Responsive Document - CREW: Department of The Army: Regarding Record Management and Cloud Computing (6/24/2011 FOIA Requests) : 4/4/2012 - Redacted USACE Pages - Binder

USACE Simplified Network Overview for Email
Foreign Country LAN/WiFi VPN (deployed in 91 OWA countries and uses local country ISP's) VPN OWA Foreign Commercial ISP DISA DECCs (enterprise email Exchange 2010)
Home/Hotel
Commercial ISP
Gateway
Internet2
Internet
Gateway
NIPRNet
GIG
DREN
Portland, OR OC12 (AT&T ISP) Vicksburg, MS
USACE email Exchange 2003 BES server
CONUS USACE Research Datacenters and USACE Applications/ SCADA
USACE email Exchange 2003 BES server
OC3
CorpsNet (AT&T, Verizon MPLS)
Sensors generate automated email (water table, temperature)
CONUS Office LAN/WiFi
Local Exchange instance
Over 2500 sites (very few are military sites) 61,000+ XP workstations/ approximately 50% of which are Commercial laptops (remote users - VPN) (1/3 lifecycle replacement each year Cellular Network 2011 2013) Two data centers Vicksburg and Portland Exchange OC12 connections to the 2003 internet OC3 between data centers BlackBerry server (COOP/DR) 10,000+ Blackberry users
BUILDING STRONG
DEPARTMENT OF THE ARMY

U.S. ARMY CORPS OF ENGINEERS 441 G STREET NW WASHINGTON, D.C. 20314-1000
CECI-E (25-2)
01 October 2010
MEMORANDUM THRU Director, Office of Information Assurance & Compliance, Cyber Directorate, CIO/G6, ATTN: SAIS-CB, 2530 CRYSTAL DRIVE, ARLINGTON, VA 22202 MEMORANDUM FOR Deputy Commanding General, Network Enterprise Technology Command/ 9th Signal Command (Army), ATTN: NETC-DCG, 2133 Cushing Street, Suite 3206, Fort Huachuca, AZ 85613-7070 SUBJECT: Vista Waiver Extension for U.S. Army Corps of Engineers. INCLUDED: Previous USACE Vista Waiver Request(s): 27May2009, 24April2010. 1. 2. 3. PEO USACE Office of the Director, Corporate Information. PEO POC Robert V. Kazimer SES - Director, Corporate Information PM Contact Gary Seibert Chief, USACE Enterprise Services. gary.m.seibert@usace.army.mil, 912-652-5806 APMS DA110974 System Name US Army Corps of Engineers Network (CorpsNET). System Description The US Army Corps of Engineers Network (CorpsNET) provides for the delivery of all corporate IM/IT support and services from two USACE data centers as well as local (District, Division, Lab) resources to the customer desktop. OS & Version Windows XP Professional Service Pack 3 NIPRnet Systems (CorpsNET) 47,080 SIPRnet Systems 240
4. 5. 6.
7. 8. 9.
10. Location All 11. Reason for Waiver (The incompatibility. The Migration plan. Why you cannot migrate. The fact that it is a DMDC product is very important to bring out) Please reference previously submitted USACE Vista Waiver requests which follow this document. 12. Impact if Denied (Be specific on what will happen if the system is taken off the network) BLUF: The USACE service provider Army Corps of Engineers - Information Technology (ACE-IT) ROM estimate is 13 months and $30M dollars to upgrade all desktop operating
systems. This ROM does not include additional costs incurred for necessary hardware upgrades required to acceptably run the OS and all associated applications. The USACE network (CorpsNET) is not currently part of the Army NIPRNET. If the denial includes a rescission of the USACE CorpsNET ATO, it would result in an inability for USACE to meet mission requirements as well as significant costs associated with hardware upgrade/replacement and XP to Vista migration (Appendix A USACE Vista Deployment ROM in the previously submitted 2010-04-24_USACE Vista Waiver request which follows this document). 13. Resources Needed? BLUF: No additional resources required if request is approved. For detailed ROM estimates if the USACE Waiver Request is not approved please see Appendix A USACE Vista Deployment ROM in the previously submitted 2010-0424_USACE Vista Waiver request which follows this document. 14. Migration Timeline BLUF: Fully compliant (MS Win7 AGM) by 01Oct2013. The proposal is to use the existing three year lifecycle replacement process (beginning in FY11and executed at a rate of 15,000 PCs/year at a cost of $30M/year) to enable compliance. For details, please see Appendix B USACE Vista Waiver Milestones in the previously submitted 2010-04-24_USACE Vista Waiver request which follows this document. 15. Windows 7 Pilot USACE has been a registered and active participant in the Army MS Win7 AGM Beta program. USACE is already piloting a USACE standard desktop Win7 AGM image which is a result of our participation in the Army MS Win7 AGM Beta program. USACE is simply waiting for the official Army release of the Army MS Win7 AGM image. 16. DAA Robert V. Kazimer SES - Director, Corporate Information* * Ms. Lee has indicated that a signed copy of the USACE POA&M has already been received and therefore the DAA does not need to provide a signature for this document.
Encl
DAA Signature Block
29 April 2010
Pages 8 through 9 redacted for the following reasons: ---------------------------(b)(5) - deliberative material, recommendation
Date: Organization Project Name
1-Jan-10 US Army Corps of Engineers WIN7 DESKTOP DEPLOYMENT
DOIM Name: DOIM Phone: DOIM Email:
ACE-IT (Army Corps of Engineers Information Technology) 1 866 562-2348 https://www.aceit.usace.army.mil
POC Name: POC Phone: POC Email:
Gary Seibert 912-652-5806 gary.m.seibert@usace.army.mil
Mission
POC
Resources Required AGM Vista 8.x and 9.x images
Scheduled Completion Date

12/31/09
Milestones with Completion Dates On 31 Jan 2009, the Army published HQDA EXORD, Directs all Army to immediately comply with the Vista migration requirements and complete NLT 31 Dec 09.
Milestone Changes All milestones dates, except the final compliance date, have been pushed back in order to accommodate the final release of the EXORD.
C&A
ATC/ATO DATE
APMS REGISTERATION NUMBER(s)
APPLICATION(s) List of applications not Vista compliant & why its mission critical
APPLICATION(s) LOCATION(s)
# OF SIPR PC Number of computers not Vista compliant
# OF NIPR PC Number of computers not Vista compliant
Expected Upgrade Date Please list the expected date that the noncompliant computers will be replaced via life cycle management
CURRENT STATUS
COMMENTS
HQDA EXORD 056-09 MANDATES THE ARMY POC Info IMPLEMENTS THE ARMY GOLDEN MASTER AS THE listed above BASELINE STANDARD FOR ALL WINDOWS-BASED is different INFORMATION SYSTEMS IN ORDER TO ENSURE INTEGRITY OF THE LANDWARNET FOR FUTURE OPERATIONS Meet compliance requirements for migration from Windows XP
AGM Windows7
9/30/2013
Beginning with the anticipated release of the Army AGM image for MS Windows7 (first quarter 2011), USACE will begin to replace legacy Windows XP machines with new computers using the Windows7 image (second quarter 2011). From this date we anticipate replacing 1/3 (15,500/year) of all systems annually until complete.
PC Refresh: 01Jan2011-31Dec2011
8,000 unique applications identified by USACE customer base. All have to be tested for compatability
240
47,080
Beginning second quarter 2011 and completed by end of fourth quarter 2013
Waiting for AGM Windows7
Meet compliance requirements for migration from Windows XP Meet compliance requirements for migration from Windows XP Meet compliance requirements for migration from Windows XP
AGM Windows7 AGM Windows7 AGM Windows7
12/31/2011 12/31/2012 9/30/2013
160 PC Refresh: 01Jan2012-31Dec2012 80 PC Refresh: 01Jan2013-30Sep2013 0
31,400 15,700 15,700
UNCLASSIFIED/FOR OFFICIAL USE ONLY/ENCRYPT FOR TRANSMISSION
US Army Corps of Engineers ARMY AGM Baselining Plan of Actions & Milestones 27 May 2009
This document outlines the Plan of Actions & Milestones associated with the US Army Corps of Engineers (USACE) request to bypass Vista and start implementing Windows 7 in FY-2011. 1. PLAN OF ACTION: USACE requests a waiver from Army CIO/G6 for USACE to bypass Vista migration and wait until FY-11 to begin implementing Windows 7. a) Significant Points: The current NETCOM Active Directory Forest Consolidation Plan (FCP) shows USACE (Corps of Engineers COE) will have its own AD forest after collapse. The slide below is part of a presentation at the NETCOM AD Summit in May 2009. USACE just completed the replacement of ALL computers (over 35,000) as one of the deliverables of the USACE IM/IT A-76 Letter of Obligation (LoO). USACE is not connected to the NIPRNET.
UNCLASSIFIED
Forest Consolidation Plan

Current Forest Implementation
EDU Forest MI Forest ARNG Forest COE Forest Reserve Forest SWA Forest CONUS Forest IGNET Forest SMDC Forest PAC Forest Reserve Forest SWA Forest CONUS Forest IGNET Forest
SMDC Forest PAC Forest EAF Forest MEPCOM Forest Korea Forest EUROPE Forest AAC Forest MEDCOM Forest
EAF Forest MEPCOM Forest Korea Forest EUROPE Forest AAC Forest MEDCOM Forest
Projected Final Result

EDU Forest MI Forest ARNG Forest COE Forest
USARMY.mil
MI Forest Intel Forest COE Forest COE Forest ARNG Forest ARNG Forest EDU Forest .EDU Forest CONUS.
USARMY.mil
KOREA.
USARMY.mil
PACIFIC.
USARMY.mil
EUROPE.
USARMY.mil
SWA.
USARMY.mil
UNCLASSIFIED
NETCOM / 9th Signal Command (Army) Voice of the Army
b) USACE started an IM/IT A-76 effort in June 2004 with the timeline shown below. The IM/IT A-76 effort was the largest A-76 effort in DoD to date. The timeline demonstrates 1 UNCLASSIFIED/FOR OFFICIAL USE ONLY/ENCRYPT FOR TRANSMISSION
UNCLASSIFIED/FOR OFFICIAL USE ONLY/ENCRYPT FOR TRANSMISSION that the process was a lengthy one fraught with many delays. The protest period alone lasted over 15 months. The Most Efficient Organization (MEO) Army Corps of Engineers Information Technology (ACE-IT) won the bid. c) USACE IM/IT Timeline: Performance Work Statement (PWS) Team Began Work June 2004 Solicitation Put On Street June 2005 Agency Tender Offer Submitted October 2005 Protest Period January 2006 - April 2007 Letter of Obligation (LoO) Signed 19 April 2007 Notice to Proceed Granted 15 May 2007 Refresh I Computers Ordered (w/XP AGM image) Fall 2007 Equipment Refresh (Network, Wireless, Computers) May 2008 May 2009 d) The A-76 IM/IT A-76 PWS and the LoO specify the replacement of all end-users computers during the first year of operation (Refresh I) and then subsequent refresh efforts occurring every three years after Refresh I. The computers (over 35,000) for Refresh I were ordered in the Fall of 2007 with the XP AGM image that was available at the time, which was prior to ALARACT 199/2008, dated 16 August 2008. By the time ALARACT 199/2008 was issued, ACE-IT had already replaced a large number of the 35,000 computers, so USACE continued the installation of the already purchased, imaged XP computers. e) The Rough Order of Magnitude estimate for USACE to reimage all 35,000 computers with Vista is $31M. This is not in the USACE budget. f) Refresh II will start in FY-11 and stretch over 3 years. USACE will refresh 1/3 of endusers computers in FY-11, 1/3 in FY-12, and 1/3 in FY-13. g) USACE requests a waiver from migrating to Windows Vista by 31 December 2009. USACE proposes instead to begin deploying Windows 7 migration with Refresh II in FY-11. If Windows 7 is not approved by Army at the time that the USACE Refresh II starts, USACE will deploy Vista on the Refresh II cycle in FY-11. We request to maintain our XP inventory on our current computers until the time each computer goes through the Refresh II cycle. 2. MITIGATION PLAN: This will not have an impact on NIPRNET because USACE is not connected to NIPRNET. The NETCOM Forest Consolidation Plan that was presented at the recent NETCOM AD Summit 12-14 May 2009 shows that USACE will retain its own forest after consolidation. The USACE DAA recognizes that there is minimal risk to the LANDWARNET since USACE does not connect to the NIPRNET.
2 UNCLASSIFIED/FOR OFFICIAL USE ONLY/ENCRYPT FOR TRANSMISSION
UNCLASSIFIED/FOR OFFICIAL USE ONLY/ENCRYPT FOR TRANSMISSION
3. MILESTONES: The schedule for Refresh II replacement follows (production network34,900 computers; and SIPR -100 computers). FY-11 FY-12 FY-13 Replace 12,000 Computers with Windows 7 (or Vista if Windows 7 is not approved by Army) Replace 12,000 computers with Windows 7 Replace 12,000 computers with Windows 7
4. USACE Point of Contact: Gary Seibert, Chief of Enterprise Services, 912-652-5806, gary.m.seibert@usace.army.mil
DAA Approving the Vista Waiver Request for USACE a. Name: Mr. Wilbert Berrios b. Email Address: Wilbert.Berrios@usace.army.mil c. Telephone: (Commercial) 202-761-0273
3 UNCLASSIFIED/FOR OFFICIAL USE ONLY/ENCRYPT FOR TRANSMISSION
Date: Organization Project Name
28-Dec-10 US Army Corps of Engineers Army Enterprise Email Migration
DOIM Name: DOIM Phone: DOIM Email:
ACE-IT (Army Corps of Engineers Information Technology) 1 866 562-2348 https://www.aceit.usace.army.mil
POC Name: POC Phone: POC Email:
Carey O'Leary 703-428-6287 carey.c.oleary@usace.army.mil
Gary Seibert 912-652-5806 gary.m.seibert@usace.army.mil
Mission
POC
Resources Required
Scheduled Completion Date
Milestones with Completion Dates
Milestone Changes
C&A
ATC/ATO DATE
APMS REGISTERATION NUMBER(s)
APPLICATION(s)
APPLICATION(s) LOCATION(s)
# OF SIPR PC
# OF NIPR PC
Expected Upgrade Date
CURRENT STATUS
COMMENTS
HQDA EXORD 058-11: LANDWARNET POC Info AGM Windows GLOBAL NETWORK ENTERPRISE CONSTRUCT listed above VISTA SP2 (or (GNEC) IMPLEMENTATION - ARMY MIGRATION is different newer), AGM TO DOD ENTERPRISE EMA Office 2007 SP2, AGM Tumbleweed Desktop Validator 4.10 and AGM ActivClient 6.2.
Meet compliance requirements for migration from Windows XP - Approved Vista Waiver until October 2013. AGM Windows7
10/1/2011 On 22 Dec 2010, the Army published HQDA EXORD, Directing all Army organizations to migrate to the Defense Information Systems Agency (DISA) Enterprise Email Service
9/30/2013
Number of computers not Vista compliant
Number of computers not Vista compliant
Please list the expected date that the noncompliant computers will be replaced via life cycle management
9/30/2013
Beginning with the anticipated release of the Army AGM image for MS Windows7 (first quarter 2011), USACE will begin to replace legacy Windows XP machines with new computers using the Windows7 image (second quarter 2011). From this date we anticipate replacing 1/3 (15,500/year) of all systems annually until complete.
PC Refresh: 01Jan2011-31Dec2011
8,000 unique applications identified by USACE customer base. All have to be tested for compatability
240
47,080
Beginning second quarter 2011 and completed by end of fourth quarter 2013
Testing AGM Windows7, Standard PC configurations established and acquisition process complete
Meet compliance requirements for migration from Windows XP Meet compliance requirements for migration from Windows XP Meet compliance requirements for migration from Windows XP
AGM Windows7 AGM Windows7 AGM Windows7
12/31/2011 12/31/2012 9/30/2013
160 PC Refresh: 01Jan2012-31Dec2012 80 PC Refresh: 01Jan2013-30Sep2013 0
31,400 15,700 15,700
Field Sites Korea Japan

