DEPARTMENT OF THE NAVY CHIEF INFORMATION OFFICER Social
- Slides: 13
DEPARTMENT OF THE NAVY CHIEF INFORMATION OFFICER Social Security Number Reduction, What Happens Next? DON IM/IT Conference 22 – 24 January 2012 DON IT/CYBERSPACE EFFICIENCIES • ENTERPRISE ARCHITECTURE • EMERGING TECHNOLOGY • ENTERPRISE COMMERCIAL IT STRATEGY • CYBERSECURITY • CYBER / IT WORKFORCE INVESTMENT MANAGEMENT • CRITICAL INFRASTRUCTURE • INFORMATION SHARING • KNOWLEDGE & RECORDS MANAGEMENT • PRIVACY • NAVAL NETWORKS • ENTERPRISE
DEPARTMENT OF THE NAVY CHIEF INFORMATION OFFICER Agenda § Review of previous actions to reduce SSN – Phase 1 (forms) – Phase 2 (IT systems) – Metrics § SSN Removal from Do. D ID Cards § Phase 3 Plan (draft ALNAV w/SECNAV for signature) – Guidelines for use of the EDIPI/Do. D ID number – Update DON directives – Memos, spreadsheets, electronic lists, rosters – Faxes and scanners § Phase 4 ? DON IT/CYBERSPACE EFFICIENCIES • ENTERPRISE ARCHITECTURE • EMERGING TECHNOLOGY • ENTERPRISE COMMERCIAL IT STRATEGY • CYBERSECURITY • CYBER / IT WORKFORCE INVESTMENT MANAGEMENT • CRITICAL INFRASTRUCTURE • INFORMATION SHARING • KNOWLEDGE & RECORDS MANAGEMENT • PRIVACY • NAVAL NETWORKS • ENTERPRISE
DEPARTMENT OF THE NAVY CHIEF INFORMATION OFFICER DON SSN Reduction Actions To Date GOALS: § Significantly reduce the use, display, collection, dissemination or storage of SSNs across the DON. § Significantly reduce the number of breaches and personnel impacted associated with theft, loss or compromise of the SSN. § Phase 1 – – – Review and justify continued use/collection of SSNs in official Navy/Marine Corps forms Eliminate all unofficial forms! Post all official forms to DON forms repository Identify form owners All new forms that collect the SSN must go through the same review process § Phase 2 – Review and justify continued use/collection of SSNs in Navy/Marine Corps Information Technology (IT) systems. – Improve accuracy of DITPR DON data base for systems that collect the SSN – All new IT systems that collect the SSN must go through the same review process 3 DON IT/CYBERSPACE EFFICIENCIES • ENTERPRISE ARCHITECTURE • EMERGING TECHNOLOGY • ENTERPRISE COMMERCIAL IT STRATEGY • CYBERSECURITY • CYBER / IT WORKFORCE INVESTMENT MANAGEMENT • CRITICAL INFRASTRUCTURE • INFORMATION SHARING • KNOWLEDGE & RECORDS MANAGEMENT • PRIVACY • NAVAL NETWORKS • ENTERPRISE
DEPARTMENT OF THE NAVY CHIEF INFORMATION OFFICER Removal of the SSN from DOD ID Cards § 2008 – 2012 - Removal of printed family member SSNs from all family member ID cards § 2010 – Begin replacing the SSN with the Do. D ID number/Electronic Data Interchange Personal Identifier (EDIPI) and Do. D Benefits number § 1 Dec 2012 – Begin removal of the SSN from both bar codes DON IT/CYBERSPACE EFFICIENCIES • ENTERPRISE ARCHITECTURE • EMERGING TECHNOLOGY • ENTERPRISE COMMERCIAL IT STRATEGY • CYBERSECURITY • CYBER / IT WORKFORCE INVESTMENT MANAGEMENT • CRITICAL INFRASTRUCTURE • INFORMATION SHARING • KNOWLEDGE & RECORDS MANAGEMENT • PRIVACY • NAVAL NETWORKS • ENTERPRISE
DEPARTMENT OF THE NAVY CHIEF INFORMATION OFFICER Acceptable SSN Uses -Law Enforcement, National Security, Credentialing -Security Clearance Investigation or Verification -Interactions With Financial Institutions -Confirmation of Employment Eligibility -Administration of Federal Worker’s Compensation -Federal Taxpayer Identification Number -Computer Matching -Foreign Travel -Geneva Conventions Serial Number -Noncombatant Evacuation Operations -Legacy System Interface -Operational Necessity -Other Cases (with specified documentation) DON IT/CYBERSPACE EFFICIENCIES • ENTERPRISE ARCHITECTURE • EMERGING TECHNOLOGY • ENTERPRISE COMMERCIAL IT STRATEGY • CYBERSECURITY • CYBER / IT WORKFORCE INVESTMENT MANAGEMENT • CRITICAL INFRASTRUCTURE • INFORMATION SHARING • KNOWLEDGE & RECORDS MANAGEMENT • PRIVACY • NAVAL NETWORKS • ENTERPRISE
