1. Advanced Planning Brief to Industry Jerry L. Davis DAS, Office of Information Security June 9, 2011

2. 2 Agenda Discussion Points: – Who we are – Our Goals in Support of Our Mission – Our Critical Services – IT Funding Allocation Trends – FY12 Top Procurement Actions

3. Who We Are 3  OIS safeguards the services and benefits of more than – 25 million Veterans – 45 million beneficiaries – 260,000 VA employees – 1,000,000 IP enabled devices OIS Mission: “Serve our Veterans, their beneficiaries, employees, and all VA stakeholders by ensuring the confidentiality, integrity, and availability of VA sensitive information and information systems”

4. Five Goals Support the OIS Mission 4 1)Protect the overall VA information security and privacy posture to ensure confidentiality, integrity, and availability of information 2)Integrate risk and performance management into information security and privacy governance processes 3)Ensure alignment of VA security and privacy policy and standards with Federal guidelines and best practices 4)Balance VA business needs with security and privacy requirements to reduce risk and maximize productivity 5)Promote an environment where all employees’ and contractors’ actions reflect the importance of information security

5. Six Critical Services Enable OIS to Execute Our Mission 5 Office of Information Security Field Security Operations Cyber Security Privacy & Records Management Risk Management & Incident Response Business Continuity Network & Security Operations Center

6. Six Critical Services Enable OIS to Execute Our Mission 6  Field Security Operations: Ensures compliance and implementation of security solutions in accordance with Federal requirements; ensures privacy, confidentiality, integrity, and availability of VA information assets associated with VA services, as well as assures that cost effective security controls are in place to protect automated systems from financial fraud, waste, and abuse  Cyber Security: Assures VA information security systems, practices, policies, procedures, and standards are in compliance with regulatory requirements and legislated mandates governing information systems security  Privacy & Records Management: Integrates privacy considerations, responds to requests for information, manages official records, and ensures the confidentiality, integrity, and availability of VA sensitive information and information systems  Risk Management & Incident Response: Maintains the OIS Risk Management Program and manages VA response to data breaches or loss of sensitive personal information  Business Continuity: Develops and implements policies, plans, and procedures to mitigate the impact of disruptive events on VA mission-critical IT services and support a return to full functionality as swiftly and smoothly as possible  Network & Security Operations Center: Monitors, responds to, and reports threats and vulnerabilities on a 24x7 basis

7. FY10 – FY12 IT Acquisition Trends 7 In millions FY10FY11FY12 FSO$4.319$3.617$3.494 RMIR$6.743$6.366$9.111 Privacy$2.930$2.112$3.551 COOP$5.512$6.006 Cyber Security$45.845$33.323$18.223 NSOC$58.147$85.167$77.309

8. IT Funding Allocation 8 In millions ServicesHardwareSoftwareHybrid FY10$71.524$9.097$25.240$17.635 FY11$96.356$1.443$15.863$22.928 FY12$77.177$14.218$8.509$17.835

9. 9 Top Procurement Actions TITLEDESCRIPTIONEST. VALUE ESTIMATED AWARD DATE Identity Access Management Identity and Access Management is an initiative which will change the form of access to Physical and Logical access within the Federal government. It is a Cyber Security Federal requirement that we convert access to the Federal Identity, Credential & Access Management (FICAM) requirements. OIS is the Business Sponsor for IAM to coordinate across the Department the strategic vision for accomplishing FICAM requirements. $3,000,0009/30/2012 FISMA Program Services and SMART Operations This contract will yield development support for SMART to accommodate constantly changing OMB and DHS requirements for FISMA reporting. This contract is particularly essential this year, when the FISMA reporting is moving from paper reporting to automated data feeds, which will require significant modifications to SMART. $1,280,074 9/28/2012 Risk Management/Risk Monitoring and Review This contract is used to address Risk issues to include Risk Assessment in support of FSS and FISMA Compliance as mandated. These tasks require outside support to assist in filling resource shortages and expertise. $2,084,2958/15/2012 Software Assurance This solution will assist in developing partnerships and standards between the government, industry, and the private sector, imperative for cyber defense. To shift the security paradigm from patch management to software engineering to " build security in". $5,000,0009/30/2012 FY 12 Top Procurement Actions

10. 10 Top Procurement Actions TITLEDESCRIPTIONEST. VALUE ESTIMATED AWARD DATE Gateway Expansion 2011/2012This solution will expand the existing four One-VA Trusted Internet Connection (TIC) Gateways in order to continue to support CIO mandated visibility to the desktop initiative while continuing to be able to support other VA approved programs that reside on the perimeter of the One-VA wide area network in the One-VA TIC Gateways. $5,000,0009/1/2012 Gateway Application Firewall ServicesThis solution will protect VA information from application based attacks by detecting and blocking malicious web requests, preventing data leakage and monitoring application activity. $5,000,0005/1/2012 Backup & ImagingThe Backup and Imaging solution will provide needed and required backup, storage, and retention of all critical VA-NSOC data. The project will implement a new backup system, procedure, and network storage system that will address all identified deficiencies listed in the Data Backup Audit report and any legal requirements. The system will be owned and maintained by the VA-NSOC. $1,750,0004/18/2012 Customer Support Center (CSC)The VA NSOC has a requirement to provide tier I & II service center (help desk) support for a variety of technical areas including: PKI, HIPS, NIPS, security devices and security incidents. This support involves the initial user support, monitoring, triage, analysis, troubleshooting and escalation of events and calls reported. $3,700,0008/13/2012 Audit ResolutionThis solution is Required by the Federal Information Security Management Act (FISMA), independent evaluation of the cyber security program is designed to assess the adequacy and effectiveness of information security policies, procedures, and practices. This request is for a management system to systematically address deficiencies noted in such audits. $3,500,0007/30/2012 FY 12 Top Procurement Actions

11. 11 FY 12 Top Procurement Actions Top Procurement Actions TITLEDESCRIPTIONEST. VALUE ESTIMATED AWARD DATE Business Continuity (CEMHSP) Support Contract Support is required for the following : 1) Development, staffing and approval of the OI&T Multi-Year Strategy and Project Management Plan (MYSPMP) for CEMHSP 2) Develop OI&T plans and procedures for the planning scenarios outlined in Homeland Security Presidential Directive (HSPD)-8, National Preparedness and in accordance with the Department of Homeland Security (DHS) Integrated Planning System (IPS) 3) Meet all OI&T requirements under National Security Presidential Directive (NSPD)-51/HSPD-20, National Continuity Policy and supporting federal continuity regulation and guidance 4) Ensure the integration of IS Contingency and Disaster Recover (ISCP/DR) Plans into the CEMHSP $2,863,3079/1/2012 ESSS IT & PM Support Contractor support is required to assist with meeting with vendors, conducting security evaluations, testing various IT security technologies, and providing comprehensive security reports, security configuration guidelines, and professional recommendations to the Department of Veteran Affairs. $1,252,0008/21/2012