The AFFIRMation On Line

A MONTHLY PUBLICATION OF THE ASSOCIATION FOR FEDERAL INFORMATION RESOURCES MANAGEMENT

AFFIRM, the Association For Federal Information Resources Management, is a Washington, DC-based council of the Federation of Government Information Processing Councils. It is a nonprofit, volunteer organization whose goal is to improve the management of information within the Federal Government.

A MONTHLY PUBLICATION OF THE ASSOCIATION FOR FEDERAL INFORMATION RESOURCES MANAGEMENT

The AFFIRMation


AFFIRM, the Association For Federal Information Resources Management, is a Washington, DC-based council of the Federation of Government Information Processing Councils. It is a nonprofit, volunteer organization whose goal is to improve the management of information within the Federal Government.



Securely Connecting to "The Net"
by Dr. Paul Clark
Chief Scientist DynCorp I&ET



While Internet connectivity is now an absolute requirement for many businesses, most find themselves unsure how to connect without placing significant assets at risk. Those that are connected reasonably securely often do not have a plan for adding capabilities without subverting their existing system. In addition, applications used for local services are not necessarily secure when used over a wide area network.

We may address these shortcomings by the development of, and adherence to, a reasonable security architecture. A standards-based scaleable network architecture promotes interoperability and allows future upgrades without requiring a complete network system overhaul.

In particular, it is useful to adopt a strategy of mediating all external accesses to the local network through a small number (i.e., in most cases one) of bastion hosts. These host(s), often called firewalls, generally provide context-sensitive access control and security services for the applications they support. Because firewalls operate at the application level, it is possible to provide policy enforcement which is otherwise not possible without specific reference to application context.

Similarly, modular and layered application architecture increases interoperability and eases integration problems. By distinguishing and separating basic services within an application, it becomes much easier to support multiple protocols for each service. Also, the integration of new services is facilitated.

For example, a network application which is intended to support the secure exchange of X.400 and SMTP messages in a reasonably interoperable way, would benefit from separating its digital signature and encryption services from its basic message transport facility. The result is the ability to provide common security services in a transport-independent fashion.

The effect of combining a secure network architecture with a Service-Layered Application Architecture (SLAA) is to allow common security services for a variety of application transports. We may then enable each of these application transports at the firewall. The firewall can, if necessary, then enforce the use of these security services as a matter of local security policy. Thus, by mapping a layered application onto a securely constructed network, an organization can utilize a wide area public network without unacceptable risk to its electronic assets.



March Seminar

AFFIRM, ITAA, and IAC Present
A New Perspectives Seminar

THE WINDS OF CHANGE: The Turbulence and Challenges Facing Federal IT Executives

Thursday, March 21, 1996
7:45 am to 10:30 am

The ITAA report, WINDS OF CHANGE: MANAGING INFORMATION TECHNOLOGY IN A REFOCUSED AND DOWNSIZED FEDERAL GOVERNMENT, based on a survey of 25 senior government IRM executives, foretells a period of unprecedented change facing government IRM and program managers. The program presents the survey results and a panel of key government and industry IRM experts who will discuss their views of the implications of the survey's results.

See flyer insert for more details!!!


The President's Corner

I asked John Coyle to help preserve AFFIRM's record as an organization into the future by serving as AFFIRM's Historian this year. In the course of gathering information on AFFIRM's history, he discovered a copy of a luncheon speech that Dan Moser, one of AFFIRM's founders, delivered upon his retirement in 1982. I was struck by how on point his observations remain today and want to share some of them with you.

Mr. Moser's main thesis was that IRM, as a management approach, offers tremendous opportunity to improve management of the Federal government, but was not properly and effectively implemented. He cited several reasons for this, including a failure to understand what IRM really was, a passive Federal leadership in terms of recognizing IRM's potential and aggressively implementing it, and the predominance of the budget process as the form of management in the Federal sector.

What has changed in the 14 years since Dan Moser articulated these thoughts? In my view, everything, and nothing - let me explain. Our industry has changed dramatically over this period; the examples too numerous to cite. The sophistication of Federal employees and the citizens we serve with Information Technology (IT) has increased tremendously. In our organizational settings, our reliance on IT is almost complete.

I believe the challenges of harnessing IT and, once harnessed, effectively using it to improve government performance, are as daunting today as they were in 1982. As evidence, I cite Business Process Reengineering (BPR), the latest "new program" focused on improved organizational performance. The opportunity for BPR to "evolve" as a new approach to management improvement resulted from dissatisfaction with the state of IRM. As further evidence, we see the recent wave of Congressional action on both the IRM and IT procurement fronts. With S1124, the CIO movement has officially reached the Federal sector. With it came Congressional instruction that we manage IT from a capital investment perspective, measuring the IT investment-related benefits in terms of mission benefit. Congress, within this legislation, even provides agency achievement targets in terms of cost reductions and efficiency improvements. Again, this legislation resulted from Congress' frustrations with the perceived inability of Federal
agencies to manage IT acquisitions and investments and to obtain the desired benefits from them.

As IRM professionals, we are still confronted with the opportunity Dan Moser discussed. We can help mold the direction and intent of these changes into specific programs and plans of action. I am pleased to report that AFFIRM is well positioned for response to this challenge, and I believe we are fully able to assist with this important work. Stay tuned!

> Paul Wohlleben



Radical Changes Coming to Federal IRM
With the passage of the Defense Authorization Act of 1996 and its signing into law, the Federal IRM landscape is about to undergo radical change. A division of the Defense Authorization Act was entitled "The Information Technology Management Reform Act of 1996" (the Act). This Act provides a 6 month window for implementation of most of its provisions and regulations providing the necessary implementation details are presently under development. This article provides an overview of some of the Act's more significant IRM-related changes, although the specific impacts of implementation are presently unknown.

