Subscribe to the Free Print Edition!
Celebrating 25 Years

GCN Home > 11/21/05 issue

OMB looks at shared-service plan for IT security functions

By Jason Miller and William Jackson, GCN Staff

The Office of Management and Budget has lifted the veil on the next set of standardized functions that shared-service providers will supply across government.

By spring 2007, an OMB-led task force will choose three centers of excellence in two functional areas under the IT Security Line of Business Consolidation effort. Two other functional areas are on tap to be moved to shared-service providers by 2009.

OMB is focusing on agency IT se- curity requests, hoping to standardize processes and reduce duplicative spending that adds up to more than 30 percent of the $4.5 billion agencies spend on IT security.

The IT security Line of Business task force submitted its business case to OMB in September. Once approved, it would be included in the 2007 budget proposal.

The plan established requirements on agency shared-service providers—and, presumably, private-sector providers as well—for training, Federal Information Security Management Act reporting, situational awareness and incident response and product evaluation. The task force followed the same concept OMB is using for the financial management and human resources LOBs.

“These are four areas of weaknesses across most agencies, but these also are areas where some agencies are doing it right,” John Sindelar, OMB’s project executive for the LOB initiatives, said at the Executive Leadership Conference sponsored by the Industry Advisory Council and American Council for Technology in Hershey, Pa.

“This is very complex and we are doing it incrementally, and we don’t want to do more than we can at this time,” Sindelar said.

Common areas

The four functional areas account for about $1.4 billion in IT security spending each year, said Glenn Schlarman, chief of OMB’s information policy and technology branch.

“We picked discrete areas that are the same for everyone or are a commodity,” said Schlarman. “We are introducing a service organization to take the burden off of the agency. Each system owner still would have to do their part to feed the information to the center of excellence.”

More news on related topics: IT Security, Lines of Business, Management



GCN Popup