45M
Field Sites Iraq 1-10
Centralized
District
District
Scheduled for Centralization
Sat c omm
M 45
45 M
Germany
M 45
45 M
DISA Email CorpsNet Archival via Enterprise Vault
622M
622M
GIG CPC
622M
WPC
2M 62
?
Existing USACE Email Infrastructure Bigelow
Revision 0 DWG-ACE-IT-120
Internet
5 May 2011
Page 1 of 5
622M
DISA Email
CorpsNet (2)
No Inbound connections Allowed (1)
Mini-pod GIG
Internet
?
62 2M
Mini-pod (1) Inbound allowed only to specific firewalled DMZ segments. Systems on these segments cannot initiate outbound and do not use production credentials (2) USACE systems all in USACE AD forest. Mini-pod email systems all in DISA forest- no AD trust.
Mini-Pod Deployment Bigelow

5 May 2011
Page 2 of 5
Minipod tunnels to NIPRnet/DISA
622M
DISA Email
CorpsNet (2)
Mini-pod GIG
Internet
?
62 2M
Mini-pod
(1) encrypted tunnels built for mini-pod to DISA enterprise email servers. Sits outside USACE security enclave. Clients within USACE creates outbound connections to Mini-Pods (*) Need to ensure that this tunnel is not construed as a USACE-NIPRnet connection per DSAWG/GIG board
Mini-Pod Tunnels to NIPRnet/DISA Bigelow
5 May 2011
Page 3 of 5
622M
DISA Email
CorpsNet (2)
Mini-pod GIG
Internet
?
62 2M
Minipod replication
Mini-pod Mini-pod to mini-pod replication performed through tunnel through Corpsnet. Traffic would not touch USACE production assets. Replication would use bandwidth between centers and the MPLS cloud.
Mini-Pod Tunnels to NIPRnet/DISA Bigelow

5 May 2011
Page 4 of 5
(1) Each OCONUS site would need added Internet gateway for sole purpose of tunneling from site thru Internet to GIG to OCONUS based DISA mini-pod. Could have significant impact on current GIG waivers (2) Required for POJ, POF, NAU (3) all email traffic- even site internal would flow thru tunnel
POJ
(3) (1)
Internet
DISA Japan Minipod
45 M
(2)
NAU
45 M
(1)
DISA Germany minipod
(3)
DISA Email CorpsNet
?
622M
622M
GIG CPC
622M
WPC
2M 62
?
OCONUS Internet-NIPRnet tunnels to mini-pods Bigelow
Internet
5 May 2011
Page 5 of 5
(b)(6)
(b)(6)
(b)(6)
(b)(6)
(b)(6)
(b)(6)
(b)(6) (b)(6)
(b)(6)
(b)(6)
(b)(6)
(b)(6)
(b)(6)
(b)(6)
(b)(6)
(b)(6)
(b)(6)
(b)(6)
From: O'Leary, Carey C HQ02 Sent: Monday, December 27, 2010 9:23 AM To: Seibert, Gary M HQ@SAS Subject: 7 day suspense on EXORD (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: FOUO I need to send in POC information, I am the primary, who would be the alternate? v/r, Carey C. O'Leary U.S. Army Corps of Engineers Corporate Information Automation Program Manager Wk: 703-428-6287
(b)(6)
Fax: 202-761-5900 carey.c.o'leary@usace.army.mil
Classification: UNCLASSIFIED Caveats: FOUO
file:///C|/...ents/FOIA/Responsive%20Documents/Weismann/Typepad/7%20day%20suspense%20on%20EXORD%20(UNCLASSIFIED).txt[8/9/2011 11:48:22 AM]
From: O'Leary, Carey C HQ02 Sent: Monday, December 27, 2010 9:36 AM (b)(6) To: Cc: Seibert, Gary M HQ@SAS Subject: Army Enterprise Email EXORD (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: FOUO Sir, US Army Corps of Engineers will be submitting a waiver for this Army initiative. Currently USACE has an approved Vista waiver until the end of FY13 and an approved GIG waiver (we are not connected to NIPRNet) until FY13. There are several other technical issues and costs that will prevent USACE from moving to Army Enterprise Email at least until the end of FY13. At that time we will get with Army and DISA to see if we can technical move. I have asked and a few others for an example or at least some guidance on (b)(6) submitting a waiver but never received a reply. Can you help me with that information? Is a memo with a POA&M sufficient? Is there a specific format for the POA&M? What address goes on the memo? Thanks for your time and assistant with this. v/r, Carey C. O'Leary U.S. Army Corps of Engineers Corporate Information Automation Program Manager Wk: 703-428-6287
(b)(6)
file:///C|/...nts/FOIA/Responsive%20Documents/Weismann/Typepad/Army%20Enterprise%20Email%20EXORD%20(UNCLASSIFIED).txt[8/9/2011 11:48:37 AM]
From: O'Leary, Carey C HQ02 Sent: Tuesday, December 28, 2010 8:11 PM (b)(6) To: Seibert, Gary M HQ@SAS Subject: Commander's notification and Policy Memo (UNCLASSIFIED) Attachments: SAS Email Policy.docx; Email CIO Policy 11-001.docx; Draft Message to Commanders on Email.docx Follow Up Flag: Follow up Flag Status: Flagged Classification: UNCLASSIFIED Caveats: FOUO Gary, Attached is the Policy memo, SAS (b)(6) please sign) and a draft message to be sent with the memo. Please let me know of any changes you may have. v/r, Carey C. O'Leary U.S. Army Corps of Engineers Corporate Information Automation Program Manager Wk: 703-428-6287
(b)(6)
Fax: 202-761-5900 carey.c.o'leary@usace.army.mil Classification: UNCLASSIFIED Caveats: FOUO
file:///C|/...onsive%20Documents/Weismann/Typepad/Commander's%20notification%20and%20Policy%20Memo%20(UNCLASSIFIED).txt[8/9/2011 11:48:38 AM]
From: O'Leary, Carey C HQ02 Sent: Sunday, January 02, 2011 2:20 PM To: Seibert, Gary M HQ@SAS Subject: Commanders Notification for Email (UNCLASSIFIED) Attachments: Email CIO Policy 11-001.docx; SAS Email Policy.docx; Draft Message to Commanders on Email.docx Follow Up Flag: Follow up Flag Status: Flagged Classification: UNCLASSIFIED Caveats: FOUO Attached are the three documents for the Commanders Notification for Email. (b)(6) signed off on the SAS. You need to sign off on the SAS and once (b)(6) signs, it needs to go to CECC for staffing. I don't think any other Directorates need to be involved. v/r, Carey C. O'Leary U.S. Army Corps of Engineers Corporate Information Automation Program Manager Wk: 703-428-6287
(b)(6)
file:///C|/.../FOIA/Responsive%20Documents/Weismann/Typepad/Commanders%20Notification%20for%20Email%20(UNCLASSIFIED).txt[8/9/2011 11:48:37 AM]
Page 34 redacted for the following reason: --------------------(b)(5) deliberative, attorney-client
From: O'Leary, Carey C HQ02 Sent: Tuesday, December 28, 2010 8:16 PM To: Seibert, Gary M HQ@SAS Subject: Email Stuff (UNCLASSIFIED) Follow Up Flag: Follow up Flag Status: Flagged Classification: UNCLASSIFIED Caveats: FOUO
(b)(5) deliberative, recommendation
v/r, Carey C. O'Leary U.S. Army Corps of Engineers Corporate Information Automation Program Manager Wk: 703-428-6287
(b)(6)
file:///C|/...20C9MJB/My%20Documents/FOIA/Responsive%20Documents/Weismann/Typepad/Email%20Stuff%20(UNCLASSIFIED).txt[8/9/2011 11:48:40 AM]
From: O'Leary, Carey C HQ02 Sent: Monday, January 03, 2011 9:55 PM (b)(6) To: Cc: Seibert, Gary M HQ@SAS Subject: Email Waiver Package (UNCLASSIFIED) Attachments: POA&M Army Enterprise Email.xls; SAS for Email EXORD Waiver DCG.doc; USACE Waiver to Army Enterprise Email v3.docx; Encl Two - Vista Waiver Approval.pdf; Encl Four - GiG Waiver Approval.pdf; Encl One - Vista Waiver Request.pdf; Encl Three - GIG Waiver Approval.pdf Classification: UNCLASSIFIED Caveats: FOUO
(b)(6) (b)(6) Attached is the package for the Email EXORD Waiver. need to resign the SAS but besides that it is ready to go. I did correct a spacing issue on the memo, so please use the attached. The first line of page two moved up to page one, so I just added a line.
Let me know if you have any questions. v/r, Carey C. O'Leary U.S. Army Corps of Engineers Corporate Information Automation Program Manager Wk: 703-428-6287
(b)(6)
file:///C|/...y%20Documents/FOIA/Responsive%20Documents/Weismann/Typepad/Email%20Waiver%20Package%20(UNCLASSIFIED).txt[8/9/2011 11:48:37 AM]
From: O'Leary, Carey C HQ02 Sent: Tuesday, December 28, 2010 7:42 PM (b)(6) To: Seibert, Gary M HQ@SAS; Subject: Email waiver response (UNCLASSIFIED) Attachments: Encl One - Vista Waiver Request.pdf; Encl Three - GIG Waiver Approval.pdf; Encl Four - GiG Waiver Approval.pdf; Encl Two - Vista Waiver Approval.pdf; USACE Waiver to Army Enterprise Email.docx; POA&M Army Enterprise Email.xls; SAS Email Waiver.docx Follow Up Flag: Follow up Flag Status: Flagged Classification: UNCLASSIFIED Caveats: FOUO Attached are many documents, the two that need to be reviewed are: USACE Waiver to Army Enterprise Email and POA&M Army Enterprise Email. I did my best based on conversations and emails. Please make any changes to make this better would be appreciated! Gary, I will send you the SAS, Email policy memo ( (b)(6) you have reviewed but will need you to sign off on the SAS) and a draft email message for the Commanders to accompany the memo.
(b)(6)
Once you review and make any changes can you sign off on the SAS Email Waiver document. Please!! v/r, Carey C. O'Leary U.S. Army Corps of Engineers Corporate Information Automation Program Manager Wk: 703-428-6287
(b)(6)
file:///C|/...y%20Documents/FOIA/Responsive%20Documents/Weismann/Typepad/Email%20waiver%20response%20(UNCLASSIFIED).txt[8/9/2011 11:48:36 AM]
From: Kazimer, Robert V HQ02 Sent: Wednesday, January 05, 2011 12:06 PM To: Temple, Bo M MG HQ02 Cc: Seibert, Gary M HQ@SAS (b)(6) Subject: Enterprise Email Waiver Request -- Phone Call (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: NONE Sir My team is making some last revisions to our Enterprise email waiver request package which is due to ARMY COB tomorrow. Intent is to have you review and sign it today.
(b)(5) deliberative, recommendation
If you are available for a call now I can discuss further and then again when the package is complete. Standing by... Vr Bob K Robert V. Kazimer, SES Director, Corporate Information HQ US Army Corps of Engineers 441 G Street NW, Wash DC 20314-1000 robert.v.kazimer@usace.army.mil (202) 761-0273 DSN: 763-0273
Classification: UNCLASSIFIED Caveats: NONE
file:///C|/...Documents/Weismann/Typepad/Enterprise%20Email%20Waiver%20Request%20--%20Phone%20Call%20(UNCLASSIFIED).txt[8/9/2011 11:48:39 AM]
(b)(6) From: Sent: Wednesday, January 05, 2011 3:51 PM To: Kazimer, Robert V HQ02; Seibert, Gary M HQ@SAS; (b)(6) Subject: Final - USACE Waiver to Army Enterprise Email v4-2b.docx (UNCLASSIFIED) Attachments: USACE Waiver to Army Enterprise Email v4-2b.docx
file:///C|/.../Typepad/Final%20-%20USACE%20Waiver%20to%20Army%20Enterprise%20Email%20v4-2b.docx%20(UNCLASSIFIED).txt[8/9/2011 11:48:40 AM]
From: (b)(6) Sent: Wednesday, January 05, 2011 4:08 PM To: Kazimer, Robert V HQ02 (b)(6) Cc: Seibert, Gary M HQ@SAS; O'Leary, Carey C HQ02; Subject: Final DRAFT - USACE request for waiver to DoD Enterprise Email (UNCLASSIFIED) Attachments: USACE Waiver to Army Enterprise Email v4-2b.docx; Encl 1- GIG Waiver Approval.pdf; Encl 2 - GiG Waiver Approval.pdf Classification: UNCLASSIFIED Caveats: FOUO Sir, As requested, the final DRAFT version for approval by MG Temple. V/R,
(b)(6)
Deputy Director, Corporate Information US Army Corps of Engineers HQUSACE, Attn: CECI-Z 3A50 441 G St. NW Wash DC 20314-1000 @usace.army.mil (b)(6) s.army.mil Office (202) 761-0274 / DSN 312-763-0274 0269
(b)(6)
FAX (202) 761-
file:///C|/...0DRAFT%20-%20USACE%20request%20for%20waiver%20to%20DoD%20Enterprise%20Email%20%20(UNCLASSIFIED).txt[8/9/2011 11:48:36 AM]
From: Kazimer, Robert V HQ02 Sent: Wednesday, February 02, 2011 7:41 AM To: Seibert, Gary M HQ@SAS (b)(6) Cc: Subject: FW: 18 month waiver request (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: NONE Gary As discussed... -----Original Message----From: Temple, Bo M MG HQ02 Sent: Saturday, January 22, 2011 4:17 PM To: Kazimer, Robert V HQ02 Subject: 18 month waiver request Jennifer Napper endorsed our 18 month waiver request. Should help buy more time to lay out a reasonably aggressive executable plan. Thanks! Classification: UNCLASSIFIED Caveats: NONE
file:///C|/...nts/FOIA/Responsive%20Documents/Weismann/Typepad/FW%2018%20month%20waiver%20request%20(UNCLASSIFIED).txt[8/9/2011 11:48:38 AM]
From: Kazimer, Robert V HQ02 Sent: Monday, January 24, 2011 7:03 AM To: Temple, Bo M MG HQ02 (b)(6) Cc: Seibert, Gary M HQ@SAS Subject: Re: 18 month waiver request Thanks Sir. Our team continues to look at ways to wisely accelerate our PC refresh while simultaneously preparing to hold follow-on technical exchanges with NETCOM and DISA. Vr Bob K Robert V. Kazimer, SES Director, Corporate Information US Army Corps of Engineers HQUSACE, Attn: CECI-ZA 3A52 441 G St. NW Wash DC 20314-1000 robert.v.kazimer@usace.army.mil robert.kazimer@us.army.mil (202) 761-0273 / DSN 763-0273
(b)(6)
----- Original Message ----From: Temple, Bo M MG HQ02 To: Kazimer, Robert V HQ02 Sent: Sat Jan 22 15:16:51 2011 Subject: 18 month waiver request Jennifer Napper endorsed our 18 month waiver request. Should help buy more time to lay out a reasonably aggressive executable plan. Thanks!
file:///C|/...C9MJB/My%20Documents/FOIA/Responsive%20Documents/Weismann/Typepad/Re%2018%20month%20waiver%20request.txt[8/9/2011 11:48:27 AM]
From: O'Leary, Carey C HQ02 Sent: Thursday, February 17, 2011 2:30 PM (b)(6) To: Seibert, Gary M HQ@SAS;
(b)(6)
(b)(6)
Subject:
RE: 25 POINT IMPLEMENTATION PLAN TO IT REFORM (UNCLASSIFIED)
Classification: UNCLASSIFIED Caveats: NONE U.S. Army Corps of Engineers (USACE) has centralized many of their Automated Information Systems (AISs) to their two processing centers that run as a private cloud environment with one Service Provider managing the operations. Many platforms are available for applications to run on including Windows and UNIX based Servers, Database platforms (Oracle Servers, MSSQL), Web services (Windows and UNIX), thin-client infrastructures (Citrix Servers) and Intel platform virtualization (VMWare). Some of the AISs that are already running at the processing centers are the Corps of Engineers Financial Management System (CEFMS), Program and Project Management System (P2), Operations and Maintenance Business Information Link (OMBIL) and Facilities and Equipment Maintenance (FEM). These applications are available from anywhere as long as there is connectivity into the private cloud (CorpsNet). In addition to cross AIS integrations, the processing center infrastructure is configured to share storage across the various computing platforms in order to support overall virtualization but also to support cross-center storage based replication tools to provide for continuity of operations. In addition many of the enterprise AISs directly interface with the Netezza based Electronic Data Warehouse located at both centers. USACE is also moving to heavily virtualized server environments that can allow us to simulate more cloud functionality of moving server images between sites and sharing/consolidating server resources. In addition USACE is continuing to evaluate the overall AISs that have not been migrated to CorpsNet to determine the impact on migrating them to cloud services. Of note is that many of the enterprise-level AISs are tightly integrated with each other and connected within the centers at high speeds to support this integration. There are a few applications within USACE that have been developed and are hosted/operated for non-USACE entities that may be candidates for non-USACE cloud deployments in that these AISs are on coupled with the other enterprise systems or authentication models (Active Directory) Any decisions to move services or platforms from CorpsNet to a federal, private, or public cloud must be approved by Army. v/r, Carey C. O'Leary U.S. Army Corps of Engineers Corporate Information
file:///C|/...ann/Typepad/RE%2025%20POINT%20IMPLEMENTATION%20PLAN%20TO%20IT%20REFORM%20(UNCLASSIFIED).txt[8/9/2011 11:48:25 AM]
Automation Program Manager Wk: 703-428-6287

