Embed Size (px)
Citation preview
Making Information Technology (IT) Boring Again – Priorities, Progress, and Pandemics # 114, August 11, 2021
1
Defense Health Agency
Speakers: Pat Flanders, SES, Defense Health Agency (DHA) Chief Information Officer (CIO)/Deputy Assistant Director, Information Operations (DAD IO)/J-6Tom Hines, CISSP, HQE, Director, Engineering & Technology Transformation, Senior Advisor
DISCLAIMER: The views and opinions expressed in this presentation are solely those of the author/presenter and do not necessarily represent any policy or position of HIMSS.
2#HIMSS21
Welcome
Director Engineering & Technology
Transformation
Tom Hines, HQE
DHA CIO/DAD IO/J-6
Pat Flanders, SES
#HIMSS21
Conflict of Interest
Pat Flanders, SES
Has no real or apparent conflicts of interest to report.
Tom Hines, HQE
Has no real or apparent conflicts of interest to report.
3
#HIMSS21
Agenda
• Learning objectives
• Our organization
• Starting point
• Priorities and major initiatives
• Response to COVID
• Summary
4
#HIMSS21
Learning Objectives
• Discuss IT integration and standardization requirements related to the
consolidation mandates of Section 702 of National Defense Authorization
Act (NDAA) 2017 which required the military treatment facilities (MTF) to
be transitioned to the authority, direction and control of the DHA
• Review challenges and successes of maintaining and improving network
capabilities and cybersecurity in response to the COVID-19 pandemic
• Outline top IT priorities for the DHA’s CIO
5
#HIMSS21
What Does Information Technology (IT) Involve?
6
First Responder MEDEVAC In-theater Hospital En route Care Stateside
Medic/Corpsman • Medical Capabilities Afloat
• Aid Stations
• Forward Surgical Teams
• Combat Support Hospitals
• Hospital Ships
• Expeditionary Medical Facilities
• Patient Staging Facilities
• Critical Care Air Transport
Teams
“Care in the Air”
• Department of Defense (DoD)
MTFs
• Private Sector
• Department of Veterans Affairs
(VA)
Continuum of Care
Military Health System (MHS) IT at a Glance
240,000 Windows Endpoints
3.1 Petabytes of Global Operational Data
$13M Medical Supply and Rx Items Processed Daily
60+ Enterprise Systems
400+ Support Agreements
38 Service Offerings in Catalog of Services
785 Accreditations enrolled in Risk Management
Framework (RMF)
IT liaison with Federal Partners (e.g., VA, Coast
Guard, Health & Human Services [HHS])
#HIMSS21
Our Medical Network: Med-COI
7
Department Of Defense Information Network (DODIN) Area Of Operations
Non-Classified Intranet (NIPR)
Air Force
Network
Med-COI
DHA Network
Navy
Network
Army
Network
= Gateway: A gateway allows access in or out of the network
DISA
4ENO
#HIMSS21
Starting Point - Hyper Variance….
8
#HIMSS21
Major Business & Technical Initiatives
9
Actionable Data
IT Best Practices
Cyber Security
Enterprise
Solutions
IT Innovations
• Ektropy II
• Monthly Review & Analysis (R&A) IT measures
• Standard Cyber Assessment Processes and Monitoring Tools
• Desktop to Datacenter (D2D)
• Formal “single PM” management of Platform IT (PIT) Systems
• Rationalization Efforts
• Enterprise IT Services (EITS)
• Sunset of legacy systems
• Use of DMLSS for property accountability
• Lifecycle management
• Contract Parade
• Financial Auditability (e.g., system management)
• Cloud Computing• Office 365 (O365)• DMLSS ->Logicole
#HIMSS21
Enterprise Solutions: Rationalization –Enterprise IT Services (EITS)
10
#HIMSS21
“Making IT Boring Again”
Mr. Tom HinesDirector, Engineering and Technology Transformation
Defense Health Agency (DHA) Authorizing Official
11
#HIMSS21
Discussion Topics
• What does it mean to be Boring
• Engineering and Architecture Review Board (ERB/ARB) Process
• Comply to Connect (C2C) ~ DHA MDE Security Automation Solution
• DHA DevSecOps Community Cloud (DSOCC)
• Cybersecurity Continuous Monitoring
• Information Technology (IT) Business Analytics
• What’s next/new (keeping it Boring) in 2022
12
13
What do we mean when we say “boring?”