DEPARTMENT OF THE NAVY CHIEF INFORMATION OFFICER What does an official form look like? § Form title (e. g. “PII Breach Report”) § Form number (e. g. OPNAV 5211/13) § Date form created or last updated § If form collects PII directly from individual, a Privacy Act Statement (PAS) is required – Authority, purpose, routine use(s), disclosure § If form has pre-populated PII and does not collect from individual, may not have PAS § Contact your forms manager if form appears to be unofficial DON IT/CYBERSPACE EFFICIENCIES • ENTERPRISE ARCHITECTURE • EMERGING TECHNOLOGY • ENTERPRISE COMMERCIAL IT STRATEGY • CYBERSECURITY • CYBER / IT WORKFORCE INVESTMENT MANAGEMENT • CRITICAL INFRASTRUCTURE • INFORMATION SHARING • KNOWLEDGE & RECORDS MANAGEMENT • PRIVACY • NAVAL NETWORKS • ENTERPRISE
DEPARTMENT OF THE NAVY CHIEF INFORMATION OFFICER SSN Reduction Phase 1 and 2 Results Number of official forms in DON Number of forms with SSNs Number of forms cancelled Number of forms that eliminated or substitute d the SSN Percent of forms that reduced the use of the SSN ~26, 000 8, 886 1, 790 2, 106 44 % Total Number of IT Systems with SSNs in DITPR DON Number of correction s to the DITPR DON data base Number of IT Systems that can Eliminate or Substitute the SSN Percent of IT Systems that can reduce the use of the SSN 1572 26 45 25 % 205 DON IT/CYBERSPACE EFFICIENCIES • ENTERPRISE ARCHITECTURE • EMERGING TECHNOLOGY • ENTERPRISE COMMERCIAL IT STRATEGY • CYBERSECURITY • CYBER / IT WORKFORCE INVESTMENT MANAGEMENT • CRITICAL INFRASTRUCTURE • INFORMATION SHARING • KNOWLEDGE & RECORDS MANAGEMENT • PRIVACY • NAVAL NETWORKS • ENTERPRISE As of 21 Nov 2011
DEPARTMENT OF THE NAVY CHIEF INFORMATION OFFICER Phase 3 of the SSN Reduction Plan Highlights of Phase 3: § The term, “SSN use” now includes the last four digits (if lost, stolen or compromised, result is a PII breach). § For IT systems and forms that cannot justify continued use, a SSN Elimination Plan must be submitted to the DON CIO Privacy Office. § Where SSNs are justified and where possible, substitute the SSN for the Electron Data Interchange Personal Identifier (EDIPI)/Do. D ID number in forms and IT systems. § All letters, memoranda, spreadsheets, electronic and hard copy lists and surveys must meet the acceptable use criteria (effective 1 Oct ‘ 15). § When changes to a process result in the elimination of the SSN, DON directives and instructions must be updated. § Rosters are prohibited from collecting the SSN. § Only customers external to the DON may transmit SSNs and other PII via FAX machines (effective 1 Oct “ 12). DON IT/CYBERSPACE EFFICIENCIES • ENTERPRISE ARCHITECTURE • EMERGING TECHNOLOGY • ENTERPRISE COMMERCIAL IT STRATEGY • CYBERSECURITY • CYBER / IT WORKFORCE INVESTMENT MANAGEMENT • CRITICAL INFRASTRUCTURE • INFORMATION SHARING • KNOWLEDGE & RECORDS MANAGEMENT • PRIVACY • NAVAL NETWORKS • ENTERPRISE
DEPARTMENT OF THE NAVY CHIEF INFORMATION OFFICER FAXING SSNs and Other PII is a Bad Idea § One of the most unsecure means to transmit data – Uses unsecure phone lines – Easy to send to wrong person/wrong FAX number – Copy of transmission often left on machine – Recipient may not immediately pick up document, allowing others without a need to know to view § Use an alternative – Send encrypted/digitally signed email – Use Safe Access File Exchange (SAFE) – Use United States Postal Service DON IT/CYBERSPACE EFFICIENCIES • ENTERPRISE ARCHITECTURE • EMERGING TECHNOLOGY • ENTERPRISE COMMERCIAL IT STRATEGY • CYBERSECURITY • CYBER / IT WORKFORCE INVESTMENT MANAGEMENT • CRITICAL INFRASTRUCTURE • INFORMATION SHARING • KNOWLEDGE & RECORDS MANAGEMENT • PRIVACY • NAVAL NETWORKS • ENTERPRISE
