Public Sector Innovations
Risk Management Program
National Geospatial-Intelligence Agency
Anyone who has done business with
the federal government knows how laborious it is to receive an authority to operate. That process can be even more cumbersome for contracts and projects in the intelligence community.
That reality spurred the Risk Management Division of the National Geospatial-Intelligence Agency
to look for ways to streamline the assessment and authorization of their information systems. In 2018, the agency implemented a new policy that incorporates both waterfall and agile software development while automating parts of the ATO process and calculating risk scores that were tailored to evaluate readiness.
The division also reworked the National Institute of Standards and Technology’s Risk Management Framework to better group security and risk activities by areas of responsibility between the division and system operators.
Telos helped the agency automate parts of its ATO process, and Justin
Ford, the company’s technical director
for enterprise solutions, said the federal government has historically looked at governance versus compliance objectives as red tape. But “NGA looked at it a little bit differently, and rather than trying to make the RMF process simpler, they went even further and basically said: How can we make the RMF process support the mission...so you can get there not only faster but stronger and better?” Ford said.
NGA’s approach has received accolades from industry, dramatically shortened authorization for low-risk information systems and freed personnel to focus more on higher-risk systems. Under the new process, three out of every four projects have received an ATO within five weeks.
RPA Program
General Services Administration
The General Services Administration
is leading the charge to rid federal and contractor employees of repetitive, boring and time-consuming manual work by adopting robotic process automation.
GSA has implemented 25 RPA bots so far, including Truman, which automates the work associated with processing offers under the Federal Acquisition Service’s Multiple Award Schedules. Truman helps vendors pull data from multiple sources into a central report and has increased customer and employee satisfaction while minimizing errors and backlogs. Thanks to Truman, GSA’s contracting specialists can now spend more time helping vendors with their applications and learning about new products and services.
GSA’s Office of the Chief Financial Officer, meanwhile, uses an accounts payable email notification bot to pull 300 invoices per day that are due for payment and notifies those responsible. The bot has also eliminated the need for manual data entry of hundreds of receiving reports every month and captured data for almost 40,000 purchase cards annually.
In hopes of spreading the use of RPA across the federal government, GSA also set up an RPA community of practice, led by the Office of the CFO. The group focuses on federal digital transformation mandates by bringing together and formalizing
RPA across all agencies. It also serves as the catalyst to reach a crucial goal of the President’s Management Agenda: shifting federal employees from low-value to high- value work.
State of Ohio Digital Identity Program
Department of Administrative Services, State of Ohio
With Ohio’s Digital Identity program, residents, businesses and employees can access multiple state government services using a single sign-on. The program simplifies agencies’ identity solutions and delivers cost savings, improved security and greater efficiency.
“Digital Identity allows users to interact digitally with the state across a variety
of agencies and programs with just one secure username and password,” said Derek Bridges, the state’s chief data and analytics officer. “As Ohio continues to deploy the
ID across systems, users receive additional security and the convenience of fewer usernames and passwords.”
Other benefits include automated, real-time provisioning and deprovisioning of users, a reduction in risks associated with human intervention because users set up their own digital identities and close integration with the state’s security information and event management platform for real-time threat monitoring.
Since the state began testing and using digital IDs two years ago, it has seen cost avoidance of $76 million. Additionally, the cost of application onboarding fell by 85%. With self-service onboarding, costs will likely fall even further, and with the goal
of 99.99% password self-service, the state expects to reduce annual spending by more than $1 million.
“In addition to the convenience of reduced sign-on the ID offers users, it allows a more personalized experience and connects the public with services better tailored to their needs,” Bridges said. “And by providing this as a statewide shared service, Ohio also avoids the significant costs of building an identity solution for every system.”
46 November/December 2019 FCW.COM