(b)(6)
Fax: 202-761-5900 carey.c.o'leary@usace.army.mil Classification: UNCLASSIFIED Caveats: NONE
file:///C|/...ann/Typepad/RE%2025%20POINT%20IMPLEMENTATION%20PLAN%20TO%20IT%20REFORM%20(UNCLASSIFIED).txt[8/9/2011 11:48:25 AM]
From: O'Leary, Carey C HQ02 Sent: Monday, December 27, 2010 9:44 AM To: Seibert, Gary M HQ@SAS Subject: RE: 7 day suspense on EXORD (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: FOUO Ok, I had you down as the 06 level POC but will put down as both. v/r, Carey C. O'Leary U.S. Army Corps of Engineers Corporate Information Automation Program Manager Wk: 703-428-6287
(b)(6)
Fax: 202-761-5900 carey.c.o'leary@usace.army.mil -----Original Message----From: Seibert, Gary M HQ@SAS Sent: Monday, December 27, 2010 9:44 AM To: O'Leary, Carey C HQ02 Subject: Re: 7 day suspense on EXORD (UNCLASSIFIED) Me ----- Original Message ----From: O'Leary, Carey C HQ02 To: Seibert, Gary M HQ@SAS Sent: Mon Dec 27 08:23:21 2010 Subject: 7 day suspense on EXORD (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: FOUO I need to send in POC information, I am the primary, who would be the alternate? v/r, Carey C. O'Leary U.S. Army Corps of Engineers Corporate Information Automation Program Manager Wk: 703-428-6287
(b)(6)
file:///C|/...IA/Responsive%20Documents/Weismann/Typepad/RE%207%20day%20suspense%20on%20EXORD%20(UNCLASSIFIED).txt[8/9/2011 11:48:29 AM]
file:///C|/...IA/Responsive%20Documents/Weismann/Typepad/RE%207%20day%20suspense%20on%20EXORD%20(UNCLASSIFIED).txt[8/9/2011 11:48:29 AM]
From: Seibert, Gary M HQ@SAS Sent: Sunday, January 23, 2011 2:19 PM To: O'Leary, Carey C HQ02 (b)(6) Cc: Subject: RE: COE Enterprise Email Way Ahead (UNCLASSIFIED) Thanks, Agree, CIO/G6 does not have full package.
(b)(6) As you suggest, please contact at ARCYBER and provide him with copy (b)(6) (b)(6) of email. Would you ask what the current status is of our request.
Thanks, I believe we have this covered. We still need to meet at Army MS Sym.....that plan is a sound way ahead. Thanks Gary M. Seibert, P.E. Chief, Enterprise Services Division Corporate Information HQ, US Army Corps of Engineers (912) 652-5806 (Work)
(b)(6)
-----Original Message----From: O'Leary, Carey C HQ02 Sent: Sunday, January 23, 2011 2:13 PM To: Seibert, Gary M HQ@SAS Subject: Re: COE Enterprise Email Way Ahead (UNCLASSIFIED) It was sent and acknowledged. At first Mr. Kazimer sent the memo to Mr. (b)(6) and all to meet the suspense. Than (b)(6) sent the request for the (b)(6) POAM which we provided. would not know that it was sent because he was not part of our email exchange and neither was Mr. Kazimer. The POAM and memo should have been sent to CIO/G6 by ARCyber (I am sure this does not go to (b)(6) for review. I will double check with (b)(6) via email and cc you on the message. I am (b)(6) sure this is just a misunderstanding on part. So does this mean we do not have to meet in Seattle? ----- Original Message ----From: Seibert, Gary M HQ@SAS To: O'Leary, Carey C HQ02
file:///C|/...onsive%20Documents/Weismann/Typepad/RE%20COE%20Enterprise%20Email%20Way%20Ahead%20(UNCLASSIFIED)6.txt[8/9/2011 11:48:26 AM]
(b)(6) From: Sent: Thursday, January 06, 2011 8:40 AM To: Seibert, Gary M HQ@SAS; O'Leary, Carey C HQ02 (b)(6) Cc: Subject: Signed Email Waiver Request (UNCLASSIFIED) Attachments: Email Waiver Request.pdf
Follow Up Flag: Follow up Flag Status: Flagged Classification: UNCLASSIFIED Caveats: FOUO Signed Email Waiver Request attached. <<...>> v/r
(b)(6)
Administrative Officer Corporate Information Directorate U.S. Army Corps of Engineers 202-761-4708
(b)(6)
Fax: 202-761-5700
(b)(6)
file:///C|/...ments/FOIA/Responsive%20Documents/Weismann/Typepad/Signed%20Email%20Waiver%20Request%20(UNCLASSIFIED).txt[8/9/2011 11:48:42 AM]
From: O'Leary, Carey C HQ02 Sent: Wednesday, December 29, 2010 7:46 AM (b)(6) To: Seibert, Gary M HQ@SAS; Subject: Updated SAS for the Waiver (UNCLASSIFIED) Attachments: SAS Email Waiver.docx Follow Up Flag: Follow up Flag Status: Flagged Classification: UNCLASSIFIED Caveats: FOUO I woke up in the middle of the night realizing that I forgot to add the Staffing comment on the SAS. An updated version is attached. Yes it is sad!! v/r, Carey C. O'Leary U.S. Army Corps of Engineers Corporate Information Automation Program Manager Wk: 703-428-6287
(b)(6)
file:///C|/...nts/FOIA/Responsive%20Documents/Weismann/Typepad/Updated%20SAS%20for%20the%20Waiver%20(UNCLASSIFIED).txt[8/9/2011 11:48:35 AM]
From: O'Leary, Carey C HQ02 Sent: Wednesday, May 11, 2011 10:33 AM (b)(6) To: (US)' Cc: Seibert, Gary M HQ@SAS Subject: USACE and DoD Enterprise Email (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: NONE
(b)(6)
Not sure at this point what direction to go in. Do you want USACE to continue leading the way on this effort although the waiver condition has CIO/G6 as the chair. I do not want to setup meetings and then have the agenda changed etc... because we did not fulfill what CIO/G6 need us to. Also, both DISA and 9th Signal told me that the costing I need to even start a business case needs to come from CIO/G6. Who would be the POC for this?
(b)(6)
You requested a POC from USACE to discuss email objects and name conventions, I still need to see the list you are talking about to ensure I get you the correct POC. Can you send that to me. Thanks! v/r, Carey C. O'Leary U.S. Army Corps of Engineers Corporate Information Automation Program Manager Wk: 703-428-6287
(b)(6)
file:///C|/...IA/Responsive%20Documents/Weismann/Typepad/USACE%20and%20DoD%20Enterprise%20Email%20(UNCLASSIFIED).txt[8/9/2011 11:48:42 AM]
From: Seibert, Gary M HQ@SAS Sent: Thursday, January 06, 2011 10:07 AM To: (b)(6) Cc: Kazimer, Robert V HQ02;
(b)(6)
(b)(6)
Subject: USACE Waiver Request from Army Migration to DoD Enterprise Email (EXORD 058-11) (UNCLASSIFIED) Attachments: Email Waiver Request.pdf Importance: High

