This is historical material “frozen in time.” The website is no longer updated and links to external websites and some internal pages may not work.

Home
Agencies
Goals
Initiatives
Programs

API
About
FAQ

You are hereHome

Primary tabs

View(active tab)
Show Changes

Strategic Objective

MG04.02 Implement enabling successful practices and initiatives that strengthen IT leadership and governance

Strategic Objective

Achieving agreed completion milestones for systems and initiatives planned and funded for the next 4 years that has been prioritized and approved through Governance.

Lead Office: Office of the Chief Information Officer

Themes:

General Government

OPM.gov

Facebook Twitter Linkdin Mail RSS

XML

CSV

Overview
Progress Update

Overview

Enhancing the OPM Director’s ability to establish strategy and policy across the HR life cycle.
Enabling the Chief Human Capital Officers Council to work with the OPM Director to translate the HR strategy and policy into business and policy requirements for HR IT systems.
Positioning the OPM CIO as the Federal HR CIO responsible for setting government-wide HRIT strategic direction and standards for HR IT service providers.
Establishing a flexible capital planning and investment management process within OPM that provides transparency of IT expenditures and IT

Progress Update

The creation of several new positions is one result of the completion of phase one of the CIO reorganization, including the creation of an IT Project Management Office to oversee all CIO projects. Dedicated IT project managers will support OPM business lines. OPM incorporated the portfolio goals into the CIO leadership performance standards.

OPM continues to make strides in improving IT governance, such as reestablishing an Investment Review Board with an updated charter. The agency established decision criteria for the selection of IT investments, and created the Health of IT dashboard to define a standard set of categories to review and report on such investments.

OPM completed the acquisition of a software solution that will be used to manage OPM’s Enterprise Architecture, including the documentation of the “as is” and definition of the “to be.” Phase one of the rollout will include the creation of application and asset inventories.

OPM continued to work on improvements to IT security, transitioning security monitoring from Designated Security Officers in the program offices to Information System Security Officers centralized within IT Security and Privacy. This remediated a Federal Information Security Management Act weakness identified during inspector general audits. The centralization of the Information System Security Officers increases the consistency with which OPM monitors its systems. In addition, the Security Operation Center worked with OPM’s Network Management to implement tactical steps to strengthen the agency’s security posture. This included upgrades to tools used to monitor OPM’s network. The agency also signed an agreement with DHS to implement the Continuous Diagnostic and Mitigation program. This will be a multi-phase project with the first four controls implemented by the end of FY 2016.

OPM experienced multiple challenges in 2015. The CIO reorganization took longer than expected, causing delays in re-aligning resources to support the implementation of the Strategic Plan. The IT Strategic Plan called for the reallocation of existing manpower and other resources for IT governance. While the CIO was able to complete the phase one reorganization, additional phases are still required to complete the realignment.

Further, due to the age of some OPM systems, the agency has been unable to meet all Federal Information Security Management Act requirements.

In addition, OPM discovered multiple intrusions resulting in breaches of OPM data. These breaches created multiple challenges, including the need to shift resources and re-prioritize work.

OPM, in consultation with the Office of Management and Budget, has highlighted this strategy as a focus area for improvement.

Expand All

Strategic Goals

Strategic Goal:

MG4 Efficient and Effective Information Systems

Statement:

Manage information systems efficiently and effectively in support of OPM’s mission.

Strategic Objectives

MG04.01 Commit to an enterprise-wide information systems strategy based on the principle that business drives strategy

Statement:

Increase in savings resulting from the elimination of duplicative, redundant, or unaligned IT expenditures

Description:

Publishing OPM’s IT Strategic Plan.
Delivering a framework for a set of standards that supports the entirety of the HR life cycle as documented in the Human Resources Line of Business (HRLOB) Business Reference Model (BRM) that recognizes and synergizes the technology and tools within OPM, Shared Service Centers, and industry.
Establishing a culture of openness and trust throughout the HR IT community and among key federal stakeholder communities.
Establishing a practice of transparent IT cost accounting throughout OPM.

Learn More

MG04.02 Implement enabling successful practices and initiatives that strengthen IT leadership and governance

Statement:

Achieving agreed completion milestones for systems and initiatives planned and funded for the next 4 years that has been prioritized and approved through Governance.