#HIMSS21
MHS Infrastructure – Our Goal
14
15
Engineering Review Board
(ERB) / Architecture
Review Board (ARB)
Managing Change
Engineering Review Board (ERB) / Architecture Review Board (ARB)
#HIMSS21
Purpose
• Review and approve all Med-COI network infrastructure design & architectural changes & associated
infrastructure procurements
• Changes are triggered by engineering requests (ERs) associated with new requirements submitted by
the user community or internal DHA engineering groups
Structure
• Engineering Review Board (ERB)
• Performs initial review of all ERs and acts on those that are valid and actionable
• Forwards proposed ER designs requiring changes to the approved architectures and/or allocation of funds for review and approval
• Architecture Review Board (ARB)
• Reviews and acts (approve/disapprove) on ERs involving architectural changes or new spending
ERB-ARB Purpose/Mission & Structure
16
ERB-ARB Process Flow Diagram – need something at a higher levelERB-ARB Process
17
ERB-ARB Pipeline
18
19
Engineering Review Board
(ERB) / Architecture
Review Board (ARB)
Comply-to-Connect (C2C)
DHA Medical EnclaveSecurity Automation
Solution
#HIMSS21
DHA Medical Enclave Security Automation Solution; Major Component Integration
Palo Alto Networks Proprietary and Confidential 21
The ARMIS Collector (1
per site) observes data as it passes through the network at key traffic points. It also leverages SNMP and SSH communications with access-layer devices such as wireless LAN controllers and network switches. Metadata from these flows is shared with the Analytics Engine for deeper analysis
The ARMIS Analytics
Engine and Knowledge
Database (AEKDB) uses
data from the Collectors
to perform device identification, profiling, baselining, persistent behavioral anomaly, and threat detection. The AEKDB may be cloud-based or implemented as
a stand alone server. The AEKDB uses proprietary algorithms and machine learning to refine its ability to ID devices and assess their behavior. The DHA will leverage Amazon Gov Cloud for its enterprise instance of AEKDB.
Cisco Identity Service
Engine (ISE) is the
DHA’s selected Network Access Control (NAC) and AAA solution, and provides the baseline network visibility and policy-driven access management for devices and users throughout the enterprise. ISE provides the dynamic controls necessary to ensure only
the right people and trusted devices get the appropriate level of access regardless of where or how they attempt to connect
PxGrid is an optional
capability that's built into Cisco ISE. PxGridoperates as an information exchange hub where multiple security platforms can read and submit contextual data. This facilitates the sharing of security intelligence among
security technologies/vendors which enables an ecosystem of dissimilar IETF standards-compliant technologies to work
in-tandem leveraging a single open API.
The PaloAlto Next
Generation Firewall
(NGFW) supports Dynamic
Access Groups (DAGs). DAGs
allow on-the-fly creation of
policies for specific endpoints.
A DAG uses "tags" to
determine its members. Tags
are defined through ISE policy
SGT assignment that is
Published to PxGrid. Panorama
subscribes to this information
and dynamically updates the
device IP and associated tags,
and updates membership
information for the DAG(s),
resulting in implementation of
appropriate policy
20
#HIMSS21
DHA Medical Enclave Security Automation Solution; Component Integration (continued)
Palo Alto Networks Proprietary and Confidential 22
• Host-Based Security System (HBSS) ePolicy Orchestrator (DoD Proprietary implementation of McAfee
End Point Tools).
• Assured Compliance Assessment Solution (ACAS), DoD Proprietary Implementation of Tenable Nessus.
• Tanium Console and Agents (Detection and Remediation)
• CSSP Agent Software (Splunk & Others)
• DHA PKI/CA Infrastructure (Device Registration and Authentication)
• Active Directory (LDAP and Person Identification/Authorization)
21
DHA Medical Enclave Security Automation Solution‘Operation by the Numbers’
22
Endpoints / Users Access Devices
WLC
LAN Switch
VPN
MedCOI / NIPR / Internet
Traffic TAP
Identity Services
SAML IdP
AD /LDAP
PKIEAP / RADIUS / 802.1x / MAB / CoA User and Device PKI Authentication
PxGrid
Cisco ISE
Cloud-hostedArmis Analytics
Engine
Analytics Feed
Off
-Net
wo
rk D
evic
es(B
luet
oo
th /
Zee
Bee
/ Z
wav
e/
Ro
uge
Wir
eles
s)
CSSP / SEIMSituational Awareness Dashboard
TC-NAC
WMI
Enterprise Services
1
2
4c
3
4
4a
4b
5
6
ACASSCCM
DHA Medical Enclave Security Automation Solution ‘Operation by the Numbers’
23
• Device connects to the network.• Switchports/WLC/VPN configured to process 802.1x.
• MAB devices use Local Identity Store.• Devices using supplicants/agent software use External Identity Stores (Enterprise Identity Services).• Performs additional AD/PKI authentication for both device and/or user credentials
• Network equipment will first try to authenticate using 802.1x. If 802.1x is not detected, MAC Address (MAB) is used.
• ISE performs posturing and compliance checks after device is authenticated.
• ISE queries pxGrid for updated profiling and compliance information from McAfee, Tanium, and Armis.
• ISE queries SCCM for device SCCM management status and compliance. Retrieves status and # days since last check.
