Download presentation
Presentation is loading. Please wait.
Published byMorgan Lucas Modified over 8 years ago
1
DON IT/C YBERSPACE E FFICIENCIES E NTERPRISE A RCHITECTURE E MERGING T ECHNOLOGY E NTERPRISE C OMMERCIAL IT S TRATEGY C YBERSECURITY C YBER / IT W ORKFORCE I NVESTMENT M ANAGEMENT C RITICAL I NFRASTRUCTURE I NFORMATION S HARING K NOWLEDGE & R ECORDS M ANAGEMENT P RIVACY N AVAL N ETWORKS E NTERPRISE S ERVICES DON IT/C YBERSPACE E FFICIENCIES E NTERPRISE A RCHITECTURE E MERGING T ECHNOLOGY E NTERPRISE C OMMERCIAL IT S TRATEGY C YBERSECURITY C YBER / IT W ORKFORCE I NVESTMENT M ANAGEMENT C RITICAL I NFRASTRUCTURE I NFORMATION S HARING K NOWLEDGE & R ECORDS M ANAGEMENT P RIVACY N AVAL N ETWORKS E NTERPRISE S ERVICES D EPARTMENT OF THE N AVY C HIEF I NFORMATION O FFICER Social Security Number Reduction, What Happens Next? DON IM/IT Conference 22 – 24 January 2012 DON IM/IT Conference 22 – 24 January 2012
2
D EPARTMENT OF THE N AVY C HIEF I NFORMATION O FFICER DON IT/C YBERSPACE E FFICIENCIES E NTERPRISE A RCHITECTURE E MERGING T ECHNOLOGY E NTERPRISE C OMMERCIAL IT S TRATEGY C YBERSECURITY C YBER / IT W ORKFORCE I NVESTMENT M ANAGEMENT C RITICAL I NFRASTRUCTURE I NFORMATION S HARING K NOWLEDGE & R ECORDS M ANAGEMENT P RIVACY N AVAL N ETWORKS E NTERPRISE S ERVICES DON IT/C YBERSPACE E FFICIENCIES E NTERPRISE A RCHITECTURE E MERGING T ECHNOLOGY E NTERPRISE C OMMERCIAL IT S TRATEGY C YBERSECURITY C YBER / IT W ORKFORCE I NVESTMENT M ANAGEMENT C RITICAL I NFRASTRUCTURE I NFORMATION S HARING K NOWLEDGE & R ECORDS M ANAGEMENT P RIVACY N AVAL N ETWORKS E NTERPRISE S ERVICES Agenda Review of previous actions to reduce SSN – Phase 1 (forms) – Phase 2 (IT systems) – Metrics SSN Removal from DoD ID Cards Phase 3 Plan (draft ALNAV w/SECNAV for signature) – Guidelines for use of the EDIPI/DoD ID number – Update DON directives – Memos, spreadsheets, electronic lists, rosters – Faxes and scanners Phase 4 ?
3
D EPARTMENT OF THE N AVY C HIEF I NFORMATION O FFICER DON IT/C YBERSPACE E FFICIENCIES E NTERPRISE A RCHITECTURE E MERGING T ECHNOLOGY E NTERPRISE C OMMERCIAL IT S TRATEGY C YBERSECURITY C YBER / IT W ORKFORCE I NVESTMENT M ANAGEMENT C RITICAL I NFRASTRUCTURE I NFORMATION S HARING K NOWLEDGE & R ECORDS M ANAGEMENT P RIVACY N AVAL N ETWORKS E NTERPRISE S ERVICES DON IT/C YBERSPACE E FFICIENCIES E NTERPRISE A RCHITECTURE E MERGING T ECHNOLOGY E NTERPRISE C OMMERCIAL IT S TRATEGY C YBERSECURITY C YBER / IT W ORKFORCE I NVESTMENT M ANAGEMENT C RITICAL I NFRASTRUCTURE I NFORMATION S HARING K NOWLEDGE & R ECORDS M ANAGEMENT P RIVACY N AVAL N ETWORKS E NTERPRISE S ERVICES 3 DON SSN Reduction Actions To Date GOALS: Significantly reduce the use, display, collection, dissemination or storage of SSNs across the DON. Significantly reduce the number of breaches and personnel impacted associated with theft, loss or compromise of the SSN. Phase 1 – – Review and justify continued use/collection of SSNs in official Navy/Marine Corps forms – Eliminate all unofficial forms! – Post all official forms to DON forms repository – Identify form owners – All new forms that collect the SSN must go through the same review process Phase 2 - – Review and justify continued use/collection of SSNs in Navy/Marine Corps Information Technology (IT) systems. – Improve accuracy of DITPR DON data base for systems that collect the SSN – All new IT systems that collect the SSN must go through the same review process
