Volume 10, Number 1
CIO Sam Nixon
As you may know, the commonwealth’s contract for IT infrastructure services with Northrop Grumman Services Corporation expires in 2019. On behalf of the commonwealth, VITA has begun preparations and planning around the “next generation” of IT infrastructure services or sourcing of those services. An internal working team has been established and we will soon be working with a third party consultant to assess and develop recommendations on how the commonwealth may proceed. Many feasible options will be explored.
Stakeholder and customer input is paramount and VITA is working with those groups to engage and promote input and collaboration. Presentations and status updates have been made to agency personnel and executive staff. A wide number of stakeholders and customers will continue to be included in 2015 as we work to determine the most suitable arrangement for IT infrastructure services according to the commonwealth’s needs and constraints. It is too soon to speculate about the potential delivery models or implications that may result.
VITA is committed to continuing to provide and improve the services currently in place and appreciate continued feedback and collaboration about new services, solutions and technologies.
The Information Technology Advisory Council (ITAC) met Dec. 12, 2014. Members, recently appointed by Governor Terry McAuliffe, were sworn in by the deputy secretary of the commonwealth. Members elected a chair and vice-chair. Veteran's Affairs Commissioner John Newby was elected chair and Aging and Rehabilitative Services Chief Operations Officer Ernest F. Steidle was elected to serve as vice-chair. Members were provided an overview of advisory council legislation by a representative of the Office of the Attorney General. Also on the agenda was a VITA update from CIO Sam Nixon, an IT infrastructure services sourcing update and a briefing on a recent Joint Legislative Audit and Review Commission report. ITAC plans to schedule regular meetings on the first Monday of the month, second month of the calendar year quarter.
The new version of the Information Security Standard (COV ITRM SEC501-09) is posted on ORCA for review and comment at:http://apps.vita.virginia.gov/publicORCA. The review period expires Jan. 23. The standard has been updated in concert with NIST 800-53 Revision 4 and Cybersecurity Framework. Key updates include: insider threats; software application security (including Web applications); social networking, mobile devices and cloud computing; cross-domain solutions; advanced persistent threats; and industrial/process control systems.
New requirements and changes can be found in the following sections: AC-2: j, 12, 13; AC-6: 5, 7, 9, 10; AC-19: 5; AC-20: 3, 4; AT-2: 1, 2; AU-4: 1; AU-5; AU-6: 1, 6, 7, 9, 10; AU-8: 1; AU-12; AU-13; CA-7: 3; CM-2-COV: 4; CM-3: 6; CM-5: 1; CM-10; CM-11; CP-2: 4, 7; CP-7: 6; IA-2: 5; IR-3: 2; IR-4: 6, 7, 8; IR-8: f; MA-2: f; MA-5: b, c; MP-5: c; PE-13: 1, 2, 3, 4; PE-14: 1, 2; PL-4: c, d; PS-4: b, f; PS-6: a, c; PS-7: b, d; RA-3: d; RA-5: 10; SA-3: d; SA-5: d, e; SA-11: 4, 6, 7; SA-15; SA-16; SA-17; SA-22; SC-5; SC-7: b, 11; SC-18; SC-19; SC-37; SC-41; SC-42; SC-43; SI-4: 13, 16; and SI-10: 2, 3.
For questions please contact CommonwealthSecurity@vita.virginia.gov.
Richmond's Technology Council (RichTech), recently elected their board and officers. Chief Information Officer of the Commonwealth Sam Nixon will continue in his role serving on the board for another three-year term.
In conjunction with Planning and Budget's (DPB) launch of the 2014 strategic planning cycle in the commonwealth, VITA scheduled required IT strategic planning training that included hands-on exercises in the Commonwealth Technology Portfolio (CTP) system this past July and August.
As some agency information technology resources (AITRs) were not able to attend the live training due to travel/scheduling issues, VITA has re-packaged the live training into a two-and-a-half hour webinar plus an additional one-on-one training session with a VITA analyst.
The first webinar session has been scheduled for AITRs at Virginia School for Deaf and Blind (VSDBS), Department of Military Affairs (DMA), State Compensation Board (SCB), Frontier Culture Museum of Virginia (FCMV) and Commonwealth Attorneys' Services Council (CASC) from 10 a.m. to 12:30 p.m. on Thursday, Jan. 15. A refresher webinar open to all AITRs is also being planned. Notification will be distributed when that session's date is set.
AITRs will be contacted by a VITA analyst to schedule the separate one-on-one training sessions. Depending on the AITR's location, the session will be held face-to-face or via webinar and conference call. Course materials will be sent to participants prior to the session.
All AITRs and those assigned as the designee for the agency head role are required to attend this training. This year's IT strategic planning process includes updates and improvements with which AITRs must become familiar. For example, the IT summary section and the budget tables now will be captured in one system, the CTP. As a result, the proposed IT investments table that was previously submitted to DPB now will be pre-populated with data from the CTP.
The updated CTP training will highlight:
Questions about the webinars can be directed to VITA staff below or to your customer account manager (CAM).
Survey results are in for the recent Virginia Secretaries' Summit on Analytics: 87 percent of attendees found the sessions extremely or quite useful; 95 percent expressed interest in predictive analytics; and 49 percent said they foresee starting a predictive analytics effort in the coming year. The survey results are from the first annual Virginia Secretaries' Summit on Analytics, which was held Sept. 30, 2014 at the Richmond Convention Center. The 200 invited attendees were from state agencies including secretaries from Technology, Health and Human Resources (HHR) and Education, and non-profits.
To continue dialogue on analytics and help steer the conversation toward strategic implementation, a number of enterprise efforts are underway. A program charter is being drafted for a coordinated services module directed by analytics that will work across secretariats sharing data, governance, organizational resources and technical means.
Additionally VITA, through its Data Stewards Group, is leading an effort to create an enterprise data asset inventory. Meanwhile, the coordinating committee for the enhanced memorandum of understanding continues to meet monthly and discuss various data interoperability initiatives and facilitate requests for sharing data resources between partner agencies.
Governor McAuliffe established the Commonwealth Cyber Security Commission in 2014 with the intent to review a variety of cybersecurity topics. One of the initiatives of the commission is to provide advice and recommendations on securing Virginia's state networks, systems and data. The commission is assessing interoperability and the use of standardized plans, procedures and best practices to prevent the unauthorized access, theft, alteration and destruction of the commonwealth's data. The commission requested that subject matter experts in agencies provide input as to their agencies information security programs and provide information on controls that are in place regarding applications and infrastructure. VITA will provide feedback and information regarding information security controls that are in place for the statewide enterprise.
In conjunction with the governor's cabinet, the commission sent a survey to state agencies for input. Agencies are encouraged to complete the survey as soon as possible, but no later than Jan. 9. The Cyber Commission and governor's cabinet will be kept informed of progress and may question agencies regarding the status of their survey.
If you have any questions or require additional information, contact Isaac Janak at Isaac.Janak@governor.virginia.gov.
Cyber threats require everyone to be proactive and vigilant in protecting and maintaining devices appropriately while using cybersecurity best practices. Getting cyber healthy is a national effort sponsored by the Center for Internet Security to promote good cyber habits that will help provide protection while on the Internet. The campaign's goal is to get one million individuals to take the pledge. All Virginians are urged to sign up.
You may have purchased or received a new mobile device or computer for the holidays; do you know how to make sure it is as secure as possible? The December edition of Information Security Tips focuses on protecting your new technology, securing your personal data and spreading some cyber holiday cheer.