By Gary Cox, Associate CIO for Enterprise Services and Integration
Why I3P? Improved Security, Efficiency, Integration, and Mission Support!
In 2007, there was a convergence of circumstances that led to the development of the IT Infrastructure Integration Program, or I3P, and its subsequent approval by the Agency Strategic Management Council. First, two separate studies, one from the Office of Management and Budget and one from NASA's Program Analysis and Evaluation Office, indicated that NASA spent significantly more (per supported user) than peer organizations on IT infrastructure (networks, data centers, computer hardware, etc.). We had to find a way to become more efficient in providing IT services, which pointed toward consolidation of services at the Agency level.
Second, the Constellation Program relied on sending work packages across the NASA Centers to accomplish program requirements. A critical need was identified for the IT infrastructure to support the collaboration required under this distributed work model (10 healthy Centers). Instead of acting as separate business units, Centers had to be able to share program data and applications across a more robust and integrated network. Projects to upgrade network bandwidth and replace obsolete equipment, as well as collaborative tools to enable the mission, were needed.
Third, IT security at NASA was deemed a material weakness under NASA internal control processes due to various vulnerabilities and documented security incidents associated with how the IT infrastructure was provisioned, managed, and designed. It became clear that we had to become more disciplined in controlling system access, patching vulnerabilities, and monitoring/securing network boundaries.
Fourth, several large Agency IT contracts were on the verge of expiring and in need of replacement, such as the Outsourcing Desktop Initiative for NASA (ODIN) contract. Rather than recompete contracts in kind, a fresh look was given to customer pain points, lessons learned, service requirements, technology possibilities, and Government/industry best practices in developing the new I3P procurements. In conjunction, NASA is implementing a disciplined IT service management capability that aligns with the IT Infrastructure library V.3 framework for service strategy, design, transition, operation, and continuous improvement.
Finally, the Agency needed to implement improved identity, credential, and access management to meet Federal mandates under Homeland Security Presidential Directive 12. This required that several critical projects be executed at the Agency level to enable the use of smart cards for logical access and authorization to systems such as the NASA Consolidated Active Directory (NCAD) and the NASA Account Management System (NAMS). Single sign-on is now becoming more prevalent as a result of these initiatives.
In summary, I3P was developed in response to the challenges identified above. Its six goals are as follows:
- Define the network perimeter and consolidate network management by establishing a policy and architecture for implementation, hardware installation, connectivity, and firewall configuration.
- Establish the Agency network visibility of IT assets and consolidate Agency network monitoring and management, integrating IT management and operations service to provide a one-stop, end-to-end service delivery.
- Enable cross-Center collaboration and strengthen IT security by implementing strong authentication capabilities with the issuance of Agency credentials tied to authoritative sources of identities.
- Migrate systems to physically secure and properly managed data centers.
- Make NASA's information easier to discover and access by developing a taxonomy consistent with user-defined vocabularies and implementing the taxonomy in an information and data model.
- Standardize and consolidate the management of end-user devices and make collaborative tools available.
I3P is composed of five IT service areas. Please see this issue for a discussion of the EAST IT service. Look for discussions of other I3P service areas in upcoming issues of IT Talk.