• ISE, through TC-NAC Service, queries ACAS for vulnerability information and time since last scan. If scan is not compliant or out-of-date, can initiate either an un-credentialed, or using a local agent a credentialed scan from ACAS.
• If compliant (enforced by policy in ISE), ISE sends ‘Access-Accept’ with assigned VLAN to access device.• If not compliant, ISE sends message to access device and places endpoint in remediation VLAN/shuts down port.• If device is not authorized, ISE sends a RADIUS ‘Access-Reject’ message and port, placing device in the “Restricted”
VLAN or applies a restricted ACL on the access device interface/WLC.
• ISE updates endpoint information in pxGrid for Palo Alto DAG. Panorama pushes updates to firewalls to allow/restrict endpoint access.
4c
1
2
3
4
4a
4b
5
6
Security Automation Solution‘Threat Detection and Remediation’
Traffic TAP
Identity Services
SAML IdP
AD /LDAP
PKI
PxGrid
Cisco ISE
Cloud-hostedArmis Analytics
Engine
Analytics Feed
Endpoints / Users Access Devices
WLC
LAN Switch
VPN
Off
-Net
wo
rk D
evic
es(B
luet
oo
th /
Zee
Bee
/ Z
wav
e/
Ro
uge
Wir
eles
s)
SEIMSituational Awareness Dashboard
Enterprise Services
6
1
4
WAN
2
3
5
Threat Detected
Update Endpoint Attributes
ReAuth results trigger Quarantine
Update device profile
Panorama retrieves SGT information
Add endpoint to DAG
Publish SGT to PxGrid
7
ISE issues instruction to re-authenticate
Place port in Quarantine VLAN
X
5
FORCE REAUTH
1
AnyConnect posture assessment initiated
2
Agent queries ISE for updates.Agent triggers AV scan based on new data.Results are reported to ISE.
REASSESS
5
ISE updates Endpoint status in PxGrid
4
ISE issues instruction to re-authenticate
Remediated
6Panorama retrieves updated SGT
Add endpoint to DAG
7
3
ISE initiates ACAS scan.Results are reported to ISE.
ACAS SCCM
25
Engineering Review Board
(ERB) / Architecture
Review Board (ARB)
DHA DevSecOps Community Cloud (DSOCC)
Evolving Integration &
Orchestration Pipeline
Medical Community of Interest (Med-COI)Multi-Vendor Cloud Environments
NIPRNetDoD Enterprise
Services
VA OneNetPISP/Internet
VA TIC
GWDISA
IAP
DISA
NFG
Med-COI
EnterpriseGateway
.com
DHA
Approved Repositories
DoD-Managed
Repositories(e.g. Platform
One)
DHA CAP
Military Treatment Facilities, Clinics and Other Lines of Business
LocalAccess
Gateway
On-PremiseHosting
(MAAG/LCI)
IL5
Identity & Access
ManagementTechnology
Stacks
Governance
Stacks
Commercial
Repositories
Continuous Integration and
Continuous Deployment (CI/CD)
Community and
POR Specific Container Infrastructure
Culture
Process
Technology AdoptionPolicy
Acquisition
Cyber Security TTPs
Tailored Threat Indicators
Orchestration Inheritance and Certification Process
Continuous Monitoring
DevSecOps Operational View (OV-1)
“DevSecOps is an organizational software engineering culture and practice that aims at
unifying software development (Dev), security (Sec) and operations (Ops). The main characteristic of DevSecOps is to improve customer outcomes and mission value by automating, monitoring, and applying security at all phases of the software lifecycle:
plan, develop, build, test, release, deliver, deploy, operate, and monitor.” – DoD Enterprise DevSecOps Reference Design
DHA Instance
SDN
Modified Contracting Language
Measures of Efficiency
Funding
Development of an affordable, innovative, robust and
secure Health Information Technology environment
Dev Test ProdCode
Content
Lexicon
Med-COI Boundary
Stakeholders
DHA DevSecOps Community Cloud
Kubernetes
26
DSOCC RoadmapSource Control Test Deploy Monitor / LogProject Mgmt BuildConfigure
AWS Cloud Trail
AWS Cloud Watch
= in Development
Backlog
Cu
rren
t (F
Y2
1 Q
4
Free
Clim
b
(FY
22
Q1
)To
p R
op
e (F
Y2
2 Q
2)
= Host and/or Platform
