBaseDoe Department of energyEA EnterpriseArchitectureEATP EnterpriseArchitectureTransitionPlanEAWG EnterpriseArchitectureWorkingGroupEITS EnergyITServicesESNet EnergyScienceNetworkEVM EarnedValueManagementEWA EnterpriseWideAgreementEWSS Energy-WideStrategicSourcingFDCCI FederalDataCenterConsolidationInitiativeFEA FederalEnterpriseArchitectureFEDRAMP FederalRiskandAuthorization
ManagementProgramFFP FirmFixedPriceFGDC FederalGeographicDataCommitteeFISMA FederalInformationSecurity
ManagementActGLoB GeospatialLineofBusinessGPEA GovernmentPaperworkEliminationActGSA GeneralServicesAdministrationGSP GeospatialScienceProgramHSPD HomelandSecurityPresidentialDirectiveIDEA InnovativeDepartmentofEnergy
E-GovernmentApplicationsICAM IdentityCredentialampAccessManagementICPT IntegratedContractorPurchasingTeamIM InformationManagementI-MANAGE IntegratedManagementNavigationSystemIOAampT InfrastructureOfficeAutomation
andTelecommunicationsIPT IntegratedProjectTeamIPv6 InternetProtocolVersion6IRM InformationResourcesManagementIT InformationTechnologyLOB LineofBusinessMampO ManagementandOperatingNICE NationalInitiativefor
CybersecurityEducationNIST NationalInstituteofStandards
andTechnologyNNSA NationalNuclearSecurityAdministrationOCIO OfficeoftheChiefInformationOfficerOMB OfficeofManagementandBudgetOampM OperationsandMaintenancePKI PublicKeyInfrastructurePOAampM PlanofActionandMilestonesRMA RecordsManagementApplicationSPI SpectrumPolicyInitiativeSSP SharedServiceProviderSTAR ScienceampTechnologyin
AmericarsquosReinvestment
USDepartmentofEnergy|OfficeoftheChiefInformationOfficer|OCIOStrategicPlan 25of25
appendix
FinancialAssistance
TaRGETED OuTCOMES IdentifyanoperationalframeworktomanagefinancialassistanceeffortsandsystemsatDOEasaprogram EnableDOEleadershipforfederalresearchanddevelopmentactivitiesthroughtheSTARMETRICSinitiative
InternetProtocolVersion6(IPv6)Transition
TaRGETED OuTCOMES SuccessfulandsecureuseofIPv6byDOEinfrastructureandapplicationsinaccordancewiththeOMB2014deadline
TechnologySummits
TaRGETED OuTCOMES EnabletheDepartmenttodevelopacollaborativeapproachindevelopinginsightstofuelITtransformationandmissionalignmentthroughoutDOE
Appendix B List of Acronyms
ARB ArchitectureReviewBoardBRM BusinessReferenceModelCAM CorporateAssetManagementCampA CertificationandAccreditationCFO ChiefFinancialOfficerCIO ChiefInformationOfficerCHRIS CorporateHumanResource
InformationSystemCNCI ComprehensiveNational
CybersecurityInitiativeCNSS CommitteeforNationalSecuritySystemsCOTS CommercialOfftheShelfCPIC CapitalPlanningandInvestmentControlCRB CorporateReviewBudgetDIB DefenseIndustrialBaseDoe Department of energyEA EnterpriseArchitectureEATP EnterpriseArchitectureTransitionPlanEAWG EnterpriseArchitectureWorkingGroupEITS EnergyITServicesESNet EnergyScienceNetworkEVM EarnedValueManagementEWA EnterpriseWideAgreementEWSS Energy-WideStrategicSourcingFDCCI FederalDataCenterConsolidationInitiativeFEA FederalEnterpriseArchitectureFEDRAMP FederalRiskandAuthorization
ManagementProgramFFP FirmFixedPriceFGDC FederalGeographicDataCommitteeFISMA FederalInformationSecurity
ManagementActGLoB GeospatialLineofBusinessGPEA GovernmentPaperworkEliminationActGSA GeneralServicesAdministrationGSP GeospatialScienceProgramHSPD HomelandSecurityPresidentialDirectiveIDEA InnovativeDepartmentofEnergy
E-GovernmentApplicationsICAM IdentityCredentialampAccessManagementICPT IntegratedContractorPurchasingTeamIM InformationManagementI-MANAGE IntegratedManagementNavigationSystemIOAampT InfrastructureOfficeAutomation
andTelecommunicationsIPT IntegratedProjectTeamIPv6 InternetProtocolVersion6IRM InformationResourcesManagementIT InformationTechnologyLOB LineofBusinessMampO ManagementandOperatingNICE NationalInitiativefor
CybersecurityEducationNIST NationalInstituteofStandards
andTechnologyNNSA NationalNuclearSecurityAdministrationOCIO OfficeoftheChiefInformationOfficerOMB OfficeofManagementandBudgetOampM OperationsandMaintenancePKI PublicKeyInfrastructurePOAampM PlanofActionandMilestonesRMA RecordsManagementApplicationSPI SpectrumPolicyInitiativeSSP SharedServiceProviderSTAR ScienceampTechnologyin
AmericarsquosReinvestment