4
D EPARTMENT OF THE N AVY C HIEF I NFORMATION O FFICER DON IT/C YBERSPACE E FFICIENCIES E NTERPRISE A RCHITECTURE E MERGING T ECHNOLOGY E NTERPRISE C OMMERCIAL IT S TRATEGY C YBERSECURITY C YBER / IT W ORKFORCE I NVESTMENT M ANAGEMENT C RITICAL I NFRASTRUCTURE I NFORMATION S HARING K NOWLEDGE & R ECORDS M ANAGEMENT P RIVACY N AVAL N ETWORKS E NTERPRISE S ERVICES DON IT/C YBERSPACE E FFICIENCIES E NTERPRISE A RCHITECTURE E MERGING T ECHNOLOGY E NTERPRISE C OMMERCIAL IT S TRATEGY C YBERSECURITY C YBER / IT W ORKFORCE I NVESTMENT M ANAGEMENT C RITICAL I NFRASTRUCTURE I NFORMATION S HARING K NOWLEDGE & R ECORDS M ANAGEMENT P RIVACY N AVAL N ETWORKS E NTERPRISE S ERVICES Removal of the SSN from DOD ID Cards 2008 – 2012- Removal of printed family member SSNs from all family member ID cards 2010 – Begin replacing the SSN with the DoD ID number/Electronic Data Interchange Personal Identifier (EDIPI) and DoD Benefits number 1 Dec 2012 – Begin removal of the SSN from both bar codes
5
D EPARTMENT OF THE N AVY C HIEF I NFORMATION O FFICER DON IT/C YBERSPACE E FFICIENCIES E NTERPRISE A RCHITECTURE E MERGING T ECHNOLOGY E NTERPRISE C OMMERCIAL IT S TRATEGY C YBERSECURITY C YBER / IT W ORKFORCE I NVESTMENT M ANAGEMENT C RITICAL I NFRASTRUCTURE I NFORMATION S HARING K NOWLEDGE & R ECORDS M ANAGEMENT P RIVACY N AVAL N ETWORKS E NTERPRISE S ERVICES DON IT/C YBERSPACE E FFICIENCIES E NTERPRISE A RCHITECTURE E MERGING T ECHNOLOGY E NTERPRISE C OMMERCIAL IT S TRATEGY C YBERSECURITY C YBER / IT W ORKFORCE I NVESTMENT M ANAGEMENT C RITICAL I NFRASTRUCTURE I NFORMATION S HARING K NOWLEDGE & R ECORDS M ANAGEMENT P RIVACY N AVAL N ETWORKS E NTERPRISE S ERVICES Acceptable SSN Uses - Law Enforcement, National Security, Credentialing -Security Clearance Investigation or Verification -Interactions With Financial Institutions -Confirmation of Employment Eligibility -Administration of Federal Worker’s Compensation -Federal Taxpayer Identification Number -Computer Matching -Foreign Travel -Geneva Conventions Serial Number -Noncombatant Evacuation Operations -Legacy System Interface -Operational Necessity -Other Cases (with specified documentation)
6
D EPARTMENT OF THE N AVY C HIEF I NFORMATION O FFICER DON IT/C YBERSPACE E FFICIENCIES E NTERPRISE A RCHITECTURE E MERGING T ECHNOLOGY E NTERPRISE C OMMERCIAL IT S TRATEGY C YBERSECURITY C YBER / IT W ORKFORCE I NVESTMENT M ANAGEMENT C RITICAL I NFRASTRUCTURE I NFORMATION S HARING K NOWLEDGE & R ECORDS M ANAGEMENT P RIVACY N AVAL N ETWORKS E NTERPRISE S ERVICES DON IT/C YBERSPACE E FFICIENCIES E NTERPRISE A RCHITECTURE E MERGING T ECHNOLOGY E NTERPRISE C OMMERCIAL IT S TRATEGY C YBERSECURITY C YBER / IT W ORKFORCE I NVESTMENT M ANAGEMENT C RITICAL I NFRASTRUCTURE I NFORMATION S HARING K NOWLEDGE & R ECORDS M ANAGEMENT P RIVACY N AVAL N ETWORKS E NTERPRISE S ERVICES What does an official form look like? Form title (e.g. “PII Breach Report”) Form number (e.g. OPNAV 5211/13) Date form created or last updated If form collects PII directly from individual, a Privacy Act Statement (PAS) is required – Authority, purpose, routine use(s), disclosure If form has pre-populated PII and does not collect from individual, may not have PAS Contact your forms manager if form appears to be unofficial