= under Cyber Review
= under Evaluation
44
DSOCC Software Factory – Process Flow:Dev Test Environment
28
Scan evidence from other environmentsFailed scans from other environments Build Promoted
DSOCC Software Factory – Process Flow:Pre-Prod
29
Send scans to documentation
Failed scans restart process
Builds promoted from Dev Test
Builds promotable to Prod
DSOCC Software Factory – Process:Production
30
Continuous monitoring
scans back to
documentation
Failed builds reset process Promotable builds presented for risk decision
Cloud Broker Service (CBS) 7/29/2021 Snapshot
2%
51%27%
20%
Cust. Engage Requirements & CostingPre Production Production
CURRENT PHASE of HOSTING PROJECTS (116) ----- GREEN TEXT = DSOCC/CONTAINERS ELEMENT (17)
13
4 37 7
11
5 3 4 5 3 2
05
1015
Past 12 Months - Began Hosting Process
Cust.Engage
(3)
Requirements & Costing (59) Pre Production (31) Production (23)
BQAMSATP21
ADCAPDCOMPASSDNA FusionECSFinal DecHAIMSHealthNetJPC-SMDR/M2MRRNHRC-CBSPBIRFTRuckusSplunkTRIP DentalBioBankJPC-MVPOMDS
AEMBuilderDLDHDOFEMSFACTSFred ClinHAIMS EGRESSIWRP-ECSLEAFMIP VPCMilGearsNMOTCPOAS-PRMSTSDETCCTRIP SearchEMRJPC-SeNMS
AHLTA – EHRCMSDMLSSEBMS D&TFRCSGCCTHPCDInquiry TrackMADMRDCNCR COVAXPBHPharmASSISTRemedy 2 SNSentryTMAAVPUMPHMSMSNS
MC2(13)
DRSIDoDSEREHAFMISFOIAXpressHealth.milIMSMMOMPHTRRWSTricare.milUSAMRAAVHVS
On-Prem(6)
DODTRFNMIRSAMEDXSMIMNEO
AWS(11)
BERNHAIMS IL2HAIMS IL4KXCPAIDExDARE-CDMDCHEISTJLV/DESLogicolePDX
Azure(1)
Ent SharePoint
MC2(9)
ARTBAERSDODCRE2ESIPHONVNCVSIMSWebMREWHMUST
On-Prem(8)
Avaya IXCCE-ALinkNxtGenQflow-PQNSSCCMSMARTV3 MTFWHASC
AWS(6)
DESJLVMIPPexip/V3Ektropy IIV3-2
Azure(0)
Phase Breakdown
Cloud Pipeline Dashboard
#HIMSS21
DHA DevSecOps Community Cloud (DSOCC)Assessment & Authorization Process ~ Inheritance Structure
A&A: Accreditation and Authorization
AVHE: Application Virtualization Hosting Environment
AWS: Amazon Web Services
CSMS: Compute and Storage Management Services
CBS: Cloud Broker Service
DISA: Defense Information Systems Agency
DoD: Department of Defense
DSOCC: DevSecOps Community Cloud
eMASS: Enterprise Mission Assurance Support Service
IaaS: Infrastructure as a Service
LCCE: Life Cycle Cost Estimate
Med-COI: Medical Community of Interest
mJAD: Medical Joint Active Directory
MOA: Memorandum of Agreement
NSOC: National Security Operations Center
PA: Provisional Authorization
PaaS: Platform as a Service
RACI: Responsible, Accountable, Consulted, Informed
RHEL: Red Hat Enterprise Linux
SOP: Standard Operating Procedures
SOR: System of Record
SQL: Structured Query Language
DBaaS: Database as a Service32
• DSOCC (and other underlying ATOs) provide for 80% of the controls as Inheritable or Hybrid
• Customer must cover 20% of controls in their Application or System Risk Management Framework
(RMF) ATO
33
Engineering Review Board
(ERB) / Architecture
Review Board (ARB)
Marketplace Cyber Support
#HIMSS21
DHA MedCOI CM Executive Overview
Overall Vulnerability Compliance and Tool Deployment Posture
Vulnerability
Management
Endpoint
Security (HBSS)
Systems
Management
CSSP Tool
Compliance %
Assessment
Procedures %ATO Status
OverallRating
Overall Rating Trend
ACAS CMRS TANIUM SDB eMASS eMASS
80%
2%
Minor
Concern
Minor
ConcernMinor
Concern
Moderate
Concern
Minor
Concern
6 sites
expired; 41
expiring in
next 90 days
34
Overall Rating
Outstanding ≥ 90%
Excellent ≥ 80% and < 90%
Acceptable ≥ 70% and < 80%
Unacceptable < 70%
• Tracking 132 Total Sites (+1)
• 109 Sites above 70% Overall Rating
• 2 Sites in Outstanding Range
• 81 Sites in Excellent Range
• 26 Sites in Acceptable Range
• 23 Sites in Unacceptable Range
• ACAS Scan of over 223,000 IP Addresses
• Average Credentialed Scan 92.5%
Data Pulled: 13 JUL 2021
#HIMSS21 35
Overall CM TREND: Aug 20 – Jul 21
