1. U.S. Department of Agriculture eGovernment Program July 9, 2003 eAuthentication Initiative Update for the eGovernment Working Group eGovernment Program

2. U.S. Department of Agriculture eGovernment Program 2 Agenda  eAuthentication Overview  GPEA/Requirements Gathering Results  eAuthentication Solution Architecture  eAuthentication Responsibilities – OCIO and Agency  Next Steps  Q&A

3. U.S. Department of Agriculture eGovernment Program 3 What is eAuthentication? The eAuthentication solution will verify a user’s identity when accessing online services across USDA and the Federal Government…  Help facilitate transformation of the way USDA conducts its business with Citizens and Public and Private Organizations  Integrate fully with the Presidential eAuthentication Gateway.  Reuse “credentials” and share common access across the Government  Support compliance with related legislation Government Paperwork Reduction Act (GPEA), immediate focus is to support agency implementation efforts to meet the October 2003 GPEA deadline Electronic Signatures in Global and National Commerce Ace (E-Sign) Freedom to E-File Act  Support Agency eGovernment initiatives Provide different levels of Authentication - a range of solutions from low to high assurance Support requirements for availability, confidentiality, integrity, non-repudiation; and security services

4. U.S. Department of Agriculture eGovernment Program 4 Marketing and Communications eAuthentication Pre-Implementation Phase Overview Change Management Planning and Implementation, Agency Assistance The following “gameboard” shows the major sequential tasks to complete the pre-implementation phase of eAuthentication. Each of these tasks are being completed in compliance with relevant federal, OMB, and USDA regulations and policies. Project Management Finalize Agency Requirements Finalize agency functional and technical requirements Prioritize agency requirements to ensure product match Identify Agency Stakeholders Identify agency representative Define roles and responsibilities Appoint Project Manager Assess Agencies’ Needs Assess Agencies Current Architect- ures Assess Agencies transaction authenticati on needs Create Security Levels Determine Security Levels needed at USDA Determine security levels for WebCAAF/G SA eAuthenticati on Gateway Map Agency Transactions to Solutions Determine which solutions can support the authentication needs of the transaction Design Security Technical Framework Detailed design WebCAAF High level design for Higher Level Assurance needs Detailed Design Directory Services Detailed Design Identity Management Agency Guidebook Develop Physical Architecture Document physical architecture for WebCAAF and GSA eAuthentication Gateway Develop Application Architecture Document application architecture for WebCAAF and GSA eAuthentication Gateway Review Agency Authenti- cation Risks Interaction Impact Profile Identify Interaction Authenticat ion Risks Evaluate Authenticat ion Risks Framework Architecture Agency Requirements Gathering Process Completed TasksIn-Progress Tasks

5. U.S. Department of Agriculture eGovernment Program 5 Agenda  eAuthentication Overview  GPEA/Requirements Gathering Results  eAuthentication Solution Architecture  eAuthentication Responsibilities – OCIO and Agency  Next Steps  Q&A

6. U.S. Department of Agriculture eGovernment Program 6 Mid-Year Progress Report on Implementing GPEA, March 2003 354(11%) 774(25%) 422(13%) 1,596 1 (51%) 3,146(100%) Interactions Completed to Date: Interactions to be Completed by 10/2003 Interactions to be Completed after 10/2003 Interactions that will not be Completed Total Progress Report on Implementing GPEA, July 2003 395(12%) 736(23%) 596(18%) 1,551 1 (47%) 3,278(100%) On July 1, OCIO submitted the FY 2003 Progress Report based on data obtained from the agencies through the Integrated eGovernment Reporting process. These numbers represent the aggregate of customer interactions that agencies indicated would not offer an electronic option as well as those interactions that were incomplete. 1 GPEA Progress to Date 36% 35%

7. U.S. Department of Agriculture eGovernment Program 7 Of the 736 interactions scheduled for GPEA compliance for October 2003, 639 require eAuthentication. Only 57 of these have been completed in the Online Impact Assessment Tool. Assurance Levels define the credibility necessary to support a person’s identification. The higher assurance level, the more information is needed to validate a person is who they say they are…  35 (61%) out of the 57 in-scope interactions require Level 2 Authentication  582 in-scope interactions have not been completed Agency Requirements Gathering Process

8. U.S. Department of Agriculture eGovernment Program 8 Agenda  eAuthentication Overview  GPEA/Requirements Gathering Results  eAuthentication Solution Architecture  eAuthentication Responsibilities – OCIO and Agency  Next Steps  Q&A

9. U.S. Department of Agriculture eGovernment Program 9 eAuthentication Architecture Components The eAuthentication Solution consists of 4 components…  Technical Architecture  Identity Management Processes  Registration Processes  eAuthentication Presidential Initiative - GSA Gateway

10. U.S. Department of Agriculture eGovernment Program 10 Internet RouterSwitch RouterSwitch INTERNET INTRANET Secondary Load Balanced Site Primary Load Balanced Site FIREWALLIDSACLNAT www.otherservices.usda.gov Enforcer WEB FARMS www.xyz.usda.gov Enforcer USDA Network FIREWALL ALTERNATIVE HOSTING FACILITY Secondary Load Balanced Site Policy Server Policy Stores User Stores Primary Load Balanced Site eAuthentication Technical Architecture

11. U.S. Department of Agriculture eGovernment Program 11 Identity Management and Registration Processes Identity Management  Password Services  Self Services  Delegated Administration  Help Desk Registration Processes  Self Service for Level 1 Assurance  Identification Proofing for Higher Levels  Service Center or other Local Registration Authorities  Agency-specific Authorization Profile Creation

12. U.S. Department of Agriculture eGovernment Program 12 The GSA Gateway is the Presidential Initiative solution for eAuthentication. USDA’s integration approach is to create a single point of integration with the GSA Gateway, through the USDA eAuthentication solution.  The USDA eAuthentication solution and GSA Gateway integration will occur once the Gateway is complete.  An integration proof-of-concept is planned for August, 2003.  Applications will integrate with the USDA eAuthentication solution, which will connect to the GSA Gateway, so each agency application will not have to be integrated separately with the GSA Gateway.  Upon completion, Agency applications will receive the benefits of the GSA Gateway. eAuthentication Presidential Initiative – GSA Gateway WebCAAF Agency Web Servers USDA Logon Servers Internet GSA Gateway ECP

13. U.S. Department of Agriculture eGovernment Program 13 Agenda  eAuthentication Overview  GPEA/Requirements Gathering Results  eAuthentication Solution Architecture  eAuthentication Responsibilities – OCIO and Agency  Next Steps  Q&A

14. U.S. Department of Agriculture eGovernment Program 14 OCIO Responsibilities OCIO Responsibilities - Management  Manage and Maintain the USDA eAuthentication Solution  Implement eAuthentication policies and procedures department-wide  Provide security management, system architecting, and technical assistance  Maintain a Program Manager responsible for the system delivery, installation, operations, maintenance and disposal OCIO Responsibilities - Operations  Provide a Help Desk for end users, including Agency users  Provide Problem Management and Change Management for eAuthentication Solution  Maintain infrastructure used by eAuthentication solution and other services including firewalls, routers, switches, and intrusion detection services  Develop an Administration team to handle the configuration, maintenance and future enhancements of the core eAuthentication solution components

15. U.S. Department of Agriculture eGovernment Program 15 OCIO Responsibilities OCIO Responsibilities - Implementation  Expand WebCAAF to support USDA authentication needs Expand WebCAAF user store to support all USDA users Build test environment Expand production technical infrastructure Expand support to 24x7  Build Registration services for Government-wide assurance levels 1 and 2  Build Identity Management Solution Build administration functionality for agency administration Build self-service user administration Create helpdesk  Integrate USDA eAuthentication with the Federal GSA eAuthentication Gateway.  Provide agencies with Technical Services to assist in integration with eAuthentication solution

16. U.S. Department of Agriculture eGovernment Program 16 Agency Responsibilities Agency Responsibilities - Management  Plan for and budget future use of eAuthentication for all electronic transactions, for Pre- November 2003, Post November 2003, and existing applications  Designate a Functional Application Office of Primary Responsibility (OPR) for each Agency application to define minimum security requirements that address accountability, access rights, special handling, confidentiality, integrity, and availability requirements  Designate a General Support System OPR to ensure the proper use of information technology and implement the technical security controls

17. U.S. Department of Agriculture eGovernment Program 17 Agency Responsibilities Agency Responsibilities - Operations  Provide support for application-related Help Desk issues for all the applications integrated with eAuthentication solution  Provide Problem Management and Change Management for the Agencies  Limited responsibility for User Management and Administration for eAuthentication solution  Provide Local Registration Authorities for individual user populations if desired.  Provide Authorization Management Agency Responsibilities - Implementation  Define and maintain affiliate information to determine relationships between organizations (companies, user groups) and their designated representatives  Work with eAuthentication to identify applications and assurance levels  Create any web pages needed to collect agency-specific authorization information (e.g. agency customer ID, name of organization)  Define User Roles for each application that requires authorization services

18. U.S. Department of Agriculture eGovernment Program 18 Agenda  eAuthentication Overview  Requirements Gathering Results  eAuthentication Solution Architecture  eAuthentication Responsibilities – OCIO and Agency  Next Steps  Q&A

19. U.S. Department of Agriculture eGovernment Program 19 eAuthentication - Next Steps The Next Steps to complete the Pre-Implementation Phase and begin the Implementation Phase are:  Present the Costing Model to Agencies for eAuthentication by July 25, 2003  Distribute the Agency Guidebook by July 25, 2003 Road map and details for integrating Agency Applications  Begin Implementation Phase on July 28, 2003 WebCAAF Expansion, Directory Services, Identity Management, User Registration Interfaces  Initiate GSA Gateway Integration Proof-of-Concept in August 2003  Begin integration of applications in September 2003

20. U.S. Department of Agriculture eGovernment Program 20 Agenda  eAuthentication Overview  GPEA/Requirements Gathering Results  eAuthentication Solution Architecture  eAuthentication Responsibilities – OCIO and Agency  Next Steps  Q&A

21. U.S. Department of Agriculture eGovernment Program 21 Questions and Answers

22. U.S. Department of Agriculture eGovernment Program 22 For More Information For more information on the eAuthentication Initiative, please review the eAuthentication Frequently Asked Questions on the eGovernment site: http://www.egov.usda.gov/resources/teamspace/team_resources.html Please contact the eGovernment team for username and password.