7
D EPARTMENT OF THE N AVY C HIEF I NFORMATION O FFICER DON IT/C YBERSPACE E FFICIENCIES E NTERPRISE A RCHITECTURE E MERGING T ECHNOLOGY E NTERPRISE C OMMERCIAL IT S TRATEGY C YBERSECURITY C YBER / IT W ORKFORCE I NVESTMENT M ANAGEMENT C RITICAL I NFRASTRUCTURE I NFORMATION S HARING K NOWLEDGE & R ECORDS M ANAGEMENT P RIVACY N AVAL N ETWORKS E NTERPRISE S ERVICES DON IT/C YBERSPACE E FFICIENCIES E NTERPRISE A RCHITECTURE E MERGING T ECHNOLOGY E NTERPRISE C OMMERCIAL IT S TRATEGY C YBERSECURITY C YBER / IT W ORKFORCE I NVESTMENT M ANAGEMENT C RITICAL I NFRASTRUCTURE I NFORMATION S HARING K NOWLEDGE & R ECORDS M ANAGEMENT P RIVACY N AVAL N ETWORKS E NTERPRISE S ERVICES SSN Reduction Phase 1 and 2 Results Number of official forms in DON Number of forms with SSNs Number of forms cancelled Number of forms that eliminated or substitute d the SSN Percent of forms that reduced the use of the SSN ~26,0008,8861,7902,10644 % Total Number of IT Systems in DITPR DON Number of IT Systems with SSNs Number of correction s to the DITPR DON data base Number of IT Systems that can Eliminate or Substitute the SSN Percent of IT Systems that can reduce the use of the SSN 1572205264525 % As of 21 Nov 2011
8
D EPARTMENT OF THE N AVY C HIEF I NFORMATION O FFICER DON IT/C YBERSPACE E FFICIENCIES E NTERPRISE A RCHITECTURE E MERGING T ECHNOLOGY E NTERPRISE C OMMERCIAL IT S TRATEGY C YBERSECURITY C YBER / IT W ORKFORCE I NVESTMENT M ANAGEMENT C RITICAL I NFRASTRUCTURE I NFORMATION S HARING K NOWLEDGE & R ECORDS M ANAGEMENT P RIVACY N AVAL N ETWORKS E NTERPRISE S ERVICES DON IT/C YBERSPACE E FFICIENCIES E NTERPRISE A RCHITECTURE E MERGING T ECHNOLOGY E NTERPRISE C OMMERCIAL IT S TRATEGY C YBERSECURITY C YBER / IT W ORKFORCE I NVESTMENT M ANAGEMENT C RITICAL I NFRASTRUCTURE I NFORMATION S HARING K NOWLEDGE & R ECORDS M ANAGEMENT P RIVACY N AVAL N ETWORKS E NTERPRISE S ERVICES Phase 3 of the SSN Reduction Plan Highlights of Phase 3: The term, “SSN use” now includes the last the last four digits (if lost, stolen or compromised, result is a PII breach). For IT systems and forms that cannot justify continued use, a SSN Elimination Plan must be submitted to the DON CIO Privacy Office. Where SSNs are justified and where possible, substitute the SSN for the Electron Data Interchange Personal Identifier (EDIPI)/DoD ID number in forms and IT systems. All letters, memoranda, spreadsheets, electronic and hard copy lists and surveys must meet the acceptable use criteria (effective 1 Oct ‘15). When changes to a process result in the elimination of the SSN, DON directives and instructions must be updated. Rosters are prohibited from collecting the SSN. Only customers external to the DON may transmit SSNs and other PII via FAX machines (effective 1 Oct “12).
9
D EPARTMENT OF THE N AVY C HIEF I NFORMATION O FFICER DON IT/C YBERSPACE E FFICIENCIES E NTERPRISE A RCHITECTURE E MERGING T ECHNOLOGY E NTERPRISE C OMMERCIAL IT S TRATEGY C YBERSECURITY C YBER / IT W ORKFORCE I NVESTMENT M ANAGEMENT C RITICAL I NFRASTRUCTURE I NFORMATION S HARING K NOWLEDGE & R ECORDS M ANAGEMENT P RIVACY N AVAL N ETWORKS E NTERPRISE S ERVICES DON IT/C YBERSPACE E FFICIENCIES E NTERPRISE A RCHITECTURE E MERGING T ECHNOLOGY E NTERPRISE C OMMERCIAL IT S TRATEGY C YBERSECURITY C YBER / IT W ORKFORCE I NVESTMENT M ANAGEMENT C RITICAL I NFRASTRUCTURE I NFORMATION S HARING K NOWLEDGE & R ECORDS M ANAGEMENT P RIVACY N AVAL N ETWORKS E NTERPRISE S ERVICES FAXING SSNs and Other PII is a Bad Idea One of the most unsecure means to transmit data – Uses unsecure phone lines – Easy to send to wrong person/wrong FAX number – Copy of transmission often left on machine – Recipient may not immediately pick up document, allowing others without a need to know to view Use an alternative – Send encrypted/digitally signed email – Use Safe Access File Exchange (SAFE) – Use United States Postal Service
10
D EPARTMENT OF THE N AVY C HIEF I NFORMATION O FFICER DON IT/C YBERSPACE E FFICIENCIES E NTERPRISE A RCHITECTURE E MERGING T ECHNOLOGY E NTERPRISE C OMMERCIAL IT S TRATEGY C YBERSECURITY C YBER / IT W ORKFORCE I NVESTMENT M ANAGEMENT C RITICAL I NFRASTRUCTURE I NFORMATION S HARING K NOWLEDGE & R ECORDS M ANAGEMENT P RIVACY N AVAL N ETWORKS E NTERPRISE S ERVICES DON IT/C YBERSPACE E FFICIENCIES E NTERPRISE A RCHITECTURE E MERGING T ECHNOLOGY E NTERPRISE C OMMERCIAL IT S TRATEGY C YBERSECURITY C YBER / IT W ORKFORCE I NVESTMENT M ANAGEMENT C RITICAL I NFRASTRUCTURE I NFORMATION S HARING K NOWLEDGE & R ECORDS M ANAGEMENT P RIVACY N AVAL N ETWORKS E NTERPRISE S ERVICES DON Guidelines For Use of the DoD ID Presence or knowledge of an individual’s DoD ID alone shall be considered as no more significant than presence or knowledge of that individual’s name. The EDIPI/DoD ID by itself or with name is considered PII. However, it is considered internal government ops related PII (e.g. work phone, job title) and is low risk. No breach if lost, stolen or compromised. The DoD ID shall only be used for DoD business purposes. The DoD ID may not be shared with other federal agencies unless a DoD/DON approved MOU is used.
11
D EPARTMENT OF THE N AVY C HIEF I NFORMATION O FFICER DON IT/C YBERSPACE E FFICIENCIES E NTERPRISE A RCHITECTURE E MERGING T ECHNOLOGY E NTERPRISE C OMMERCIAL IT S TRATEGY C YBERSECURITY C YBER / IT W ORKFORCE I NVESTMENT M ANAGEMENT C RITICAL I NFRASTRUCTURE I NFORMATION S HARING K NOWLEDGE & R ECORDS M ANAGEMENT P RIVACY N AVAL N ETWORKS E NTERPRISE S ERVICES DON IT/C YBERSPACE E FFICIENCIES E NTERPRISE A RCHITECTURE E MERGING T ECHNOLOGY E NTERPRISE C OMMERCIAL IT S TRATEGY C YBERSECURITY C YBER / IT W ORKFORCE I NVESTMENT M ANAGEMENT C RITICAL I NFRASTRUCTURE I NFORMATION S HARING K NOWLEDGE & R ECORDS M ANAGEMENT P RIVACY N AVAL N ETWORKS E NTERPRISE S ERVICES Our continuing challenges… – How do you eliminate all the forms, memos, electronic and hard copy lists and rosters that were used and stored before the new DON policy? – We are not in control of higher order forms and IT systems that are used by DON personnel or that interface with DON processes- they must change before we can. – Elimination/substitution of the SSN will incur unfunded program costs. – The DON SSN Reduction Plan requires a culture change and a strong commitment by all hands to significantly reduce the use of the SSN in DON business processes.