(b)(6)
Please find attached USACE Waiver Request from Army Migration to DoD Enterprise Email (EXORD 058-11) signed 05 JAN 2011 by MG Merdith Temple, Deputy Commander. POC for this action is Gary Seibert, (202) 570-2900, Gary.M.Seibert@usace.army.mil. V/r Gary M. Seibert, P.E. Chief, Enterprise Services Division Corporate Information HQ, US Army Corps of Engineers (912) 652-5806 (Work)
(b)(6)
-----Original Message----(b)(6) From: Sent: Thursday, January 06, 2011 8:40 AM To: Seibert, Gary M HQ@SAS; O'Leary, Carey C HQ02 Cc: (b)(6) Subject: Signed Email Waiver Request (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: FOUO Signed Email Waiver Request attached. <<...>> v/r
file:///C|/...st%20from%20Army%20Migration%20to%20DoD%20Enterprise%20Email%20(EXORD%20058-11)%20(UNCLASSIFIED).txt[8/9/2011 11:48:42 AM]
(b)(6)
Administrative Officer Corporate Information Directorate U.S. Army Corps of Engineers 202-761-4708
(b)(6)
Fax: 202-761-5700
(b)(6)
(Unclassified)
(b)(6)
(Classified)
Classification: UNCLASSIFIED Caveats: FOUO Classification: UNCLASSIFIED Caveats: FOUO
file:///C|/...st%20from%20Army%20Migration%20to%20DoD%20Enterprise%20Email%20(EXORD%20058-11)%20(UNCLASSIFIED).txt[8/9/2011 11:48:42 AM]
(b)(6) From: Sent: Wednesday, January 05, 2011 3:27 PM To: Seibert, Gary M HQ@SAS Subject: USACE Waiver to Army Enterprise Email v4-2b.docx (UNCLASSIFIED) Attachments: USACE Waiver to Army Enterprise Email v4-2b.docx
file:///C|/...ents/Weismann/Typepad/USACE%20Waiver%20to%20Army%20Enterprise%20Email%20v4-2b.docx%20(UNCLASSIFIED).txt[8/9/2011 11:48:43 AM]
(b)(6) From: Sent: Wednesday, January 05, 2011 3:22 PM To: Seibert, Gary M HQ@SAS Subject: USACE Waiver to Army Enterprise Email v4-2b.docx (UNCLASSIFIED) Attachments: USACE Waiver to Army Enterprise Email v4-2b.docx
Classification: UNCLASSIFIED Caveats: FOUO Latest version. Classification: UNCLASSIFIED Caveats: FOUO
file:///C|/...nts/Weismann/Typepad/USACE%20Waiver%20to%20Army%20Enterprise%20Email%20v4-2b.docx%20(UNCLASSIFIED)2.txt[8/9/2011 11:48:43 AM]
Pages 55 through 63 redacted for the following reasons: ---------------------------b(5) deliberative, meeting notes b(5) draft, deliberative b(6)
From: Sent: To: Subject:
Frank, Richard C HQ02 Wednesday, June 22, 2011 8:06 AM O'Leary, Carey C HQ02 Accepted: Meeting on Litigation and Records Management Requirements for DoD Enterprise Email (1300ET) (UNCLASSIFIED)
USACE Plan of Action and Milestones for DoD Enterprise Email 10 Jan 2011 Introduction The Headquarters, U.S. Department of Army (HQDA) EXORD 058-11: LandWarNet Global network Enterprise Construct (GNEC) Implementation Army Migration to DoD Enterprise Email Services, mandates Army activities to migrate to the Defense Information Systems Agency (DISA) Enterprise Email services no later than 1 October 2011. The Army is consolidating email services that provide users access to the Enterprise anytime from a CAC enabled PC. In order to migrate to DoD Enterprise Email all desktops and laptops must be configured with: AGM Windows Vista SP2 (or newer), AGM Office 2007 SP2, AGM Tumbleweed Desktop Validator 4.10; and AGM ActivClient 6.2. If these requirements are not met, the result is the inability to access the DoD email service. The U.S. Army Corps of Engineers (USACE) provided a request for waiver and a Plan of Action and Milestones (POA&M) that identifies tasks and timelines for migrations of Windows XP on desktops and laptops directly to the Windows 7 operating system by 30 September 2013. The waiver was approved on 1 November 2010. USACE also has additional concerns and risks that need to be mitigated to ensure migration is possible once desktop compliance is met. These concerns are: a. If migration to DoD Enterprise Email requires USACE to reconnect to the NIPRnet, then technical discussions, funding issues and planning will need to take place due to the major infrastructure changes that will need to occur. Currently USACE Corps of Engineers Financial Management System (CEFMS) has an approved CFO audit based on how the USACE security model is configured. The security model involves no trust in/out of some very weak protocols like the Microsoft suite and the protocols are blocked in/out at USACE gateways. Another security configuration is that USACE does not "trust" any systems outside of the USACE enclave to include Army/DoD systems. Another concern is the amount of email used within USACE and the bandwidth that will need to be increased to handle the increase of outbound traffic from the USACE network (CorpsNet). b. USACE has Local Nationals from Iraq and Afghanistan that work for them and these individuals do not have CACs and will not be issued CACs. The mandatory use of CAC cards to access DoD Enterprise Email is an issue for these users and will need to be resolved before USACE migrates to DoD Enterprise Email. c. USACE has a large investment in applications that are integrated with Outlook and Exchange. Technical discussions on how the following will integrate with DoD Enterprise Email needs to occur along with any additional costs for support. USACE will require in-depth technical discussions with all parties to resolve and protect these investments.
Objective This document defines tasks and implementation requirements to enable USACE to address and mitigate the concerns and risks associated with migration to the DoD Enterprise Email. Requirements USACEs unique world-wide, military and civil missions require immediate free and open electronic communications to a diverse set of stakeholders and partners, domestic and foreign, private sector and public sector. USACE communicates directly with federal, state, and local governments throughout the country to coordinate current and future construction projects, proposed changes to policies, support emergency management operations often under degraded communications environments. USACE IT systems provide real time data to Federal, State, and Local agencies to directly impact the publics health and safety: dam water levels; water release dates/times/flow rates; river and stream water flow rates to control and mitigate floods. USACE provides real time data to help commercial ships and private watercraft through ocean ports and inland rivers. USACE designs and builds military construction projects throughout the world which requires the ability to communicate with national and local governments to incorporate local laws and public policy. Local foreign firms are permitted to bid upon, win, and execute construction projects in compliance with U.S. contracting laws. USACE developed IT systems are used to accept, track, and award contracts to these firms.
Plan of Action
Overview USACE went through an A-76 and the Army Corps of Engineers Information Technology (ACE-IT) organization was formed as the IT Service Provider for USACE. USACE plans to maintain its current email infrastructure, end-user devices and applications s under the current A-76 Service Provided until expiration of our Letter of Obligation. During this time USACE will migrate the current distributed email environment into our 2 Centralized Data Processing Center and migrate all users onto Exchange 2010. Plan In 2008 before the mandate to move to Windows Vista, USACE went through a complete PC refresh that replaced all PCs with a standard configuration running the Windows XP operating system. PC refresh II will start in FY11, USACE will replace a third of these PCs each year for
the next three years. The new PCs will run the Microsoft Windows 7 operating system. The tasks identified in Table One are being addressed in order for USACE to begin migration to Microsoft Windows 7.
The network infrastructure for USACE is managed by ACE-IT. USACE operates their own network called CorpsNet. This network does not connect to the GIG or to the NIPRNet and will require in-depth technical conversations with NETCOM and DISA to mitigate risk to the CorpsNet infrastructure and to migrate to DoD Enterprise Email. This task is described in Table One. USACE has Local Nationals from Iraq and Afghanistan that work for them and these individuals do not have CACs and will not be issued CACs. The mandatory use of CAC cards to access DoD Enterprise Email is an issue for these users and will need to be resolved. The task is described in Table One. USACE has a large investment in applications that are integrated with Outlook and Exchange. Technical discussions on how the applications will integrate with DoD Enterprise Email needs to occur along with any additional costs for support. USACE will require in-depth technical discussions with all parties to resolve and protect these investments. This task is described in Table One. USACE will be implementing four projects in order to meet compliance standards and to mitigate risks in order to migrate to DoD Enterprise Email. Project A: Migrate to Windows 7 there are three phases for migrating USACE PCs to Windows 7. Phase One: Select the standard PCs that will be acquired as replacements for the PC Refresh I and setup the acquisition process to obtain the standard PCs. Phase Two: Test the Army Gold Master (AGM) for Windows 7 and internal applications to ensure capability with Windows 7. Phase Three: Procurement of standard PCs replacing a 3rd of the PC Refresh I PCs each year from FY11 through FY13. (An OPORD was released to ensure that Divisions, Districts and Centers follow this policy.) Timeline: Phase One was completed in August 2010 Phase Two is ongoing; the testing of the Windows 7 AGM started in 4th quarter FY10 and is still continuing. The final AGM is supposed to be available in March 2011.
Phase Three: a few procurements of PC Refresh II began at year-end of FY10. These PCs will be re-imaged with the final AGM once it is available. Procurements will continue through FY13. (over 47,000 PCs to replace)
Project B: Network Infrastructure there are four phases for any changes to the CorpsNet infrastructure. Phase One: Setup technical discussions with NETCOM and DISA. Phase Two: Final decision on network infrastructure changes. Phase Three: Implement network infrastructure changes. Phase Four: New Accreditation if needed. Timeline: (Projected dates TBD) Setup technical discussions with NETCOM and DISA (Start 3rd Qtr FY 11 and continue until a risks are mitigated) Decision on infrastructure changes (2nd Qtr FY12) Implementation of infrastructure changes (3rd Qtr FY12 through FY13) Request new accreditation (3rd Qtr FY12 through FY13)
Project C: CAC requirement for access There are three phases to develop a solution for the local nationals that will need access to email and do not have a CAC. Phase One: Setup Technical discussions with NETCOM and DISA. Phase Two: Final decision on CAC capability for Local Nationals working for USACE. Phase Three: Implement solution. Timeline: (Projected dates TBD) Setup technical discussions with NETCOM and DISA Decision of solution Implement solution (Must be completed by FY13)
Project D: USACE applications that are integrated with Outlook and Exchange There are four phases to develop a solution for the large investment that USACE has in applications that are integrated in Outlook and Exchange.
Phase One: Setup Technical discussions with NETCOM and DISA Phase Two: Setup Budget Meetings to discuss costs if there are additional support costs to include the applications on the DISA Email service. Phase Three: Final Decision on what applications will integrate with DISA Email service and the additional costs. Phase Four: DISA implementation of integrated applications. Timeline: (Projected dates TBD) Setup technical discussions with NETCOM and DISA Decision of solutions and costs Implement solution (Must be completed by FY13)
USACE Plan of Action and Milestones for DoD Enterprise Email
Task for Migration
Priority (Low, Moderate, High) H
Milestone
Milestone due Date
Status
Date of Completio n
POC
Comments
Migrate to Windows 7 Operating System
Procureme nt of PC Refresh II PCs and install Windows 7 AGM.
30 Sep 2013
CorpsNet Infrastructure Changes CAC requirement for DoD Enterprise Email Access USACE Integrated Applications with Outlook and Exchange
Implement CorpsNet Infrastructu re Changes Establish and Implement Solution Establish and Implement Solution
TBD
Procurem ents have started, waiting for approved Windows 7 AGM (March 2011) In Planning Stages In Planning Stages
CECI/ ACE-IT
See Project A for milestone description
CECI/ ACE-IT
TBD
CECI/ ACE-IT
See Project B for milestone description See Project C for milestone description See Project D for milestone description
TBD
In Planning Stages
CECI/ ACE-IT
Table One POA&M
Summary USACE will be migrated over to Windows 7 by 30 September 2013. However, the USACE Plan of Action for migration to DoD Enterprise Email is dependent on the technical discussion and solutions from those discussions. Because of the USACE requirements listed above the risks for making infrastructure changes to the CorpsNet is high which makes these discussion imperative before a final decision to migrate to DoD Enterprise Email is made. USACE will continue to operate the CorpsNet Exchange Email environment until USACE is ready to migrate to the DoD Enterprise Email.
Pages 71 through 74 redacted for the following reasons: ---------------------------b(5) - deliberative meeting notes b(5) deliberative, attorney-client, attorney work product
UNCLASSIFIED//FOR OFFICIAL USE ONLY (U//FOUO) Comment Resolution Matrix (CRM): Coordinating Draft EXORD- Enterprise Email Migration (2/3-Star Review) S: 9 Dec 2010
Item # Class
(U/C/S)
ORG, OFFICE Name, Phone, Email
Page
Para # Line #
TYPE
(C/S/A)
Comments and Rationale
Adjudication
(A/R/M/P)
Comment: Recommendation: Rationale : Comment: Recommendation: Rationale : Comment: Recommendation: Rationale : Comment: Recommendation: Rationale : Comment: Recommendation: Rationale :
1
UNCLASSIFIED
Pages 76 through 81 redacted for the following reasons: ---------------------------(b)(5) draft document b(5) deliberative meeting notes, attorney client b(6) b(5) deliberative, draft meeting notes b(6)
CECI-E
Corps of Engineers Corporate Information
Fact Sheet on DoD Enterprise Email: DoD Enterprise Email will provide the Army NIPR email services from a managed service provider (DISA). The requirement for the user is that their PC will be running on Windows Vista SP2, Office 2007 SP2, Tumbleweed Desktop Validator 4.10 and Activclient 6.2. Another requirement is the site must have connectivity to the NIPRNet. Additional requirement at the time of migration is that all users mailboxes will be limited to 100MB but once migration is completed, the individual email boxes will be limited to 4GB. Army released an EXORD for the migration to DoD Enterprise Email on 22 December 2010. The migration to DoD Enterprise Email is to be completed by 1 October 2011. The EXORD listed the requirements above along with a waiver process if an organization could not meet the migration schedule. USACE submitted a waiver for an extension to the migration schedule to CY 2013. There are several technical concerns with this migration that will need to be addressed. The waiver was based on technical concerns that needed to have resolution before USACE could migrate to DoD Enterprise Email. The technical reasons are: PCs are running Windows XP; USACE is not connected to the NIPRNet; and USACE has a large investment in applications that are currently integrated within the USACE Exchange and Outlook environment. These applications are: Unity Server (Voice Over Internet Protocol VOIP) which allows voice mail to go directly to email; Digital Rights Management; AdHoc (emergency notification); Electronic Document Records Management System (EDRMS) TRIM and SharePoint. A meeting was held on 19 January 2011 between USACE, CIO/G6, NETCOM, 7th Signal, DISA and MITRE to discuss the technical concerns and find a way ahead that will not impact the USACE mission. The outcomes of the meeting were: Approve USACE Waiver for 18 months Immediately Initiate a 6 month technical design effort to develop a reasonable plan to migrate USACE to DoD Enterprise Email Following the 6 month effort reassess the waiver and timeframe First meeting will be at the Microsoft Symposium, 7-11 February 2011.
Page 1 of 1
Pages 83 through 90 redacted for the following reasons: ---------------------------b(5) deliberative meeting notes b(6) b(5) deliberative, attorney-client, attorney work product b(6)