23
37
31
47
53
48
81 80
84 84
94
109
56
65 6568
72
80
89
97
108
120
131 132
70%
72%
72%
76%
77% 77%
79%
80%
78%
76%
78%
80%
64%
66%
68%
70%
72%
74%
76%
78%
80%
82%
0
20
40
60
80
100
120
140
Aug-20 Sep-20 Oct-20 Nov-20 Dec-20 Jan-21 Feb-21 Mar-21 Apr-21 May-21 Jun-21 Jul-21
Sites in Acceptable Range CM Tracked Sites Average Risk Score
#HIMSS21
Weights & Overall Rating Formula
36
Vital Sign Weight (1-5) % of Overall
Rating
Vulnerability
Management
(VM)
5 19%
Endpoint
Security (ES)3 11.5%
Systems
Management
(SA)
4 15%
Assessment
Procedures
(AP)
1 3%
CSSP Tool
Compliance
(CND)
3 11.5%
ATO Status N/A 40%
Critical
Concern5
Moderate
Concern3
Minor
Concern1
No Concern 0
• Each Vital Sign is weighted from 1-5, higher = greater weight
• Each Concern Indicator has a value associated
from 0-5
• Overall Rating Formula
(VM_CI * Weight + ES_CI * Weight + SA_CI *
Weight + AP_CI * Weight+ CND_CI * Weight) *
60% + ATO_Status = Overall Rating
#HIMSS21
Formulas
37
• Vulnerability Management:• Source: ACAS
• Divide number of vulnerabilities and divide by number of hosts scanned (credentialed)
• Vulnerability Management (10/4/1)
• Critical / Highs – 10 / Moderate – 4 / Low - 1
• Weighted Average = ( f1w1 + f2w2 + f3w3 ) / ( w1 + w2 + w3 )
fn = finding / host wn = weight (10/4/1)
• Endpoint Security:• Source: CMRS (HBSS Implementation)
• Divide Fully Compliant / Total Devices
• Systems Management:• Source: Tanium Report
• Divide Active Tanium Client and Workstations / Total Active Workstations and Servers
• Assessment Procedures Compliance:• Source: eMASS
• Divide number of Compliant Assessment Procedures / (Total Number of Assessment
Procedures – Not Applicable)
• CSSP Tool Compliance:• Source: SDB (Phoenix)
• Divide sum of (ACAS, HBSS, Splunk, Encase, Sysmon, WinEventCodes, CMUP) / 7
#HIMSS21
Example Region
38
Overall
Rating
Outstanding
Excellent
Acceptable
Unacceptable
Sites Cyber Market ATD
Fully
Monitored
(Y/N)
DaaS
Complete
(Y/N)
ACAS IP
Count
Vulnerability
Scan Score
Credentialed
Scan Coverage
Endpoint
Security (HBSS)
Systems
Management
(Tanium)
Assessment
Procedures %
(Security Controls)
CSSP Tool
Compliance %
Overall
Rating
Naval Hospital Bremerton_MEDCOI Northwest 6-Oct-22 Yes Yes 1791 1.39 93.0% 100.0% 100.0% 96.0% 85.6% 87.8%
341st MDG Malmstrom AFB_MEDCOI Northwest 13-Jan-22 Yes Yes 342 1.33 96.0% 100.0% 100.0% 93.0% 92.6% 87.8%
92nd MDG Fairchild AFB_MEDCOI Northwest 29-Aug-22 Yes Yes 565 0.8 98.0% 100.0% 100.0% 97.0% 86.0% 87.8%
366th MDG Mt Home AFB_MEDCOI Northwest 30-Sep-21 Yes Yes 645 0.86 90.0% 100.0% 100.0% 78.0% 86.3% 86.2%
5th MDG Minot AFB_MEDCOI Northwest 28-Sep-21 Yes Yes 391 1.84 91.0% 100.0% 100.0% 76.0% 88.5% 86.2%
75th MDG Hill AFB_MEDCOI Northwest 29-Nov-21 Yes Yes 763 1.04 91.0% 100.0% 99.0% 80.0% 91.1% 84.6%
55th MDG Offutt AFB_MEDCOI Northwest 22-Oct-21 Yes Yes 1112 0.64 92.0% 100.0% 97.0% 90.0% 89.1% 84.6%
Munson AHC - Ft. Leavenworth_MEDCOI Northwest 4-Aug-22 Yes Yes 1197 0.19 97.0% 100.0% 99.0% 96.0% 89.5% 84.6%
354th MDG Eielson AFB_MEDCOI Northwest 3-Sep-21 Yes Yes 371 0.67 92.0% 100.0% 97.0% 75.0% 91.3% 82.9%
Bassett ACH - Ft Wainwright_MEDCOI Northwest 23-Sep-22 Yes Yes 1184 0.56 93.0% 100.0% 97.0% 64.0% 84.5% 82.9%
22nd MDG McConnell AFB_MEDCOI Northwest 14-Oct-21 Yes Yes 514 0.55 90.6% 99.0% 97.0% 96.0% 87.1% 82.1%
Madigan Army Medical Center JBLM MEDCOI Northwest 26-Nov-21 Yes Yes 10595 1.29 92.0% 99.0% 99.0% 93.0% 79.0% 82.1%
319th MDG Grand Forks AFB_MEDCOI Northwest 10-Nov-21 Yes Yes 234 2.12 93.0% 99.0% 98.0% 82.0% 89.6% 82.1%
Naval Hospital Oak Harbor_MEDCOI Northwest 25-Nov-21 Yes Yes 973 1 94.0% 99.0% 98.0% 97.0% 83.5% 82.1%
21st MDG Peterson AFB_MEDCOI Northwest 29-Nov-21 Yes Yes 701 0.19 94.0% 99.0% 99.0% 92.0% 88.0% 82.1%