12
D EPARTMENT OF THE N AVY C HIEF I NFORMATION O FFICER DON IT/C YBERSPACE E FFICIENCIES E NTERPRISE A RCHITECTURE E MERGING T ECHNOLOGY E NTERPRISE C OMMERCIAL IT S TRATEGY C YBERSECURITY C YBER / IT W ORKFORCE I NVESTMENT M ANAGEMENT C RITICAL I NFRASTRUCTURE I NFORMATION S HARING K NOWLEDGE & R ECORDS M ANAGEMENT P RIVACY N AVAL N ETWORKS E NTERPRISE S ERVICES DON IT/C YBERSPACE E FFICIENCIES E NTERPRISE A RCHITECTURE E MERGING T ECHNOLOGY E NTERPRISE C OMMERCIAL IT S TRATEGY C YBERSECURITY C YBER / IT W ORKFORCE I NVESTMENT M ANAGEMENT C RITICAL I NFRASTRUCTURE I NFORMATION S HARING K NOWLEDGE & R ECORDS M ANAGEMENT P RIVACY N AVAL N ETWORKS E NTERPRISE S ERVICES Phase 4? Phase 3 will take time to fully implement, especially IT system program changes substituting the DoD ID in place of the SSN. DON CIO will measure effectiveness of the SSN reduction plan and adjust policy to restrict further SSN use, if needed. – # of IT systems and forms that eliminate the SSN. – # of personnel impacted and – # of high risk PII breaches where SSN was compromised, lost or stolen.
13
D EPARTMENT OF THE N AVY C HIEF I NFORMATION O FFICER DON IT/C YBERSPACE E FFICIENCIES E NTERPRISE A RCHITECTURE E MERGING T ECHNOLOGY E NTERPRISE C OMMERCIAL IT S TRATEGY C YBERSECURITY C YBER / IT W ORKFORCE I NVESTMENT M ANAGEMENT C RITICAL I NFRASTRUCTURE I NFORMATION S HARING K NOWLEDGE & R ECORDS M ANAGEMENT P RIVACY N AVAL N ETWORKS E NTERPRISE S ERVICES DON IT/C YBERSPACE E FFICIENCIES E NTERPRISE A RCHITECTURE E MERGING T ECHNOLOGY E NTERPRISE C OMMERCIAL IT S TRATEGY C YBERSECURITY C YBER / IT W ORKFORCE I NVESTMENT M ANAGEMENT C RITICAL I NFRASTRUCTURE I NFORMATION S HARING K NOWLEDGE & R ECORDS M ANAGEMENT P RIVACY N AVAL N ETWORKS E NTERPRISE S ERVICES 13 DON Privacy POCs STEVE MUCK DON CIO DON Privacy Team Lead Phone: (703) 695-1297 Email: steven.muck@navy.mil STEVE DAUGHETY DON CIO Phone: (703) 602-6393 Email: steve.daughety1.ctr@navy.mil ROBIN PATTERSON OPNAV DNS-36 DON Privacy Act Program Manager Phone: (202) 685-6545 Email: robin.patterson@navy.mil DEBORAH CONTAOI OPNAV DNS-36 Phone: (202) 685-6546 Email: teri.contaoi.ctr@navy.mil Vacant HQMC C4 CYBER SECURITY DIVISION PII/PIA Analyst Phone: (571) 256-8876 Email: XXX.XXX@hqmc.mil BARBARA FIGUEROA DON Forms Manager (DNS 51) Phone: (202) 433-2835 Email: barbara.figueroa@navy.mil LAURIE SOMERS HQMC Phone: (703) 6614-2951 Email: laurie.somers@hqmc.mil www.doncio.navy.mil/privacy
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.