January 28, 2008

HSPD-12 and Enterprise Architecture

Homeland Security Presidential Directive 12, 27 August 2004, is a “Policy for a Common Identification Standard for Federal Employees and Contractors.”

HSPD-12 establishes a mandatory, Government-wide standard for secure and reliable forms of identification issued by the Federal Government to its employees and contractors (including contractor employees).

The policy mandates promulgation and implementation of secure, reliable identification that covers Federally controlled facilities, Federally controlled information systems, and other Federal applications that are important for security. "Secure and reliable forms of identification" for purposes of this directive means identification that (a) is issued based on sound criteria for verifying an individual employee's identity; (b) is strongly resistant to identity fraud, tampering, counterfeiting, and terrorist exploitation; (c) can be rapidly authenticated electronically; and (d) is issued only by providers whose reliability has been established by an official accreditation process. The Standard will include graduated criteria, from least secure to most secure, to ensure flexibility in selecting the appropriate level of security for each application.”

In Government Computer News, 27 October 2007, Jack Jones, the CIO of the National Institute of Health (and Warren Suss, contractor) discuss how NIH leveraged the mandates of HSPD-12 to not only implement the common identification standard for more than 18,000 federal employees [and another 18,000 part time employees, contractors, fellows, and grant reviewers] on its main campus in Bethesda, Md., and at satellite sites nationwide,” but also modified and improved it's business processes to ensure a holistic and successful architectural implementation.

What business modifications were involved?

HSPD-12 was a catalyst for change at the institutes. The NIH Enterprise Directory (NED), which automated the process for registering and distributing badges to new NIH employees, needed to be revised to comply with HSPD-12...the conversation led to a re-examination of the broader set of processes involved in bringing a new employee onboard. In addition to registering new employees and issuing badges, NIH, like other federal agencies, must assign e-mail addresses, add new employees to multiple agency mailing lists, order new phones, assign new phone numbers and update the phone directory.”

How did NIH address this using enterprise architecture?

NIH changed its enterprise architecture through a formal, facilitated business modeling process that involved all NIH stakeholder groups. The results included clarifications in the policies and procedures for processing new employees along with the transformation of NED into a significantly improved tool to support better communication and collaboration in the broad NIH community.”

From a User-centric EA perspective, this is a great example of EA supporting successful organizational change. NIH, like other federal agencies, was faced with the mandates of HSPD-12, and rather than just go out and procure a new system to meet the requirement, NIH used EA as a tool to look at its entire process for provisioning for new employees including policy. NIT EA modeled it business processes and made necessary modifications, and ensured a successful implementation of the identification system that is supported by sound business process and policy. Additionally, the CIO and the EA did not do this in some ivory tower, but rather in a collaborative “workshops with NIH stakeholder groups”. This collaboration with stakeholders hits on the essence of what User-centric EA is all about and how powerful it can be.


No comments: