Agency:
- Has an Enterprise Architecture with a score of 4 in the “Completion” section and 3 in both the “Use” and “Results” sections;
- Has acceptable business cases for all major systems investments and no business cases on the “management watch list;”
- Has demonstrated appropriate planning, execution, and management of major IT investments, using EVM or operational analysis and has portfolio performance within 10% of cost, schedule, and performance goals;
- Inspector General or Agency Head verifies the effectiveness of the Department-wide IT security remediation process and rates the agency certification and accreditation process as “Satisfactory” or better;
- Has 90% of all IT systems properly secured (certified and accredited);
AND
- Adheres to the agency-accepted and OMB-approved implementation plan for all of the appropriate EGov/ Lines of Business/SmartBuy initiatives and has transitioned and/or shut down investments duplicating these initiatives in accordance with the OMB-approved implementation plan.
To maintain green status, agency:
- Has ALL IT systems certified and accredited;
- Has IT systems installed and maintained in accordance with security configurations;
- Has demonstrated for 90% of applicable systems a Privacy Impact Assessment has been conducted and is publicly posted; AND
- Has demonstrated for 90% of systems with personally identifiable information a system of records has been developed and published.
|
Agency:
- Has an Enterprise Architecture with a score of 4 in the “Completion” section and 3 in either the “Use” or “Results” sections;
- Has acceptable business cases for more than 50% of its major IT investments;
- Submits security reports to OMB that document consistent security improvement and either:
• 80% of all IT systems are properly secured; OR
• Inspector General or Agency Head verifies the effectiveness of the Department-wide IT Security Plan of Action and Milestone Remediation Process;
- Has demonstrated appropriate planning, execution, and management of major IT investments, using EVM or operational analysis, and has IT portfolio performance operating within 30% of cost, schedule, and performance goals;
AND
- Has an up-to-date agency-accepted and OMBapproved implementation plan for all of the appropriate E-Gov/Lines of Business/SmartBuy initiatives rather than creating redundant or agency unique IT projects.
|
Agency:
- Does not have an Enterprise Architecture with a score of 4 in the “Completion” section and 3 in either the “Use” or “Results” sections;
- Does not have acceptable business cases for more than 50% of its major IT investments;
- Has not submitted Security Reports to OMB that document consistently security improvement and cannot demonstrate that:
•80% of all IT systems are properly secured; OR
• Inspector General or Agency Head has verified the effectiveness of the Department-wide IT Security Plan of Action and Milestone Remediation Process;
- Has cost and schedule overruns, and performance shortfalls, that average 30% or more; OR
- Does not have an up-to-date agency-accepted and OMB-approved implementation plan for all of the appropriate E-Gov/Lines of Business/SmartBuy initiatives rather than creating redundant or agency unique IT projects.
|
