· Overview · Computer Security Standards, Policies and Procedures · IT Management and Capital Planning · Critical Infrastructure Protection Analysis · Certification and Accreditation · Privacy Services & HIPAA Implementation

As the federal budget for IT projects shrink, only those business cases that comply with the latest OMB and FISMA requirements will be approved. System 1 personnel have hands on experience in business case preparation and evaluation, and insight to the key security issues facing the government to assure that new programs have the best chance for approval.

System 1 helps the government prepare and evaluate OMB exhibit 300s and assists in the Capital Planning and Investment Control (CPIC) process. System 1 has been instrumental in helping Government agencies determine tangible milestones and metrics to use for earned value management systems--an OBM requirement for new submissions since 2002. We also assist in providing and reviewing 'alternative analysis' for business cases. System 1 has provided life cycle management guidance and year-to-year metrics for the capital planning efforts of several government agencies.

IT Management and Metrics System 1 is currently developing a balanced OMB A-130 compliance scorecard and metrics program to ensure compliance with OMB guidance and newer requirements embedded in statutes, GAO frameworks, and OMB guidance. This effort crosscuts the areas of architecture, capital planning, security, records, and privacy. System 1 is supporting strategic planning efforts and facilitating discussions to prioritize CIO projects and programs, to identify gaps and redundancies, and to ensure cost effective operations.

IT Performance Improvement System 1 developed a Project Management Framework that addresses project management activities during all lifecycle phases, presents various methodologies and techniques for lifecycle management. The framework also addresses the input and outcomes from the project management standpoint and integrates activities in architecture, capital planning, security, as well as records and privacy. This will directly result in the more efficient implementation of IT projects throughout the Government. System 1 used PMI (Program Management Institute) certified PMP staff to develop the framework and establish the Agency requirements for project manager qualification and training requirements.

Capital Planning and Investment Control Integration System 1 was contracted by NIST to gather information on Return on Security Investment (ROSI), which resulted in a comprehensive study examining the relationship between risk, ROI, and security at over twenty Federal Agencies and private sector organizations. System 1 was then engaged by NIST to incorporate this information into a Security Capital Planning and Investment Control (CPIC) guideline. System 1 supported NIST/OMB workshops on integrating security into the capital planning process. Special emphasis was in the CPIC governance process and on techniques for prioritizing security-related corrective actions. This new guideline, NIST SP 800-65, Integrating Security into the Capital Planning Process, will be issued in 2004. The development of this guideline is in close coordination with OMB and GAO.

OMB 300 Preparation System 1 assisted in the development of the cyber security OMB submissions for FY 02 and FY 03. This assistance included review of alternative analysis and support of business cares,development of the program metrics and milestones, review of all financial budgets to assure that adequate funding has been requested. System 1 also provided a cyber security review of all OMB submissions across DOE for adherence to FISMA security requirements, and to assure that each project provided funding for security as part of its life-cycle cost.