CECI-E (25-1)
CHIEF INFORMATION OFFICERS POLICY MEMORANDUM 11-001 SUBJECT: Email Policy
1. Purpose. The purpose of this memorandum is to set policy for the U.S. Army Corps of Engineers (USACE) enterprise email and to establish a timeline to complete the infrastructure of centralization of all email services to the Central and Western Processing Centers. 2. Background. Currently large email message stores have created a challenge across the USACE enterprise and have caused instability in the email infrastructure. These large stores are possible because some sites within USACE do not have established email box limits. Archiving email to reduce email box sizes is not considered a solution because the .pst files are stored on individual hard drives which are not backed up and are not searchable in the event a discovery is needed. Email servers are spread out through USACE and many do not have the ability to replicate to another site in case the server goes down or in case of an emergency. 3. Discussion. a. In order to better manage email services across the enterprise, provide a more stable environment, reduce delays in delivering/receiving email messages, and to ensure email service is not interrupted, there is a need to ensure that limits are placed on overall email message store sizes. Establishing a limit on the size for email boxes will enable ACE-IT to design the future USACE enterprise email infrastructure which includes upgrading to the Exchange 2010 environment and centralizing all email services to the two processing centers. b. The standard email box size limit will be set at 2GB (if your site already has an email box limit smaller than the 2GB standard, your email limits will continue at the lower limit until your server is centralized to the enterprise email server at one of the processing centers). This size includes all folders that are held on the email server to include inbox, deleted items, sent items, calendar, server-based folders, and tasks. This limit does not apply to email related files that are stored locally or placed on network drives (Archive files, local folders, etc.) In order to ensure that email is not lost by either deletion or not being back up, ACE-IT will be implementing several technical solutions, such as a software package called Enterprise Vault for archiving email and adding enough network storage space to store the large archiving files to ensure these archives are backed-up.
CECI-E SUBJECT: Email Policy
c. ACE-IT is in process of configuring and testing Exchange 2010. With this upgrade centralizing email service to the processing centers will begin in a phased approached (see enclosure). The benefits of centralizing email is the increase of availability by having failover capability between the two processing centers, less servers to manage which will lower support costs, and for some sites the increase in email box sizes. 4. The point of contact for this memorandum is Ms. Carey OLeary, Automation Program Manager, 703-428-6287 or carey.c.oleary@usace.army.mil. FOR THE COMMANDER:
Encl
ROBERT V. KAZIMER Director, Corporate Information
Enterprise Email Coordination Plan
a. Phase One (Dec 2010 Feb 2011) - Build out the Exchange 2010 infrastructure at WPC and CPC which includes testing and validation of the infrastructure design. Purchase and implement Enterprise Vault archiving software. Purchase and install additional storage needed for the 2GB email box limit. Pilot the centralization of email to the Exchange 2010 infrastructure within ACE-IT (most of ACE-IT is currently centralized. This phase is to move email boxes for those that are in their legacy domain). b. Phase Two (Feb - Mar 2011) Move the sites that are already centralized to the new Exchange 2010 infrastructure and implement Enterprise Vault. Sites are Finance Center, Army Geospatial Center, and Norfolk District. Purchase the additional hardware (servers/blades) to complete the email centralization using FY-11 EFAT approved funding. c. Phase Three (Mar Jun 2011) Stabilize the HQ email infrastructure by deploying server consolidation and using these resources temporarily until the email is centralized at the two processing centers. Install and implement Enterprise Vault (including user training) which will assist users to reduce their email box to the 2GB limit. This will be done by having customers create local archive files on their system, migrating the accounts to the centralized infrastructure then placing the archived emails back onto the Exchange message store. At this point, the Archival software will take care of reducing the mailbox size to below the 2G limit. Processing power associated with the CEHQ server consolidation infrastructure will be returned to the virtualized host pool for sharing with other HQ hosted applications. d. Phase Four (Jun 2011 Sep 2011) Evaluate sites and make the schedule to migrate sites based on the stability of their email infrastructure, least stable first. Implement Enterprise Vault at each site and then migrate them to the processing centers and Exchange 2010.
Pages 94 through 100 redacted for the following reasons: ---------------------------b(5) Deliberative notes b(5) deliberative meeting notes b(6)
Cloud Migration USACE is reviewing various options as they relate to cloud computing but is also bound by any Army and DoD security requirements as they relate to cloud computing on resources outside of the DoD enclaves. U.S. Army Corps of Engineers (USACE) is also moving to heavily virtualized server environments that can allow us to simulate more cloud functionality of moving server images between sites and sharing of server resources. In addition USACE is launching an initiative to evaluate the overall AIS (Automated Information Systems) architectures to determine their impact on migrating to cloud services where software modules, storage and compute capacity are billed based on usage. Data Center Consolidation The U.S. Army Corps of Engineers (USACE) is part of the Army Data Center Consolidation Plan (ADCCP). The Army has completed a data call on all the data centers that fit the definition and developed criteria to rank data centers to be closed and those to be consolidated into larger Processing Centers. Currently the two USACE processing centers are identified for continued operations for the next five years. Currently USACE has an initiative to consolidate and virtualize servers at their Divisions, Districts, Centers and Headquarters. This initiative will take the current server count from 2880 to approximately 200 servers and will be completed in June 2011. USACE next initiative is to centralize these servers to the two processing centers.
IT Master Plan PDT Project Kick-Off Meeting

1-3 February 2011 Meeting Attendees
Name Organization ACE-IT IWR CENWD CECW CESAS CEMP CEMP CEMVR ERDC CENAU
(b)(6) (b)(6)
Present
Name
Organization Mitre Army HQE CECI-E CECI-E CECI-E CECI-E CECI-E
Present
Mitre
CESI ERDC-ITL CESAM CENAP CEMP CESWT CEPOD ERDC-AGC CETAD CECW
Minutes: Capabilities Unique to specific subset of users: HW/SW Evauation , customization (COTS) developm ent Elevated Administraton Rights (GIS CoP/CADD; Water Control; First responders) Electronically share data with customers (DOD and other stakeholders) Mobile computing Development DREN
Enterprise Desired Capabilities Application Rationalization COTS Intergration BPR VOIP Flash Memory/USB issue 3rd World Apps (Rapid Deployment) JWICSs
IT Master Plan PDT

T&D Remote Sensing/Data Collection Non-CAC Access OCONUS HW/SW OCONUS Contracting Local National WF Non-US or .mil Enterprise Issues: Language Differences/Challenges(Help Desk) Enterprise components include mailroom, VI FMS0 Shadow organization- how do we account for them; cost them Wireless Non-Standard HW (Excluded) Requiremnets Process not a good process to identify Response Time Support Model Service Model; SLA; Governance Finance model what should we use Identity Management SSO COOP Social Media must address Telework need guidance Property Accountability
Page 104 redacted for the following reason: --------------------b(5) deliberative meeting notes, attorney-client, attoreny work product
STAFF ACTION SUMMARY Number: CECI

Subject: Email Policy Action Officer: Carey OLeary
Action
Suspense: 4 Jan 2010 Date: 29 December 2010
Office Symbol: CECI-E
1. Purpose. The purpose of this memorandum is to set policy for the U.S. Army Corps of Engineers (USACE) enterprise email and to establish a timeline to complete the infrastructure of centralization of all email services to the Central and Western Processing Centers. Background. USACE does not have a policy placing limits on mailbox sizes therefore some sites have large mailbox stores which make the exchange environment unstable. Discussion. In order to better manage email services across the enterprise, provide a more stable environment, reduce delays in delivering/receiving email messages, and to ensure email service is not interrupted, there is a need to ensure that limits are placed on overall email message store sizes. Establishing a limit on the size for email boxes will enable ACE-IT to design the future USACE enterprise email infrastructure which includes upgrading to the Exchange 2010 environment and centralizing all email services to the two processing centers.
Action: Office Symbol CEIT CECC CECI-E CECI-ZB
Approved Name
(b)(6)
See Me Coordination Concur/Non-Concur

(b)(6)
Other Date 29 Dec 2010
Gary Seibert
(b)(6)

Subject: Email Policy Action Officer: Carey OLeary
Action
1. Purpose. The purpose of this memorandum is to set policy for the U.S. Army Corps of Engineers (USACE) enterprise email and to establish a timeline to complete the infrastructure of centralization of all email services to the Central and Western Processing Centers. Background. USACE does not have a policy placing limits on mailbox sizes therefore some sites have large mailbox stores which make the exchange environment unstable. Discussion. In order to better manage email services across the enterprise, provide a more stable environment, reduce delays in delivering/receiving email messages, and to ensure email service is not interrupted, there is a need to ensure that limits are placed on overall email message store sizes. Establishing a limit on the size for email boxes will enable ACE-IT to design the future USACE enterprise email infrastructure which includes upgrading to the Exchange 2010 environment and centralizing all email services to the two processing centers.
Action: Office Symbol CEIT CECI-E CECI-ZB
Approved Name
(b)(6)
Other Date
Gary Seibert
(b)(6)

Subject: Waiver for migration to DoD Enterprise Email Action Officer: Carey OLeary
Action
Purpose. The purpose of this memorandum is to request a waiver until 30 September 2013 from the migration to DoD Enterprise Email. Background. On 22 December 2010, HQDA released EXORD 058-11 requiring Army agencies to migrate to DoD Enterprise Email by 1 October 2011. Discussion. Requirements as stated in the EXORD (Paragraph 3.C.4.H) to migrate to DoD Enterprise Email is that all desktops and laptops will be configured with: AGM Windows Vista SP2 (or newer), AGM Office 2007 SP2, AGM Tumbleweed Desktop Validator 4.10; and AGM ActivClient 6.2. If the requirements are not met, the result is the inability to access the DoD email service. Currently U.S. Army Corps of Engineers (USACE) has an approved Vista wavier until 1 October 2013 (enclosure One). The rough order of magnitude (ROM) for USACE to migrate to Vista in FY11 is approximately $30 million in hardware and labor. USACE does not have $30 million in their budget to migrate to Vista in FY11. The POA&M that is attached contains the milestones that USACE will meet in order to get to Windows 7 by 1 October 2013 and technical discussions that need to occur to ensure migration can occur once desktop compliance is met. The Army draft EXORD and information paper was sent out to the HQ Directorates and the only comments were received from CECC. Their comments do not come into effect since USACE is requesting a waiver from this initiative.
Approved Name
(b)(6)
Other Date
Gary Seibert
(b)(6)

Subject: Waiver for migration to DoD Enterprise Email Action Officer: Carey OLeary
Action
Purpose. The purpose of this memorandum is to request a waiver until 30 September 2013 from the migration to DoD Enterprise Email. Background. On 22 December 2010, HQDA released EXORD 058-11 requiring Army agencies to migrate to DoD Enterprise Email by 1 October 2011. Discussion. Requirements as stated in the EXORD (Paragraph 3.C.4.H) to migrate to DoD Enterprise Email is that all desktops and laptops will be configured with: AGM Windows Vista SP2 (or newer), AGM Office 2007 SP2, AGM Tumbleweed Desktop Validator 4.10; and AGM ActivClient 6.2. If the requirements are not met, the result is the inability to access the DoD email service. Currently U.S. Army Corps of Engineers (USACE) has an approved Vista wavier until 1 October 2013 (enclosure One). The rough order of magnitude (ROM) for USACE to migrate to Vista in FY11 is approximately $30 million in hardware and labor. USACE does not have $30 million in their budget to migrate to Vista in FY11. The POA&M that is attached contains the milestones that USACE will meet in order to get to Windows 7 by 1 October 2013 and technical discussions that need to occur to ensure migration can occur once desktop compliance is met.
Approved Name
(b)(6)
Other Date
Gary Seibert
(b)(6)
STAFF ACTION SUMMARY Control #:

(HQUSACE)
Suspense: 6 Jan 2011 Date: 3 Jan 2011 E-Mail: Carey.c.oleary@usace.army.mil DCG Approval CG Signature
Subject: Office Symbol: CECI-E
Army Migration to DOD Enterprise Email Services Waiver Action Officer: Carey OLeary Decision Telephone #: 703-428-6287 CSM Read-Ahead
Routing: CS For: Information
Purpose. The purpose of this memorandum is to request a waiver until 30 September 2013 from the migration to DoD Enterprise Email. Bottom Line. On 22 December 2010, HQDA released EXORD 058-11 requiring Army agencies to migrate to DoD Enterprise Email by 1 October 2011. Discussion. Requirements as stated in the EXORD (Paragraph 3.C.4.H) to migrate to DoD Enterprise Email is that all desktops and laptops will be configured with: AGM Windows Vista SP2 (or newer), AGM Office 2007 SP2, AGM Tumbleweed Desktop Validator 4.10; and AGM ActivClient 6.2. If the requirements are not met, the result is the inability to access the DoD email service. Currently U.S. Army Corps of Engineers (USACE) has an approved Vista wavier until 1 October 2013 (enclosure One). The rough order of magnitude (ROM) for USACE to migrate to Vista in FY11 is approximately $30 million in hardware and labor. USACE does not have $30 million in their budget to migrate to Vista in FY11. The POA&M that is attached contains the milestones that USACE will meet in order to get to Windows 7 by 1 October 2013 and technical discussions that need to occur to ensure migration can occur once desktop compliance is met. The Army draft EXORD and information paper was sent out to the HQ Directorates and the only comments were received from CECC. Their comments do not come into effect since USACE is requesting a waiver from this initiative.
Releaser: Mr. Robert V. Kazimer, Director, Corporate Information Recommendation: MG Temple sign Memo Action: Organization CEIT CECI-E CECI-ZB Approved Name Gary Seibert
(b)(6)
See Me Coordination Concur/Nonconcur

(b)(6)
Other Date 29 Dec 2010
USACE FORM 1-10A, FEB 03
All previous editions are obsolete
Agenda USACE Technical DoD Enterprise Email Discussion 3-4 May 2011 http://TheMcNuttHouse.com 815 1st St East Vicksburg, MS 3 May 2011 0830 0900 Introductions and agenda 0900 0945 Architecture overview briefing of DISA Enterprise Email 0945 1015 USACE architecture briefing 1015 1030 Break 1030 1100 Communication connections discussions Bandwidth to Internet/sites OCONUS traffic routing NIPRNET Ability to whitelist systems if blocked 1100 1130 Address book Size of .oab/impact on client and travelers Approaches to reduction in size of Address book Addition/Management of external addresses in GAL Management of DLL/CDLs/Resource addresses 1130-1200 TBD 1200 1300 Lunch 1300 1400 MINI PODS Description Costing if any Possibility of deploying near-term pico-pod for testing Facility funding 1400 1430 BES/Good Impact on BES environment AD environment Itrezzo interfaces 1430 1445 Break 1445 1545 Email Archival and Litigation Migration of PSTs
Discussion of Unlimited Limits/advantages of archiving tool and/or licensing Procedures for requesting litigation caused retrievals 1545 1700 Migration steps and procedures (GAL download, 50 MB) How migrations are performed How data > 50MB is migrated Limitations on size of migrations 4 May 2011 0830 1200 Discuss Integrated Applications Cisco VoIP/Voice mail integration Cisco presence server integration Cisco unified meeting place Cisco telepresence scheduling/Webex Ad-hoc emergency notification system Sharepoint (unified calendar etc.) 1200 1300 Lunch 1300 1400 Tour CPC 1400 - 1430 Drive back to Meeting place 1430 1530 Overflow questions Non-CACable users (IFN/AFN etc.) Support responsibilities to remain with USACE upon migration Impact of partial migration at a site- interoperability 1530 1630 Next steps Costs Schedule Action items
NOTES - Potentially resolved previously raised issue re EDMS/TRIM functionality. Current integration is with the client only. Additional mail service is configured in Outlook Inbox that delivers message to TRIM database servers at WPC and CPC. Testing with pico-pod will validate - Resolved previously raised issue re DRM/Gigatrust functionality. This project was defunded for FY-12.
Pages 114 through 171 redacted for the following reasons: ---------------------------(b)(5) Deliberative material, alternatives, and recommendations (b)(5) Deliberative observations/opinions/recommendations (b)(5) draft documents
Cloud Migration USACE is reviewing various options as they relate to cloud computing but is also bound by any Army and DoD security requirements as they relate to cloud computing on resources outside of the DoD enclaves. U.S. Army Corps of Engineers (USACE) is also moving to heavily virtualized server environments that can allow us to simulate more cloud functionality of moving server images between sites and sharing of server resources. In addition USACE is launching an initiative to evaluate the overall AIS (Automated Information Systems) architectures to determine their impact on migrating to cloud services where software modules, storage and compute capacity are billed based on usage. Data Center Consolidation The U.S. Army Corps of Engineers (USACE) is part of the Army Data Center Consolidation Plan (ADCCP). The Army has completed a data call on all the data centers that fit the definition and developed criteria to rank data centers to be closed and those to be consolidated into larger Processing Centers. Currently the two USACE processing centers are identified for continued operations for the next five years. Currently USACE has an initiative to consolidate and virtualize servers at their Divisions, Districts, Centers and Headquarters. This initiative will take the current server count from 2880 to approximately 200 servers and will be completed in June 2011. USACE next initiative is to centralize these servers to the two processing centers.
Pages 173 through 217 redacted for the following reasons: ---------------------------(b)(5) Briefing slides, deliberative material, alternatives, and recommendations (b)(5) deliberative, recommendations
(b)(6) From: Sent: Friday, June 17, 2011 10:30 AM (b)(6) To: DLL-HQ-CECI-Executive Staff; O'Leary, Carey C HQ02; (b)(6) HQ@MVK; HQ02 Subject: Practical Information for Moving into the Cloud (Prepping for eCPIC Decision Brief) (UNCLASSIFIED) Attachments: Draft Cloud Computing Synopsis-NIST-SP800-146.pdf
Classification: UNCLASSIFIED Caveats: NONE Team, FYSA. Here is a Draft publication from the National Institute of Standards and Technology that lays out Cloud Computing Synopsis and Recommendations. I am hopeful that something in this document will help inform our discussions with USACE stakeholders as we go for final approval for eCPIC.
(b)(6) Our PM, is leading the charge to get all stakeholders concerns and questions answered regarding storing USACE IT Investment data in the "GSA Cloud." You will be hearing more from her on this.
(b)(5)
In the meantime, since the objective of this publication is to "explain cloud computing technology in plain terms and provide practical information for decision makers moving into the cloud" I am thinking this might help us. If you get a chance to read this and/or an offer any insight on this issue, I would appreciate it. Thanks,
(b)(6)
file:///C|/...for%20Moving%20into%20the%20Cloud%20%20(Prepping%20for%20eCPIC%20Decision%20Brief)%20(UNCLASSIFIED).txt[8/23/2011 3:31:43 PM]
From: O'Leary, Carey C HQ02 Sent: Thursday, February 17, 2011 2:30 PM (b)(6) To: Seibert, Gary M HQ@SAS;
(b)(6)
(b)(6)
Subject:
RE: 25 POINT IMPLEMENTATION PLAN TO IT REFORM (UNCLASSIFIED)
Classification: UNCLASSIFIED Caveats: NONE U.S. Army Corps of Engineers (USACE) has centralized many of their Automated Information Systems (AISs) to their two processing centers that run as a private cloud environment with one Service Provider managing the operations. Many platforms are available for applications to run on including Windows and UNIX based Servers, Database platforms (Oracle Servers, MSSQL), Web services (Windows and UNIX), thin-client infrastructures (Citrix Servers) and Intel platform virtualization (VMWare). Some of the AISs that are already running at the processing centers are the Corps of Engineers Financial Management System (CEFMS), Program and Project Management System (P2), Operations and Maintenance Business Information Link (OMBIL) and Facilities and Equipment Maintenance (FEM). These applications are available from anywhere as long as there is connectivity into the private cloud (CorpsNet). In addition to cross AIS integrations, the processing center infrastructure is configured to share storage across the various computing platforms in order to support overall virtualization but also to support cross-center storage based replication tools to provide for continuity of operations. In addition many of the enterprise AISs directly interface with the Netezza based Electronic Data Warehouse located at both centers. USACE is also moving to heavily virtualized server environments that can allow us to simulate more cloud functionality of moving server images between sites and sharing/consolidating server resources. In addition USACE is continuing to evaluate the overall AISs that have not been migrated to CorpsNet to determine the impact on migrating them to cloud services. Of note is that many of the enterprise-level AISs are tightly integrated with each other and connected within the centers at high speeds to support this integration. There are a few applications within USACE that have been developed and are hosted/operated for non-USACE entities that may be candidates for non-USACE cloud deployments in that these AISs are on coupled with the other enterprise systems or authentication models (Active Directory) Any decisions to move services or platforms from CorpsNet to a federal, private, or public cloud must be approved by Army. v/r, Carey C. O'Leary U.S. Army Corps of Engineers Corporate Information
file:///C|/...ts/Weismann/RE%2025%20POINT%20IMPLEMENTATION%20PLAN%20TO%20IT%20REFORM%20(UNCLASSIFIED).txt[8/23/2011 3:31:42 PM]
Automation Program Manager Wk: 703-428-6287

(b)(6)
Fax: 202-761-5900 carey.c.o'leary@usace.army.mil Classification: UNCLASSIFIED Caveats: NONE
file:///C|/...ts/Weismann/RE%2025%20POINT%20IMPLEMENTATION%20PLAN%20TO%20IT%20REFORM%20(UNCLASSIFIED).txt[8/23/2011 3:31:42 PM]
Pages 221 through 229 redacted for the following reasons: ---------------------------(b)(5) Briefing slides, deliberative material, alternatives, and recommendations

CECI-ZC (25-2)
MEMORANDUM THRU Program and Project management Division (CECI-P, Directorate of Corporate Information, US Army Corps of Engineers, 441 G Street NW, Washington, DC 20314 MEMORANDUM FOR Director, Directorate of Corporate Information (CECI-Z) / Milestone Decision Authority (MDA), US Army Corps of Engineers, 441 G Street NW, Washington, DC 20314 SUBJECT: Systems Decision Paper (SDP) for Life Cycle Management of Information Systems (LCMIS) Phase III approval of the Electronic Capital Planning and Investment Control (eCPIC) System
1. PURPOSE: LCMIS Phase III approval is required for the eCPIC system to enter production and deployment. 2. BACKGROUND AND DISCUSSION: a. Systems Description and Function: The Electronic Capital Planning and Investment Control (eCPIC) System is a web-based, GOTS application designed for the specific use of Government agencies enabling them to automate capital planning processes, improve data quality, enhance IT Governance, and produce more effective agency IT Portfolios. Features of the eCPIC tool include robust analytics, data quality control, and productivity enhancements. The tools capabilities provide system users with planned spend vs. actual spend, drill-down, trend, and what-if analyses in addition to investment scoring and data reporting. Key among all features is eCPICs streamlined integration with IT Dashboard and OMB submissions that allows for automated two-way data updates to include budget figures, XML schema changes, and final submissions. The compositional elements of forms, reports, and other mechanisms for data input/output are fully customizable. Implementation and hosting is supported by GSA through the bundled training and support services. b. Reason for Request: A business case was developed which included an analysis of several alternatives for the Next Generation Information Technology Investment Portfolio Tool for the capital planning process with additional capability beyond what the current ITIPS tool provides. Seven alternatives were considered in addition to P2 and EDW. Each alternative was examined to ensure that the foundational architectural and compositional elements were able to provide the overarching functionality required of the ITIPS-NG tool in support of the Capital Planning and Investment Management (CPIM) process. The Alternatives Analysis yields contrasting economic figures and metrics. A significant favorable difference exists between the costs, risks, and benefits of eCPIC and those of the remaining alternatives; therefore, eCPIC is the recommended solution to meet the Capital Planning requirements of USACE.
CECI-ZC (25-2) SUBJECT: Systems Decision Paper (SDP) for LCMIS Phase III approval of the eCPIC System
c. Project Justification: The current ITIPS system was created more than 20 years ago and the organization needs additional capability beyond what the tool currently provides. Currently, ITIPS is the central data repository for planned funding data of IT investments. Moving forward, the organization will need to track actual and planned expenditures in addition to project-level performance, risk, and strategic data to more efficiently manage the IT investment portfolio. In October 2009, USACE performed an extensive IT portfolio analysis that closely inspected the entire range of IT investments. The findings from this analysis discovered that PM reports detailing the performance of these investments were lacking in standardization and comprehensiveness. These ensuing gaps in reported data resulted in challenges to efficient project resource allocation and the ability to make budgeting determinations. Due to this intense need, USACE has identified eCPIC to meet these requirements which includes leveraging currently available data, enabling interoperability with other agency-wide systems, and improving the integrity of data through enhanced verification and validation protocols. d. Architecture: Upon review of architecture with CeA and ACE-IT, the software aligns and integrates with current USACE IT investments and strategy. The eCPIC provides USACE with its first real application that is provided by cloud computing. In looking at the security concerns, GSA is using NIST security standards and is willing to share the ATO and security testing results with the Corps. It is a web-based application that is easily accessible to USACE stakeholders. It provides the interoperability within USACE and to other government agencies, most importantly OMB with whom this system readily interfaces for monthly updates. The data must meet Federal, DOD, Army and USACE data standards. eCPIC meets those standards. Accordingly, this system meets most current and target architecture requirements. e. ITIPS Identifier: HCI06003 f. Information Assurance: GSA implements and hosts the eCPIC system providing the service as a subscription. GSA also provides core support, infrastructure as a service, and Tier 1 and Tier 2 help desk support. A Certificate of Networthiness (CoN) will not be required. Army CIO/G-6 will conduct a reciprocity review of GSAs security documentation to Army security requirements. CIO/G-6 gave verbal confirmation that the reciprocity review will satisfy Army requirements. GSA will provide the USACE with a memorandum confirming the following by September 15th each year:
1. Completion of the Annual Contingency Plan Test, including the date the test was completed; 2. Completion of the Annual Security Control Test, including the date the test was complete;
2
CECI-ZC (25-2) SUBJECT: Systems Decision Paper (SDP) for LCMIS Phase III approval of the eCPIC System
3. Status of Authority to Operate (ATO), including the date of the current ATO. If the ATO date is new or revised, a copy of the new ATO memorandum will also be provided; 4. The eCPIC system provides, at a minimum, the security control requirements in the moderate control baseline specified in the current version of NIST SP 800-53; and 5. The information being transmitted between NRC users and eCPIC is protected through the use of FIPS 140-2 validated encryption mechanisms. g. ADA Section 508 Compliance: The Department of Education has tested eCPIC and found the system highly 508 compliant. GSA agreed to correct key deficiencies in a future release in March 2012 to improve ADA Compliance. 3. IMPACT: Diminished capability to select, control, manage, and evaluate USACEs Information Technology Investments. These investments are part of an overall portfolio of over $500M. Products from the tool provide information used by senior leaders to make decisions regarding this portfolio. 4. COORDINATION: The SDP has been coordinated within CECI who has been a partner throughout the LCMIS process. CECI staff has had an opportunity to review the enclosed documentation. 5. RECOMMENDATION: CECI-P recommends / does not recommend that the MDA approve the enclosed Phase III documentation. 6. MDA Approval: Approved_______________ Disapproved_______________
8 Encls ROBERT KAZIMER 1. ITIPS-NG Project Charter Director, Corporate Information 2. ITIPS-NG Project Management Plan (PMP) 3. Data Management Plan 4. Core Investment Capabilities Document (CICD) 5. ITIPS-NG Investment Summary Sheet/Funding Strategy Document 6. Work Breakdown Structure/Gantt Chart of eCPIC Key Milestones 7. Privacy Impact Assessment 8. eCPIC White Paper
3
Project Management Plan For Information Technology Investment Portfolio Tool - Next Generation (ITIPS-NG)
11 July 2011
ITIPS Number HCI06003
Revision History
Date 05April 2010 11 May 2011 7 June 2011 11 July 2011 Version 1.0 Draft 2.0 Draft 2.1 Draft 3.0 Description Initial creation of document Updated document Updated document Updated document Author CECI-ZP Marty Mortenson CECI-P Dannetta Crasta CECI-P Dornesia Ward CECI-P Dornesia Ward
ITIPS-NG CECI-ZP Page 2 of 17
CECI-ZP Project Management Plan v2.1 7 June 2011
Table of Contents
1.0 Introduction ..................................................................................................................................................... 4 2.0 Project Scope .................................................................................................................................................. 5 3.0 Project Organization ..................................................................................................................................... 6 4.0 Detailed Project Specifications .................................................................................................................. 6 5.0 Critical Assumptions and Constraints ...................................................................................................... 13 6.0 Work Breakdown Structure ....................................................................................................................... 13 7.0 Scheduling ...................................................................................................................................................... 14 8.0 Funding ............................................................................................................................................................ 14 9.0 Communications Strategy ........................................................................................................................... 14 10.0 Close-out/project wrap-up plan ............................................................................................................... 15 11.0 Security impact............................................................................................................................................ 15 12.0 Risk Management ........................................................................................................................................ 16
1.0 Introduction
1.1 Purpose. This Project Management Plan (PMP) provides the way ahead for USACE in regards to selecting and implementing a new IT portfolio management system. The purpose of the new portfolio management system is to better manage USACEs IT portfolio and to provide ease of use to program and Automated Information System (AIS) managers. The PMP also defines the team members and each team members roles and responsibilities. Preparation of this document is under the administration of the CECI-ZP Capital Planning Office 1.2 Goals. The goal of this plan is to have ITIPS-NG purchased, implemented and integrated by the beginning of the next CFAT/EFAT cycle. In order to accomplish this goal, a disciplined schedule must be created and adhered to. Once this new portfolio management tool is implemented, CECI-ZP and program/AIS mangers will be able to better manage their IT investments. 1.3 Objectives. The objective of this initiative is to: Implement a portfolio management system that will allow the capital planning division to better evaluate how AIS/Program managers mange their respective programs. Support the primary business processes o Manage Automation, Telecommunications and Information o Conduct investigations and inspections o Program and budget for command operations o Monitor program/AIS budget execution o Conduct special studies o Collect, compile and publish statistics o IT Project Management o Procure Services, equipment and supplies Automation with IT Dashboard and OMB Exhibit 53 and Exhibit 300 submissions
Security controls, role-based access, and auditing.
1.4 Background. ITIPS was developed to serve as the USACEs corporate repository for its major IT programs and projects, and to institute innovative management, oversight and control with regard to the way IT is selected, acquired and evaluated. Implementation of ITIPS is the Corps response to and compliance with public laws and directives to implement the Program, Planning, Budgeting and Execution System; support the IT Capital Planning and Investment Decision Process; Life Cycle Management of Information Systems; and establishment of an IT Investment Portfolio. Current and future developmental requirements are included in the ITIPS Requirements Matrix.
2.0 Project Scope

2.1 Scope area. ITIPS-NG will be an essential management tool that provides feeder information for developing the Commands IT budget. This AIS will allow the Capital Planning Division and Program/AIS managers an accurate; real-time report of funds obligated, forecasting data to preclude high spikes in the budget and managing unscheduled initiatives. ITIPS-NG will allow users to enter detailed budget and project information and generate reports. The budget and inventory capabilities of the system will allow management groups to perform critical analysis of the agencys IT Portfolio, and programmatically develop modernization strategies. ITIPS-NG will support management initiatives to incorporate Life Cycle Management (LCM) procedures during the acquisition process to include establishing periodic reviews, creating evaluation checkpoints and developing budget calls. ITIPS-NG benefits will be realized in terms of cost, personnel and time to:
Develop reports (OMB 53s & 300s) Collect analyze and prepare budget inputs Inventory and account for IT assets Track IT costs Identify IT baseline Apply LCM to IT acquisitions
3.0 Project Organization

3.1 This project supports CECI organization. The project manager for this project is assigned from CECI-P. The Project Delivery Team (PDT) consists of Corps and contractors personnel. The Project Charter located at https://kme.usace.army.mil/ci/CIOrganization/PPM/ITPM/ITIPS-NG /default.aspx contains a list of the core PDT personnel and stakeholders.
4.0 Detailed Project Specifications

4.1 Functional Requirements. The functional requirements for ITIPS-NG are: Basic Investment Information / Processes Provide a data store for basic investment / inventory information (tracking, descriptive, POC, and basic categorization information) Provide for classification of investment by Modernization and Steady State Provide a data store for basic APMS investment / inventory information. Provide a data store for Baseline Assessment information. Provide a coordinated data set with the Enterprise Architecture. Example: Basic categorization information such as Line of Business. Provide the data set for DoD certifications LCMIS Information Provide the data set for LCMIS information (basic info about the phase, milestone reviews, milestones achieved, etc.) Must be able to provide for situations where certain portions of investments are in one phase and another portion is in another LCMIS phase (i.e. P2). Provide a linkage to LCMIS artifacts. Must be able to link to LCMIS artifacts that are generated for each investment. Requirements and Planning Information Provide the capability to distinguish between ESBL and OSBL.
Provide the data set for "requirements". This is where a single investment may have a finer granularity. This may be the same data object as an ITIPS record, but it will be considered part of another ITIPS record (i.e. it will not have it's own ITIPS number). Provide Investment Summary Sheets Provide the capability to group ITIPS investments under another investment to provide details of a major program that has many subcomponents that are themselves ITIPS investments. Budget and Financial Information Provide the data set to specify financial data for an investment. Must include cost categories, some of which can be identified as "fixed" (i.e. a cost category that does not change year over year). Provide data descriptions for each cost category. Classification of funding (i.e. Military vs Civil; certain appropriation; direct or revolving fund, etc.) Provide support for the process where funding sources can be validated. (This is more of a process requirement). Provide the capability to extract Actuals data from the financial authoritative data source. Provide for financial data categorized as "current", "requested" and "planned." Need to add POM year as a financial data set. Provide for classification of investment by Modernization and Steady State (same as requirement above, but here is specifically applies to the financial data) Provide for the local requirement to be able to distinguish between project funded and overhead. Provide ability to track IT costs to support enterprise and field level budgeting processes (Note: this may already be covered by other requirements above.)
Provide the ability to track the audit trail of financial data as the life cycle progresses. (What did you say last year vs this year -- is there a change and is there a reason for the change?) Portolio segregation to avoid doublecounting Produce the CCG input "Ed Zammit Spreadsheet" Exhibit 53 and 300 Provide in ITIPS the basic data set to support the Exhibit 53 Provide in ITIPS the basic data set to support the OMB 300 Compliance Information (PIA, FISMA, etc.) Provide in ITIPS the basic data set for PIA reporting and tracking Provide in ITIPS the basic data set for FISMA reporting and tracking Provide in ITIPS the data sets for other compliance information. Investment Ranking - Scoring Provide the ability to allow for multiple methods and criteria for the scoring and ranking of investments. Includes the data set related to the current score card as well as specific methods and criteria used by the CFAT and program sponsors. Reporting Provide the ability to perform analysis of the entire portfolio (i.e. trends, summaries, percentages analysis, by category, etc.) Reporting of data to internal and external stakeholders to include, OMB DOD, and DA. Data will be used in the USACE Command Consolidated Guidance (CCG); the Commanders Portfolio; the CFAT, EFAT, RFAT, DA Program Objective Memorandum (POM); and OMB and DA Civil Works submissions. Provide Data in XML format for OMB reporting Support the USACE IT Capital Planning and Investment Management Process (CPIM) The new ITIPS tool needs to provide the ability to track the actual costs vs what was planned through a link to CEFMS
ITIPS-NG CECI-ZP Page 8 of 17 CECI-ZP Project Management Plan v2.1 7 June 2011
Track the planning, acquisition, and monitor operations of USACE Information Technology Investments. ITIPS would be the ability to mark some requirements as "recurring" and have them automatically carry forward from year to year. Should support and enforce the enterprise. As such, the District is only programming the funds to support that effort and for District specific items In order to standardize the elements of the budget, standard costs for reimbursable services should be plugged in System should support workflows for activities that require multiple levels of approval In accordance with the Presidents Management Agenda, monitor investments to ensure they meet schedule, cost, and performance standards Facilitate Earned Value Management (EVM) and Operational Analysis of both steady state and development modernization, enhancement (DME) requirements. Be collaborative and web-enabled allowing both internal and external stakeholders ease of use and must be flexible enough to support future requirements System must have a CoN System must be CAC enabled Support quarterly reviews, analyses, and provide trend data for investments. Facilitate decision-making regarding IT investments. Improve efficiency of reporting to Office of Management and Budget (OMB), Department of Army (DA); and Department of Defense (DoD) Compatible with OMB reporting requirements to include Exhibits 53 and 300 Eliminate duplicative compilation/extraction of data for exhibits 53 and 300
Support agency-unique Civil Works Budget submission/reporting Be compatible with OMB reporting tools and processes Allow collaborative planning, acquisition, management, analyses, and efficient and reliable reporting of investments. Facilitate military and civil budget reporting processes Primary source for reporting both civil and military data sources as needed for reporting to Civil Works, DA, and DoD Facilitate internal review, analyses, and trend reporting. 4.2 Technical Requirements. ITIPS-NG is based on a Government-Owned Technology Solution (GOTS) product developed and hosted by General Services Administration (GSA) called eCPIC. The technical requirements for eCPIC are: Web based rather than software install Ability to run ad hoc reports Must be compliant with section 508 of the Rehabilitation Act Microsoft Internet Explorer Supports XML ASP.NET (Microsoft IIS) on Windows 2003 Server Supports both Oracle and Microsoft SQL Server Databases Web connectivity
4.3 Design/Architecture. The Component Layer consists of: Four principal modules: Investment Manager, Portfolio Manager, OMB Submission, Resource Manager The Utility Components listed are available to each module In addition, eCPIC can be customized and tailored through templates, and user defined objects such as fields and tables, views and filters to support agency-specific CPIC processes Surrounding the Component Layer are the integration and security layers:
The integration layer enables eCPIC to communicate with OMB system and internal agency systems via XML and web services to leverage the agencies IT Portfolio.
The security layer provides a secure environment through authentication, assignment of roles, rights and privileges so that users can only view and edit information that they are authorized to do so.
The component-base architecture allows enhancements to be made efficiently.
Component Based Architecture

eCPIC Platform
Security Layer Integration Layer Component Layer
Investment Manager Portfolio Manager OMB Submission Resource Manager
Customization and Tailoring CPIC Process Templates User-Defined Objects including Fields and Tables Utility Components Graphing / Charting Import / Export Search Spell Checker Text Zoom News and Alerts Field Help Messaging Review Expert Mode Reporting Admin Views and Filters
XML, Web Services Authentication, Roles, Rights, Privileges
eCPIC SLA13
OMB IT Dashboard Web Service
Other Applications
Enterprise Firewall
eCPIC
eCPIC Web Service
EA Tool
Risk Tool
Financial Tool
EVM Tool
15
Department/Agency Apps
4.4 Data Management Plan. The Data Management Plan is located on the SharePoint IT Investment site (https://kme.usace.army.mil/ci/CIOrganization/PPM/ITPM/ITIPS-NG /default.aspx). 4.5 Records Management Plan. The Records Management Plan and PIA Surveys are located on the SharePoint IT Investment site (https://kme.usace.army.mil/ci/CIOrganization/PPM/ITPM/ITIPS-NG /default.aspx). 4.6 Production Environment. The production environment for this project is at the GSA. The system will be hosted and managed by GSA. 4.7 Implementation and Deployment. The GSA has provided access to the test site. After administrator training has been completed, training sessions will be held for users following the rollout. Users will be assigned a username and password and will access the ITIPS-NG tool using the Internet. 4.8 Operations and Training Support Plan. ITIPS-NG operations and training support are provided by GSA and CECI-Z. ITIPS-NG is not considered a critical system and is not hosted by USACE so a Contingency of Operations (COOP) is not required for this system.
5.0 Critical Assumptions and Constraints

5.1 Assumption. All USACE IT Programs and AISs use ITIPS to submit IT requirements. This includes enterprise and local requirement gathering. 5.2 Assumption. ITIPS-NG will be the data source for financial information related to AIS and IT Program quarterly reviews. 5.3 Assumption. The AIS proponent will provide sufficient detail in the PMP or CRQ Initiation Document to allow ACE-IT to implement the technical equivalent of the change request provided that funding is available and approved. 5.4 Assumption. End users must be trained on system use in order to use the system for the FY13 planning cycle. 5.5 Assumption. Current ITIPS is not fully compatible with Windows 7. ITIPS needs permissions to folders that are not granted by default in Windows 7. The application needs to be rewritten to comply with Microsoft standards or permissions will need to be granted to users who use the application. 5.6 Assumption. ITIPS-NG will reduce redundant data calls. 5.7 Assumption. ITIPS-NG will streamline OMB reporting through the direct interface with the Federal IT Dashboard and reduce the need for contract support and funding. 5.8 Funding Constraints. FY11 constraint is $200K FY12 constraint is $300K FY13 constraint is $306K Funding constraints may lead to a spiral type implementation
5.9 Schedule Constraints. This AIS needs to be functional before AIS and program managers submit their FY13 IT requirements.
6.0 Work Breakdown Structure

6.1 General. A detailed WBS is located at https://kme.usace.army.mil/ci/CIOrganization/PPM/ITPM/ITIPS-NG /default.aspx.
7.0 Scheduling
7.1 General. A detailed Gantt Chart is located at https://kme.usace.army.mil/ci/CIOrganization/PPM/ITPM/ITIPS-NG /default.aspx.. 7.3 Status tracking. Status of the ITIPS-NG implementation will be tracked with a Gantt chart with appropriate milestones.
8.0 Funding/Budget
8.1 Item ITIPS-NG is authorized in FY11 $200K 8.2 Item ITIPS-NG is authorized in FY12 $300K 8.3 Item ITIPS-NG is authorized in FY13 $306K 8.4 Item ITIPS-NG budget for FY11 is as follows
Costs Labor Costs Development Team Test Team Database Administration Project Management Training Costs User Manual Online Training Travel Fielding Costs Data Conversion Costs Software Costs Hardware Costs Travel Contingency $10,000 $200,000 $25,000 Total
9.0 Communications Strategy

9.1 The progress of ITIPS-NG, including the roll-out and training plan, will be disseminated to all relevant stakeholder via email. Each stakeholder group will be asked to provide the ITIPS-NG PM with a list of users and personnel for training purposes.
9.2 Training will be conducted for all members as part of the process implementation based on the roll-out plan. This will be detailed in the Schedule.
10.0 Close-out/project wrap-up plan

10.1 Documentation - Upon completion of the first spiral of implementation, the Project manager will review all Life Cycle Management of Information System (LCMIS) documentation and upload these documents to the ITIPS-NG SharePoint site. These documents will also be given to the MDA for review and sign off. 10.2 Checklist - It is the responsibility of the ITPM to provide a closeout checklist that will validate that all actions have been taken, all documentation has been created and is available, and other follow on activities like maintenance have been coordinated.
11.0 Security
11.1 Security Documentation Required Security documentation will be placed on the ITIPS-NG investment site located at https://kme.usace.army.mil/ci/CIOrganization/PPM/ITPM/ITIPS-NG /default.aspx. Army CIO/G-6 will conduct a reciprocity review of GSAs security
documentation to Army security requirements. CIO/G-6 gave verbal confirmation that the reciprocity review will satisfy Army requirements.
11.2 Memorandum of Understanding - GSA will provide USACE with a memorandum confirming the following by September 15th each year: Completion of the Annual Contingency Plan Test, including the date the test was completed; Completion of the Annual Security Control Test, including the date the test was complete; Status of Authority to Operate (ATO), including the date of the current ATO. If the ATO date is new or revised, a copy of the new ATO memorandum will also be provided;
The eCPIC system provides, at a minimum, the security control requirements in the moderate control baseline specified in the current version of NIST SP 800-53; and
The information being transmitted between NRC users and eCPIC is protected through the use of FIPS 140-2 validated encryption mechanisms.
12.0 Risk Management

12.1 General- This section outlines the risks associated with implementing ITIPS-NG during the FY12 fiscal cycle
Area of Risk
1. Initial Costs 2. Life-Cycle Costs 3. Technical Obsolescence
Description
Risk of cost growth Increase in total cost of ownership
Probability of Occurrence
Low Low
Strategy for Mitigation

Defined cost subscription. As more agencies use the tool costs are stable. High risk in current tool since it is not fully compatible with Win 7. Because it is not installed software and is hosted externally, risk is low for the eCPIC selection. Not a developmental item. Already in use by other agencies. Possible issue if firewall or configuration issues make access problems Currently no linkages with other investments. May become an issue if a decision to link to APMS for Army reporting or CEFMS Inherent risk of external hosting. Maintaining local copies of data will mitigate this risk. Because the information is stored in XML, if this product changes or becomes unavailable moving to something else is less difficult Because it is used by other agencies, it is not as restrictive to find knowledge about the tool as is the current ITIPS. Required management is minimal Tool already in use. Risk is low to mirror our current process and tool. Risk increases as more new features are added
Use of obsolete technology
Low
4. Feasibility 5. Reliability of Systems 6. Dependencies and interoperability between this investment and others 7. Security (Asset Protection) considerations 8. Risk of creating a monopoly for future 9. Capability of Agency to manage the investment 10. Overall risk of project failure 11. Organizational and Change Management
Solution wont work Problems with the system staying up and available
Low Low
Issue with linking of investments
Low
Protection of the information in the system
Low-Medium
Forced into a solution for the future
Low
Do we have what we need to make it work?
Low
Can the project fail?
Low
Can we make it work in our environment?
Low-Medium
12. Business
Will the tool support the business?
Medium
It will certainly support the Capital Planning Process. The links with project management and financial management will come later. Building on mature data and on OMB defined information. Some issues with linkages with other processes Basic web interface. High risk in current tool because it is not fully compatible with Windows 7. Links to campaign plan 4c standardize processes. As a basic utility, it is not as critical strategically as investments such as OMBIL or CEFMS, so risk is low. It has security accreditation through NIST. Army CIO/G-6 will conduct a reciprocity review of GSAs security documentation to Army security requirements. CIO/G-6 gave verbal confirmation that the reciprocity review will satisfy Army requirements. Beyond basic information such as project manager names there is no privacy data in the system We have the funds. Time is problematic if we dont get moving. Team is not as seasoned in the process as would be ideal, but it will be made to work. Using a phased implementation approach to implement OMB reported data, USACE Enterprise data, and Local data in sequence provides time to mitigate risks. OMB reported data is already in XML format and other data in spreadsheets.
13. Data / Information
How well defined is the needed information that the tool will use?
Low-Medium
14. Technology
Is the technology proven?
Low
15. Strategic
How does it support the strategic goals?
Low
16. Security
How secure is it?
Low
17. Privacy
Is personally identifiable data protected
Low
18. Project Resources
Do we have the people, money, and time to do the project
Low-Medium.
19. Data Migration
Migrating data from ITIPS to ITIPS-NG. The data which currently resides in ITIPS is critical to the success of ITIPS-NG.
Low
(b)(6)
(b)(6)
(b)(6)
(b)(6)
(b)(6)
(b)(6)

Responsive Document - CREW: Department of The Army: Regarding Record Management and Cloud Computing (6/24/2011 FOIA Requests) : 4/4/2012 - Redacted USACE Pages - Binder

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Responsive Document - CREW: Department of The Army: Regarding Record Management and Cloud Computing (6/24/2011 FOIA Requests) : 4/4/2012 - Redacted USACE Pages - Binder

Uploaded by

Copyright:

Available Formats

USACE Simplified Network Overview for Email

CONUS USACE Research Datacenters and USACE Applications/ SCADA

USACE email Exchange 2003 BES server

CorpsNet (AT&T, Verizon MPLS)

Sensors generate automated email (water table, temperature)

CONUS Office LAN/WiFi

Local Exchange instance

DEPARTMENT OF THE ARMY

DAA Signature Block

Date: Organization Project Name

1-Jan-10 US Army Corps of Engineers WIN7 DESKTOP DEPLOYMENT

DOIM Name: DOIM Phone: DOIM Email:

ACE-IT (Army Corps of Engineers Information Technology) 1 866 562-2348 https://www.aceit.usace.army.mil

POC Name: POC Phone: POC Email:

Gary Seibert 912-652-5806 gary.m.seibert@usace.army.mil

Resources Required AGM Vista 8.x and 9.x images

Scheduled Completion Date

APMS REGISTERATION NUMBER(s)

# OF SIPR PC Number of computers not Vista compliant

# OF NIPR PC Number of computers not Vista compliant

Waiting for AGM Windows7

AGM Windows7 AGM Windows7 AGM Windows7

12/31/2011 12/31/2012 9/30/2013

160 PC Refresh: 01Jan2012-31Dec2012 80 PC Refresh: 01Jan2013-30Sep2013 0

31,400 15,700 15,700

UNCLASSIFIED/FOR OFFICIAL USE ONLY/ENCRYPT FOR TRANSMISSION

Forest Consolidation Plan

Projected Final Result

NETCOM / 9th Signal Command (Army) Voice of the Army

2 UNCLASSIFIED/FOR OFFICIAL USE ONLY/ENCRYPT FOR TRANSMISSION

UNCLASSIFIED/FOR OFFICIAL USE ONLY/ENCRYPT FOR TRANSMISSION

3 UNCLASSIFIED/FOR OFFICIAL USE ONLY/ENCRYPT FOR TRANSMISSION

Date: Organization Project Name

28-Dec-10 US Army Corps of Engineers Army Enterprise Email Migration

DOIM Name: DOIM Phone: DOIM Email:

ACE-IT (Army Corps of Engineers Information Technology) 1 866 562-2348 https://www.aceit.usace.army.mil

POC Name: POC Phone: POC Email:

Carey O'Leary 703-428-6287 carey.c.oleary@usace.army.mil

Gary Seibert 912-652-5806 gary.m.seibert@usace.army.mil

Scheduled Completion Date

Milestones with Completion Dates

APMS REGISTERATION NUMBER(s)

Expected Upgrade Date

Number of computers not Vista compliant

Number of computers not Vista compliant

AGM Windows7 AGM Windows7 AGM Windows7

12/31/2011 12/31/2012 9/30/2013

160 PC Refresh: 01Jan2012-31Dec2012 80 PC Refresh: 01Jan2013-30Sep2013 0

31,400 15,700 15,700

Field Sites Korea Japan

Field Sites Iraq 1-10

Scheduled for Centralization

DISA Email CorpsNet Archival via Enterprise Vault

No Inbound connections Allowed (1)

Mini-Pod Deployment Bigelow

Minipod tunnels to NIPRnet/DISA

No Inbound connections Allowed (1)

No Inbound connections Allowed (1)

Mini-Pod Tunnels to NIPRnet/DISA Bigelow

DISA Japan Minipod

Fax: 202-761-5900 carey.c.o'leary@usace.army.mil

Classification: UNCLASSIFIED Caveats: FOUO

file:///C|/...ents/FOIA/Responsive%20Documents/Weismann/Typepad/7%20day%20suspense%20on%20EXORD%20(UNCLASSIFIED).txt[8/9/2011 11:48:22 AM]