90th MDG FE Warren AFB_MEDCOI Northwest 14-Oct-21 Yes Yes 398 0.82 94.4% 98.0% 99.0% 77.0% 86.0% 80.5%
460th MDG Buckley AFB_MEDCOI Northwest 14-Oct-21 Yes Yes 172 0.49 92.0% 99.0% 100.0% 60.0% 16.0% 78.9%
28th MDG Ellsworth AFB_MEDCOI Northwest 29-Nov-21 Yes Yes 381 1.16 94.0% 100.0% 93.0% 97.0% 93.5% 78.1%
673rd MDG JB Elmendorf-Richardson_MEDCOI Northwest 10-Sep-21 Yes Yes 2659 2.57 92.1% 100.0% 98.0% 66.0% 86.0% 74.8%
10th MDG USAFA_MEDCOI Northwest 21-Oct-21 Yes Yes 1369 1.4 92.5% 100.0% 99.0% 94.0% 82.8% 71.0%
Evans ACH - Ft Carson_MEDCOI Northwest 13-Feb-22 Yes Yes 5493 1.6 85.2% 99.0% 99.0% 80.0% 82.0% 65.9%
Irwin ACH - Ft Riley_MEDCOI Northwest 24-Nov-21 Yes Yes 3616 1.31 78.0% 100.0% 99.0% 93.0% 64.8% 63.4%
#HIMSS21 39
56
3 2 210
40 42
5
168
20
42 43 44
33
9
53
108 108 10999
68 62
104
94103
90
58 56 52
38
20
2 0 1 0 2 37
2 1 0 1
2 24
2
1
0
20
40
60
80
100
120
MTF Condition Tracking Chart
40
Engineering Review Board
(ERB) / Architecture
Review Board (ARB)
IT Business Analytics
Performance Metrics
41
DHA IT Business Analytics
OverviewDHA IT Business Analytics:
• Leverages analytics-based technology solutions to "make IT boring again" by providing visibility to
enterprise resources and creating measures of performance for overarching
infrastructure efficiencies.
Critical Functions:
Realize infrastructure efficiencies during and post-D2D implementation: identify
process, component redundancies and drive technology standardization
Implement process and tools that will help enterprise recoup cost while driving customer
satisfaction
Provide a centralized analytics and monitoring capability to J6 leadership, Military
Treatment Facility (MTF) CIOs, MTIO, and Infrastructure and Cyber Engineers.
41
42
Data Sources ~ IT Analytics Architecture
Authoritative Inputs
Systems Center Config Manager (SCCM)
OMi
AMED
Phoenix(Charleston)
AD / IDMI Data
Remedy Data
SCCM Data
CNDSP Data
Tanium Data
MHS Site List / OLB
Staging Database
SQL
ExcellenceDashboard
https://dashboard-gsc.health.mil
MEDPAC
MEDEUR
NMED
HATMA
AREA52
E2E
OTHERTARGETS
Active Directory Domains
DISA IDMI(AD LDS)
AMED SCCM NMED SCCM mJAD SCCM
SQL
Tanium
mJAD Tanium
SQL
mJAD Tanium
SQL
SEMOSS
https://semoss.mhsi.health.mil:8443/SemossWeb/app/#!/playbook
Script Server
InterfaceProcess(TBD)
SQL
https://e2esearch.dha.health.mil/
I&O Splunk
Admin Published DesktopDHA Jumpbox
nnn.nnn.nnn.nnn nnn.nnn.nnn.nnn nnn.nnn.nnn.nnn
nnn.nnn.nnn.nnn nnn.nnn.nnn.nnn
nnn.nnn.nnn.nnn nnn.nnn.nnn.nnn
nnn.nnn.nnn.nnn nnn.nnn.nnn.nnn
nnn.nnn.nnn.nnn nnn.nnn.nnn.nnn
nnn.nnn.nnn.nnn
nnn.nnn.nnn.nnn
nnn.nnn.nnn.nnn
SQL Clusternnn.nnn.nnn.nnnnnn.nnn.nnn.nnn
nnn.nnn.nnn.nnnnnn.nnn.nnn.nnnnnn.nnn.nnn.nnn
nnn.nnn.nnn.nnn
nnn.nnn.nnn.nnnnnn.nnn.nnn.nnn
nnn.nnn.nnn.nnnnnn.nnn.nnn.nnn
nnn.nnn.nnn.nnn nnn.nnn.nnn.nnn
nnn.nnn.nnn.nnn
Sharepoint Lists
RemedySQL Cluster
MAAGSQL Cluster
vCenter Datannn.nnn.nnn.nnnnnn.nnn.nnn.nnn
Data Normalization and CorrelationmJAD
nnn.nnn.nnn.nnn
Instances, Databases, Tables, Views and Stored Procedures
Initiation
42
J6 Enterprise Analytics Portal One-stop portal for J-6 Enterprise Analytics
43
https://learn.insights.health.mil/resources
CIO Checklist Automating Discovery of Military Treatment Facility (MTF) Health; Pre-Populating Metrics Directly from Enterprise Systems for CIO Certifications
CIO Checklist – Cont'dhttps://learn.insights.health.mil/resources/#!/cio-report
46
Desktop Compliance DashboardStandard Desktop Configuration Tracking
https://learn.insights.health.mil/resources/#!/workstation/desktop
32
Software Rationalization DashboardTracks Removal of Software Past Vendor End of Life/Support
47 33
https://learn.insights.health.mil/resources/#!/workstation/rationalization
#HIMSS21
Keeping it Boring in 2022, what’s next?