The Act repeals the central authority of GSA for overseeing Federal IT acquisitions, and places that authority with the Director of OMB. The Act directs the Director, OMB to establish capital planning and investment control over IT, and to improve the productivity, efficiency and effectiveness of Federal programs through the use of IT. More specifically, the Act directs OMB to integrate capital investment control into the budget process, set standards for Federal IT, promote Government-wide acquisitions of IT, encourage adoption of best practices, and to evaluate the IRM practices of agencies with emphasis on the results achieved from IT investments.

Conversely, the Act directs agency heads to implement processes to improve capital planning and investment control over IT. The processes must: 1) provide for the selection of information technology investments; 2) be integrated with processes for making budget, financial, and program management decisions; 3) include minimum criteria for considering whether to undertake a particular investment; 4) identify information systems investments that will result in shared benefits or costs for other Federal agencies; 5) identify quantifiable measurements for determining benefits and risks; and, 6) provide the basis for determining the progress of an investment. The Act also prescribes to agency heads several specific provisions related to performance and results-based management.

The Act establishes Chief Information Officers (CIOs) at a number of the larger agencies; establishes that the CIO position is at Executive Level IV 's; and that the CIOs are responsible for ensuring that IT is acquired and information resources managed consistent with the Act, putting in place an information technology architecture and promoting an efficient and effective IRM process (including improvements to work processes). The Act also establishes that IRM duties shall be the CIO's primary duty; that the CIOs oversee the entire life cycle of IT programs and projects; and that the CIOs assess and develop strategies to improve the skill levels of agency IT personnel.

Among other provisions, the Act directs specific accountability for accounting, financial, and asset management systems; provides for the use of appropriated funds for interagency groups focused on IT improvements; assigns to the Secretary of Commerce responsibilities for promulgating standards and guidelines pertaining to Federal computer systems; requires GSA to provide on-line access to multiple award schedules by January, 1998; abolishes the GSBCA, leaving GAO the single venue for procurement protests; and addresses the process for acquiring information technology, focusing on incremental acquisitions and pilot programs (share-in-savings, solutions-based contracting). Another interesting provision states that it is the sense of Congress that, during the next five-year period beginning with 1996, agencies should achieve at least an annual 5 percent decrease in the cost incurred for operating and maintaining IT, and a 5 percent increase in the efficiency of agency operations through IRM improvements.

The AFFIRMation will continue to report information on implementation and the impact of these and other sweeping changes in the IRM and IT arenas in future issues.



Sponsorship Committee News
AFFIRM Salutes New Sustaining Partners!

The distinguished ranks of AFFIRM's industry sponsors continue to swell. Booz-Allen & Hamilton, FedCenter, ANSTEC, and IBM have enlisted in AFFIRM's Sustaining Partner Program. Booz-Allen and FedCenter were saluted at the February meeting; and we will pipe IBM and ANSTEC aboard at the March breakfast meeting. Tours of duty as AFFIRM Sustaining Partners and Seminar Sponsors remain available. Contact Industry Sponsorship co-chairs Mary Dale or Rick Martin for more information.




Sustaining Partners



Ogden Professional Services

DynCorp I&ET

Lotus Development Corporation

MCI Government Markets

Systems Integration Group, Inc.

Software AGFederal Systems, Inc.

Grant Thornton LLP

Booz-Allen & Hamilton

FedCenter

ANSTEC

IBM



Editor's Notes

The editor's of the AFFIRMation thank those members of AFFIRM who have submitted newsletter articles in the past. We would also like to encourage anyone who has a topic of interest to AFFIRM members to please contact Ava Arnone or Joe Lentini with your ideas. We especially encourage our Sustaining Partners to submit ideas.



ITAA, AFFIRM & IAC Present
A New Perspectives Seminar

The Winds of Change: The Turbulence and Challenges
Facing Federal IT Executives

Winds of change are sweeping through federal agencies, reshaping programs and priorities. Public demand for a smaller, faster and more efficient government is creating new budgetary pressures and forcing IT executives to rethink and refocus on what their mission and the role of information systems should be in achieving mission success. For government employees and government contractors alike, a thorough understanding of this new environment is critical. And here's an outstanding opportunity to calibrate your thinking and to learn new strategies for coping more effectively in these turbulent times.

The Information Technology Association of America (ITAA), AFFIRM, and the Industry Advisory Council (IAC) present "The Winds of Change: The Turbulence and Challenges Facing Federal IT Executives." Join Grant Thornton LLP Partner-in-Charge Henry Steininger for a candid, thought-provoking look at the results of ITAA's sixth annual IRM Survey, the leading opinion research report in the federal marketplace. Then take the major issues raised in the survey to the next level by interacting with a distinguished panel of experts, led by Sterling Software's Phillip Kiviat and including Joe Leo, Deputy Administrator for Management, USDA; Department of Education IRM Director Gloria Parker; and a soon to be added DoD representative. Don't miss this unique opportunity! You will be back in your office by 11 a.m. with new perspectives on issues like downsizing, procurement reform and how to make the "winds of change" work for you.

Continental breakfast will be served.



Thursday, March 21, 1996 @ 7:45 - 10:30 a.m.
Crystal Gateway Marriott Hotel @ Crystal City (Arlington), VA.

For information call Marnie Wightman at 703-284-5343. To reserve a space, fax back this form to 703-525-2279 or mail your payment to ITAA, 1616 N. Fort Myer Drive, Suite 1300, Arlington, VA 22209.