Volume 13, Number 2
CIO Nelson Moe
As each month passes, VITA and state executive branch agencies are making progress toward our new agile, next-generation information technology (IT) environment. This new multisourcing environment is the keystone of our strategy to diversify the state's portfolio of infrastructure suppliers, improve service delivery quality, ensure cost competitiveness, and provide transparency and accountability into the commonwealth's service delivery. We are now counting down - our new suppliers will "take over in place" by December. Where are we in this effort?
Messaging - Last month, five entire agencies and numerous individuals across most other state agencies moved to Google messaging and calendaring services provided by Tempus Nova. These 12,000 "early adopters" will provide input to help improve the process when we move the remaining approximately 40,000 state employees to Google on March 26.
IBM mainframe - Mock and network swing testing are scheduled this month and early next month for the 13 agencies using the mainframe services, which will be moved from the Commonwealth Enterprise Solutions Center (CESC) in Chester to DXC's Clarksville, VA, facility, with backup in Colorado. The move is tentatively scheduled for March 18, depending on completion activities such as re-IPing efforts.
Multisourcing service integrator (MSI) - Review of the detailed MSI project plan submitted by Science Applications International Corporation (SAIC) is nearing completion. Work is underway on the IT financial management system. VITA is working with SAIC to plan a single commencement solution for the service tower suppliers in November and December. A joint executive alignment meeting with VITA and SAIC is scheduled this month. And, the disentanglement advisory and recommendation team (DART) continues to work with the incumbent supplier on disentanglement activities.
Managed security services - A contract with a new supplier is undergoing final reviews.
End-user services - Proposals are under evaluation and clarification.
Server/storage - Proposals are under evaluation and clarification.
Voice/data/network - VITA is in negotiations with a supplier that has an existing contract.
While this work is our top priority and consuming much of our staff time, VITA continues to manage 300 contracts with a spend of nearly $800 million; provide management for IT projects totaling $416 million; lead the way for adopting next generation 9-1-1; offer aerial mapping of the commonwealth for emergency management, planning and other uses; and keep our daily operations running.
VITA supports the commonwealth by providing cybersecurity, IT infrastructure services and IT governance. While we provide infrastructure services and governance for executive branch agencies, our cybersecurity efforts encompass all state government entities and the contracts we sign can benefit all government localities across the state. We will continue all this work in 2018 with the following five major goals, which I mentioned last month, but want to emphasize again:
I appreciate the cooperation and support of state agencies, localities, suppliers and VITA employees and look forward to continued success in 2018.
Registration for the 2018 Commonwealth of Virginia (COV) Information Security Conference is now open. Additionally, the deadline for the call for papers has been extended to Wednesday, Feb. 14.
This year's conference will be held April 12-13 at the Altria Theater in Richmond. Keynote speakers include Dr. Deanna D. Caputo, human behavior and cybersecurity capability steward at The MITRE Corporation, and Adam S. Lee, special agent in charge at the FBI Richmond Field Office.
VITA will conduct regional town hall meetings to kick off the next generation (NG) 9-1-1 deployment plan during the weeks of Feb. 12 and Feb. 19. The deployment plan calls for NG 9-1-1 to be deployed by selective router pair, so the meetings will be held in those same regional groups and organized around the selective router service areas. It is imperative that all localities participate in these meetings.
All of the meetings will be held from 10 a.m. to 2 p.m. More meeting details will be coming from regional coordinators as they are finalized. The following dates have been set:
Government entities in Virginia, including localities such as counties, cities, towns and their departments, can use the state contract for lower-cost internet and broadband services. Contracts are easily searchable by ZIP code. VITA develops contracts in line with procurement regulations that are made available to government entities across the state to obtain bulk purchasing rates and reduce the cost of procurement. The contracts have minimal service performance guarantees and service term commitments. For some technologies, there are multiple options/suppliers under contract. To take advantage of the contracts, localities must order through VITA using a telecommunications service request (TSR). A sampling of the services available include cable modems, dedicated internet access, digital subscriber line, dedicated satellite downloads, Ethernet lines and fiber to premise.
VITA will be transitioning infrastructure services to new suppliers by December. Mainframe services have been transitioned to DXC, and messaging services are in the process of being transitioned to Tempus Nova, with completion expected in the spring. For IT infrastructure needs provided by the incumbent service provider, agencies should submit work requests as soon as possible. During the last quarter of this calendar year, VITA will concentrate on terminating services with the incumbent and transitioning those services to new suppliers, and will not be processing work requests to the incumbent. For questions, contact the VITA OneStop mailbox.
A number of standards forms and requirements documents have been updated. Information on the updated documents and forms is below:
The proposed update of the Information Security Standard SEC501-10 is now posted on the online review and comment application (ORCA). The review period expires Feb. 18.
The purpose of SEC501-10 is to define the minimum acceptable level of information security and risk management activities for commonwealth agencies that must implement an information security program which complies with requirements identified in this standard. The revisions clarify existing control and require additional controls that had previously been withdrawn.
The most recent version of Information Security Tips features privacy. Privacy is often considered to be the concept of confidentiality, which is keeping information secret from those that should not see it. While that is an aspect of privacy, often called “need to know,” privacy is much more. Privacy is a larger concept centering on you as the individual to whom the information refers. It is about your rights to access, correct and control the information that another entity has about you.