• Continuing work on continuous monitoring and beginning the migration to 'continuous authorization'
• Pushing hard on standardization of software and tools, driving down the amount of variation in the field
• Decommissioning legacy systems services and the associated hardware and software platforms
• Look hard at optimization of storage platforms and an overall reduction in the footprint ($)
• Add metrics and additional measurements of performance to drive toward desired outcomes and
"shine the light on the ugly"
• Introduce increasing automation into maintenance and configuration tasks to reduce operating costs
48
#HIMSS21
Questions?
49
#HIMSS21
Thank you!
• For additional information please visit our website at https://health.mil/About-MHS/OASDHA/Defense-Health-Agency/Information-
Operations-J6
• For more info on any topics discussed today, contact Rob Wilson at
50
#HIMSS21
Back Up
51
#HIMSS21
Acronyms
52
DoD: Department of Defense
DODIN: Department of Defense Information Network
DSOCC: DevSecOps Community Cloud
EITS: Enterprise IT Services
eMASS: Enterprise Mission Assurance Support Service
EOL: End of Life
ERB: Engineering Review Board
ES: Endpoint Security
HBSS: Host Based Security System
HHS: Health & Human Services
IaaS: Infrastructure as a Service
IAVM: Information Assurance Vulnerability Management
IP: Internet Protocol
IT: Information Technology
LCCE: Life Cycle Cost Estimate
Med-COI: Medical Community of Interest
MEDEVAC: Medical Evacuation
MHS: Military Health System
MITRE SAF: MITRE Security Automation Framework
mJAD: Medical Joint Active Directory
MOA PA: Memorandum of Agreement
MTF: Military Treatment Facility
A&A: Accreditation and Authorization
ACAS: Assured Compliance Assessment Solution
AP: Assessment Procedures
ARB: Architecture Review Board
ATO: Authority to Operate
AVHE: Application Virtualization Hosting Environment
AWS: Amazon Web Services
C2C: Comply to Connect
CBS: Cloud Broker Service
CCI: Controlled Cryptographic Item
CIO: Chief Information Officer
CM: Change Management
CMRS: Continuous Monitoring and Risk Scoring
CMS: Cisco Meeting Server
CMUP: Conventional Mission Upgrade Program
CSMS: Compute and Storage Management Services
CSSP: Cyber Security Service Provider
D2D: Desktop to Datacenter
DADIO: Deputy Assistant Director Information Operations
DBaaS: Database as a Service
DISA: Defense Information Systems Agency
DMLSS: Defense Medical Logistics Standard Support
NIPR: Non-classified Internet Protocol Router
NSOC: National Security Operations Center
ORA: Operational Risk Assessment
PaaS: Platform as a Service
PHI: Personal Health Information
PIT: Platform Information Technology
POA&M: Plan of Actions and Milestones
PPSM: Ports, Protocols and Services Management
R&A: Review and Analysis
RACI: Responsible, Accountable, Consulted, Informed
RHEL: Red Hat Enterprise Linux
RMF: Risk Management Framework
SA: Systems Management
SAC IT: Service Acceptance Criteria for Information Technology
SOP: Standard Operating Procedures
SOR: System of Record
SPO: SharePoint Online
SQL: Structured Query Language
VA: Department of Veterans Affairs
VM: Vulnerability Management
53
Tanium Dashboard Tracks Deployment of Tanium Client
https://learn.insights.health.mil/resources/#!/workstation/tanium
52
#HIMSS2154
Responsive to Emergent Needs: COVID
Supported Maximum Telework
1
MHS Virtual Connect
3
Cisco Meeting Server (CMS)
2
Vaccination Tracking and Reporting457
#HIMSS21
Defense Enterprise Office Solution(DEOS)/ DoD Office 365-J Transition
• Provides a robust, secure, cloud-based production environment
• Provides access to MS Teams, email client, SharePoint Online
• DHA will be part of the fourth Estate tenant