Description:

Enhancing the OPM Director’s ability to establish strategy and policy across the HR life cycle.
Enabling the Chief Human Capital Officers Council to work with the OPM Director to translate the HR strategy and policy into business and policy requirements for HR IT systems.
Positioning the OPM CIO as the Federal HR CIO responsible for setting government-wide HRIT strategic direction and standards for HR IT service providers.
Establishing a flexible capital planning and investment management process within OPM that provides transparency of IT expenditures and IT program/project performance.
Establishing client and stakeholder engagement practices focused on measuring the cost, quality and compliance of Shared Service Center IT capabilities.
Developing an enterprise architecture that supports the HR life cycle as documented in the HRLOB BRM.
Establishing standards for managing OPM IT programs / projects and providing oversight to measure their performance.
Identifying qualified and trained / certified IT customer relationship managers for each OPM business unit to ensure partnership and collaboration between the OPM CIO and the Assistant Directors and Office Heads.
Establishing service level agreements and program plans that document expectations of the CIO and business unit leaders to achieve affordable, responsive HR IT capabilities.
Establishing a data management program that provides greater access to HR data and enables data analytics that informs policy and decisions.
Incorporating portfolio goals into SES performance management system.

Learn More

MG04.03 Implement enterprise initiatives that leverage capabilities and tools throughout OPM

Statement:

Consolidating platforms to enhance interoperability and reduce duplication.
Implementing collaboration tools that will provide easy access to all data, information, and systems that individuals are authorized to access, while using the strong controls required for enhanced information security.
Implementing a shared case management solution that provides case tracking and reporting, and workflows.
Implementing a single, virtual data warehouse and sharing capability that better meets business needs while reducing redundancies.
Operating an efficient intranet and providing web services for OPM employees.
Operating an effective secure network, data center, and desktop environment.
Strengthening financial controls and reporting to enable spending transparency across funding types and programs.

Description:No Data Available

Learn More

FY 16-17 Priority Goal: Cybersecurity Monitoring

Statement:

Continue enhancing the security of OPM's information systems by strengthening authentication and expanding the implementation of continuous monitoring.

OPM will increase the use of multi-factor strong authentication in multiple ways. While OPM enforces Personal Identity Verification (PIV) authentication for its internal users, OPM targets PIV usage for OPM services at 50 percent of Federal users by the end of FY 2016. By the end of FY 2017, OPM will enforce multi-factor authentication for 100 percent of all PIV-enabled users and 80 percent of non-PIV-enabled users.

OPM will increase its security posture by expanding the Information Security Continuous Monitoring (ISCM) capabilities throughout FY 2015. Leveraging the Continuous Diagnostic and Mitigation (CDM) program, OPM will expand continuous diagnostic capabilities by increasing the network sensor capacity, automating sensor collections, and prioritizing risk alerts. By the end of the second quarter of FY 2016, OPM will have acquired, implemented, and refined the four (4) CDM controls including vulnerability management, secure configuration management, hardware asset management, and software asset management. These tools will increase OPM’s ability to identify and respond to security issues. By the end of FY 2016, 95 percent of OPM’s assets will be visible in the CDM dashboard. In FY 2017, OPM will use the benchmarking results to identify and prioritize the implementation of other ISCM controls.

OPM will continue to pursue a number of additional actions as outlined in its Cybersecurity Monitoring goal.

Description:

OPM stores more Personally Identifiable Information (PII) and other sensitive records than almost any other Federal agency. This is a tremendous trust placed in the agency by the millions of current and former Federal employees, and one that OPM must continually earn through constant vigilance.

The prior breaches of OPM data make clear that cybersecurity must remain a priority for all agencies, but especially OPM. As President Obama has said, “Both state and non-state actors are sending everything they’ve got at trying to breach these systems…And this problem is not going to go away. It is going to accelerate. And that means that we have to be as nimble, as aggressive, and as well-resourced as those who are trying to break into these systems.”

In a world of evolving threats, there is no such thing as “total cybersecurity.” But the actions outlined by OPM, and continued collaboration with Federal partners, Congress, and outside experts, will ensure that OPM has the tools it needs to safeguard its systems and protect our nation’s citizens and the men and women that serve the Federal Government.

This goal aligns with Administration cybersecurity priorities. The goal was established in coordination with OMB policies and guidance, to include the Cybersecurity Strategy and Implementation Plan (CSIP), the Fiscal Year 2015-2016 Guidance on Federal Information Security and Privacy Management Requirements, and the Cybersecurity CAP goal.

Learn More

MG04.04 Implement business initiatives that provide capabilities spanning the HR life cycle, allowing OPM and other federal agencies to achieve their missions

Statement:No Data Available

Description:

Supporting integrity of background investigations through innovative technology.
Supporting modern IT systems for retirement processing.
Supporting IT service delivery for customer agencies.
Supporting health and insurance initiatives.
Supporting current and planned business initiatives for which IT is an enabler.

Learn More

Download
Featured Report

Agency Plans and Reports

Agency Strategic Plan

Accessibility
Privacy Policy