DEPARTMENT OF THE NAVY CHIEF INFORMATION OFFICER DON Guidelines For Use of the Do. D ID § Presence or knowledge of an individual’s Do. D ID alone shall be considered as no more significant than presence or knowledge of that individual’s name. § The EDIPI/Do. D ID by itself or with name is considered PII. However, it is considered internal government ops related PII (e. g. work phone, job title) and is low risk. No breach if lost, stolen or compromised. § The Do. D ID shall only be used for Do. D business purposes. § The Do. D ID may not be shared with other federal agencies unless a Do. D/DON approved MOU is used. DON IT/CYBERSPACE EFFICIENCIES • ENTERPRISE ARCHITECTURE • EMERGING TECHNOLOGY • ENTERPRISE COMMERCIAL IT STRATEGY • CYBERSECURITY • CYBER / IT WORKFORCE INVESTMENT MANAGEMENT • CRITICAL INFRASTRUCTURE • INFORMATION SHARING • KNOWLEDGE & RECORDS MANAGEMENT • PRIVACY • NAVAL NETWORKS • ENTERPRISE
DEPARTMENT OF THE NAVY CHIEF INFORMATION OFFICER Our continuing challenges… – How do you eliminate all the forms, memos, electronic and hard copy lists and rosters that were used and stored before the new DON policy? – We are not in control of higher order forms and IT systems that are used by DON personnel or that interface with DON processesthey must change before we can. – Elimination/substitution of the SSN will incur unfunded program costs. – The DON SSN Reduction Plan requires a culture change and a strong commitment by all hands to significantly reduce the use of the SSN in DON business processes. DON IT/CYBERSPACE EFFICIENCIES • ENTERPRISE ARCHITECTURE • EMERGING TECHNOLOGY • ENTERPRISE COMMERCIAL IT STRATEGY • CYBERSECURITY • CYBER / IT WORKFORCE INVESTMENT MANAGEMENT • CRITICAL INFRASTRUCTURE • INFORMATION SHARING • KNOWLEDGE & RECORDS MANAGEMENT • PRIVACY • NAVAL NETWORKS • ENTERPRISE
DEPARTMENT OF THE NAVY CHIEF INFORMATION OFFICER Phase 4? § Phase 3 will take time to fully implement, especially IT system program changes substituting the Do. D ID in place of the SSN. § DON CIO will measure effectiveness of the SSN reduction plan and adjust policy to restrict further SSN use, if needed. – # of IT systems and forms that eliminate the SSN. – # of personnel impacted and – # of high risk PII breaches where SSN was compromised, lost or stolen. DON IT/CYBERSPACE EFFICIENCIES • ENTERPRISE ARCHITECTURE • EMERGING TECHNOLOGY • ENTERPRISE COMMERCIAL IT STRATEGY • CYBERSECURITY • CYBER / IT WORKFORCE INVESTMENT MANAGEMENT • CRITICAL INFRASTRUCTURE • INFORMATION SHARING • KNOWLEDGE & RECORDS MANAGEMENT • PRIVACY • NAVAL NETWORKS • ENTERPRISE
DEPARTMENT OF THE NAVY CHIEF INFORMATION OFFICER DON Privacy POCs STEVE MUCK DON CIO DON Privacy Team Lead Phone: (703) 695 -1297 Email: steven. muck@navy. mil STEVE DAUGHETY DON CIO Phone: (703) 602 -6393 Email: steve. daughety 1. ctr@navy. mil BARBARA FIGUEROA DON Forms Manager (DNS 51) Phone: (202) 433 -2835 Email: barbara. figueroa@navy. mil ROBIN PATTERSON OPNAV DNS-36 DON Privacy Act Program Manager Phone: (202) 685 -6545 Email: robin. patterson@navy. mil Vacant HQMC C 4 CYBER SECURITY DIVISION PII/PIA Analyst Phone: (571) 256 -8876 Email: XXX@hqmc. mil DEBORAH CONTAOI OPNAV DNS-36 Phone: (202) 685 -6546 Email: teri. contaoi. ctr@navy. mil LAURIE SOMERS HQMC Phone: (703) 6614 -2951 Email: laurie. somers@hqmc. mil www. doncio. navy. mil/privacy DON IT/CYBERSPACE EFFICIENCIES • ENTERPRISE ARCHITECTURE • EMERGING TECHNOLOGY • ENTERPRISE COMMERCIAL IT STRATEGY • CYBERSECURITY • CYBER / IT WORKFORCE 13 INVESTMENT MANAGEMENT • CRITICAL INFRASTRUCTURE • INFORMATION SHARING • KNOWLEDGE & RECORDS MANAGEMENT • PRIVACY • NAVAL NETWORKS • ENTERPRISE
Department of the navy chief information officer
Office of the government chief information officer
Chief information officer group (ciog)
Navy supply officer career path
Navy officer fitrep examples
Usmc mrow
Sobc navy
Chapter 9 lesson 3 commander in chief and chief diplomat
Chief knowledge officer
Chief data officer training
Cfo organizational chart
Chief improvement officer
Adolfo gonzales chief probation officer
Alexander kjerulf
