UI INTEGRITY PROFESSIONAL DEVELOPMENT CONFERENCE Contingency Plans A Federal Perspective.
Post on 11-Jan-2016
212 Views
Preview:
Transcript
UI INTEGRITY PROFESSIONALDEVELOPMENT CONFERENCE
Contingency Plans A Federal Perspective
Contingency Plans A Federal Perspective
Paul Bankes IT Specialist
U.S. Department of Labor
bankes.paul@dol.gov
Contingency Plans A Federal Perspective
Synopsis History Lesson DOL OIG Report
• Risk vs Maturity Table• Request for Annual Update – status.
State Quality Service Plan• Appendix IV• Assurance Signature Page
UIPL 19-10• Supplemental Budget Request.
Pre-Y2K Automation Grants ($20M) Supplemental Budget Requests ($3+M)
Contingency Plans A Federal Perspective
2000 - Government Information Security Reform Act (GISRA), Public Law 106-398
2002 - Federal Information Security Management Act (FISMA), 44 U.S.C. § 3541
2002 – OIG IT Security Audit
UI Program
Funding
Contingency Plans A Federal Perspective
IT / IS SBRs SBRs (2004 – 2005)
• 2004 – IT $5,553,448 (72)• 2005s – IT $11,385,494;
IS $738,392 (106)
Total: $17,677,334
OIG Audits (2003 – 2004)
Contingency Plans A Federal Perspective
Contingency Plans A Federal Perspective
2008: OIG Report (23-08-004-03-315) on SWA IT Contingency Plans FINDING: While ETA required state workforce agencies
(SWAs) to develop and implement IT contingency plans as a condition of their grant agreements, it did not verify that the plans were developed or tested.
Enact a monitoring and review process to verify SWAs develop and test IT Contingency Plans necessary to sustain the UI program; and identify and address any weaknesses found in IT contingency plans.
Contingency Plans A Federal Perspective
Grant Agreement? State Quality Service Plan Assurance signature for Disaster Recovery Plan
Contingency Plans A Federal Perspective
2009: OIG Report (23-09-002-03-315) on SWA IT Contingency Plans FINDING: ETA did not ensure SWAs’ UI Tax and
Benefit Systems’ IT Contingency Plans were reliable. Conduct annual verification of SWAs’ IT contingency
plans for existence and reliability using risk-based approaches that consider the SWAs’ contingency planning maturity and likelihood of disasters.
Contingency Plans A Federal Perspective
NIST SP 800-34; “Contingency Planning Guide for Information Technology Systems”; http://csrc.nist.gov/publications/nistpubs/800-34/sp800-34.pdf
IT Security CD and Manager’s Paper Supplied by USDOL.
Contingency Plans A Federal Perspective
List of 17 Plan Elements Purpose Damage Assessment Procedures
Applicability Detailed Recovery Procedures*
Scope Reconstitution Phase Procedures*
Record of Changes Contact information of CP teams*
System Description Vendor contact information
Line of Succession* Checklists for system recovery
Responsibilities Equip/System requirements lists
Activation Criteria Description/Direction to alternative sites
Documented Notification Procedures
OIG Report (NIST1 CP Data Elements)
1National Institute of Standards and Technology
Contingency Plans A Federal Perspective
NIST SP 800-34; “Contingency Planning Guide for Information Technology Systems”; http://csrc.nist.gov/publications/nistpubs/800-34/sp800-34.pdf
CD – supplied by USDOL.
State Quality Service Plan (SQSP) 2009 Changes (Appendix IV) 2009 IT Security SBR
IT CP added
Contingency Plans A Federal Perspective
1st
2nd
SBR
High Risk
Low Risk
High MaturityLow Maturity
Contingency Plans A Federal Perspective
State Quality Service Plan (SQSP) (APPENDIX IV) – “INFORMATION TECHNOLOGY
SECURITY GUIDELINES”• IT Contingency Plan, • System Security Plan, and • Risk Assessment• Templates (NIST Guidance)
Contingency Plans A Federal Perspective
State Quality Service Plan (2011) By signing the SQSP Signature Page, a state certifies that
it will comply with the assurance listed in ET Handbook 336, 18th Edition, Change 2, and that the state will institute plans or measures to comply with the requirements.
Contingency Plans A Federal Perspective
UIPL 19-10 Unemployment Insurance (UI) Fiscal Year (FY) 2010
Supplemental Funding Opportunities to Improve UI Information Technology (IT) Contingency Plans and UI IT Security
$150,000 (CP and IV&V) Due May 14, 2010
Contingency Plans A Federal Perspective
UI IT Contingency Plan SWAs must address all the missing key elements in their
UI IT Contingency Plan as reported by the OIG SWAs must utilize the guidelines provided in NIST SP
800-34 to develop the UI IT Contingency Plan; The UI IT Contingency Plan IV&V must use the
guidelines provided in the NIST SP 800-34 to evaluate and certify the UI IT Contingency Plan; and
SWAs must submit a copy of the IV&V certification report to their respective RO upon completion.
Contingency Plans A Federal Perspective
IT / IS / CP SBRs SBRs (2004 – 2009)
• 2004 – IT $5,553,448 (72)• 2005s – IT $11,385,494;
IS $738,392 (106)• 2006s – IT $8,797,185 (112)• 2007 – IT $6,008,840 (79)• 2009 – IT/CP $9,378,904 (96)
Total: $41,862,263 (465)
Florida IT Dir. paraphrase “The SBR
process has built a security fortress for UI in the State of Florida”
Contingency Plans A Federal Perspective
“Preventing, detecting and recovering overpayments are top priorities for Unemployment Insurance (UI) Program administrators”
Contingency Plans A Federal Perspective
The year 2010 marks the 75th Anniversary of the UI Program. UI has advanced
• 1935 “Paper and pencil”• 2010 “High Speed Automation”
If your current UI system suffers a catastrophic failure; is your response:• 1935 or • 2010 or • 1934?
top related