• DHA environment will include additional compliance capabilities to protect
PHI
• Phased implementation approach
• Phase 1: Provides Teams capability only (Done)
• Phase 2: Email migration
• Phase 3: OneDrive and movement of user files and shares to the cloud
• Phase 4: SharePoint Online (SPO) and the migration of independent instance of SPO
running at facilities
55
#HIMSS21
Available Cloud Native Services - AWS
56
Service Status Package
Amazon Simple Storage Service (S3) RA Memo Signed and Published IaaS
Amazon Elastic File System (EFS) RA Memo Signed and Published PaaS
AWS CloudFormation RA Memo Signed and Published IaaS
Amazon Elastic MapReduce (EMR) RA Memo Signed and Published PaaS
AWS Database Migration Service (DMS) RA Memo Signed and Published PaaS
AWS Snowball Edge RA Memo Signed and Published IaaS
Amazon DynamoDB RA Memo Signed and Published PaaS
Amazon Redshift RA Memo Signed and Published PaaS
Amazon Aurora (PostgreSQL) RA Memo Signed and Published PaaS
Amazon Aurora (MySQL) RA Memo Signed and Published PaaS
Amazon Relational Database Service (RDS) for SQL
Server RA Memo Signed and Published PaaS
Amazon Relational Database Service (RDS) for
PostgreSQL RA Memo Signed and Published PaaS
Amazon Relational Database Service (RDS) for Oracle RA Memo Signed and Published PaaS
Amazon Relational Database Service (RDS) for MySQL RA Memo Signed and Published PaaS
Amazon Relational Database Service (RDS) for
MariaDB RA Memo Signed and Published PaaS
Amazon Athena RA Memo Signed and Published PaaS
AWS Lambda RA Memo Signed and Published PaaS
Amazon S3 Glacier RA Memo Signed and Published IaaS
AWS CloudTrail RA Memo Signed and Published IaaS
Amazon Simple Notification Service (SNS) RA Memo Signed and Published IaaS
AWS Systems Manager RA Memo Signed and Published IaaS
Amazon Simple Queue Service (SQS) RA Memo Signed and Published IaaS
#HIMSS21
Available Cloud Native Services – AWS Cont.
57
Service Status Package
Amazon CloudWatch RA Memo routed for signatures IaaS
Amazon Elastic Compute Cloud (EC2) RA Memo routed for signatures IaaS
Amazon EC2 Auto Scaling NA. included in CloudWatch IaaS
Amazon CloudWatch Logs NA. included in CloudWatch IaaS
Amazon CloudWatch Events NA. included in CloudWatch IaaS
Elastic Load Balancing (ELB) RA Memo routed for signatures PaaS
Amazon ElastiCache for Redis RA Memo routed for signatures PaaS
Amazon Kinesis Data Streams RA Memo routed for signatures PaaS
AWS Glue RA Memo routed for signatures PaaS
Amazon Elastic Container Registry (ECR) RA Memo routed for signatures IaaS
AWS CodeBuild RA Memo routed for signatures PaaS
AWS CodeCommit RA Memo routed for signatures PaaS
AWS CodeDeploy RA Memo routed for signatures PaaS
AWS Identity and Access Management
(IAM) RA Memo routed for signatures IaaS
Amazon Virtual Private Cloud (VPC) RA Memo routed for signatures IaaS
Amazon Elastic Block Store (EBS) RA Memo routed for signatures IaaS
AWS Certificate Manager (ACM) RA Memo routed for signatures PaaS
AWS Organizations RA Memo routed for signatures PaaS
AWS Trusted Advisor RA Memo routed for signatures PaaS
AWS Config RA Memo routed for signatures IaaS
Amazon Elastic Container Service (ECS) OBE IaaS
AWS Route53 IaaS
AWS Elasticsearch
#HIMSS21
Available Cloud Native Services - Azure
58
Service Package Availability
Virtual Machines SOP Signed PaaS
Virtual Network SOP Signed IaaS
Azure Image Ingestion SOP Signed IaaS
Azure Storage SOP Signed IaaS
Azure Key Vault SA review IaaS
Azure IAM Draft in progress IaaS
Azure DB Cyber Review PaaS
Azure Database for MySQL PaaS
Azure Database for PostgreSQL PaaS
Azure Database for MariaDB PaaS
AWS Key Management Service (KMS) SOP Signed IaaS
Service Status Package
Virtual Machines SOP Signed PaaS
