Project Initiation & Planning
Request for Certification and Release of Funds Form
All Certified Projects Must Follow NM State Policies and Procurement Code
Project GovernanceProject Name
/ The E-Enterprise Integrated Identity Solution ProjectDate / October 28, 2015
Lead Agency / NM Environment Department
Other Agencies / Wyoming Department of Environmental Quality, and Tennessee Department of Environment and Conservation and US Environmental Protection Agency
Executive Sponsor
/ Mary Montoya (NM Environment Department Chief Information Officer)Agency Head / Secretary Ryan Flynn
Agency CIO/IT Lead / Mary Montoya
Project Manager / Bogi Malecki
Project Abstract (Provide a brief description and purpose for this project)
The project will assess three operational single sign-on systems at the NM Environment Department (NMED), Wyoming Department of Environmental Quality, and Tennessee Department of Environment and Conservation so as to determine the impact of implementing a proposed federated identity solution. This will include (1) a review of existing state systems and EPA shared services, (2) the design of a proposed future architecture of federated identity for Exchange Network partners, (3) the implementation of a proof of concept, and (4) an analysis of impacts and requirements for a roadmap to transition to the future architecture.
Planned Start Date / November 2, 2015 / Planned End Date / May 30, 2017
Requested amount this Certification / $36,790.00 / Remaining Appropriation not Certified / $435,880.00
Appropriation History (Include all Funding sources, e.g. Federal, State, County, Municipal laws or grants)
Fiscal Year
/ Amount / Funding SourceFY16 / $472,737.00 / Federal Assistance Award #83594501 (EPA)
Proposed Major Deliverable Schedule and Performance Measures
Major Project Deliverable and Performance Measure
/ Budget /Due Date
/Project Phase
Project Narrative, Scope, Deliverables, Budget(Internal NMED resources only) / $3,750.00 / 11/13/15 / Planning
Develop & Execute Contracts and MOAs
(Internal NMED resources only) / $10,500.00 / 11/23/15 / Planning
Purchase software licenses to support project / $11,040.00 / 11/25/15 / Planning
Requirements Collection & Analysis
Acquire, document and make actionable, measurable and testable all project requirements s that they're sufficient for policy, process and/or system designs. / $11,500.00 / 12/11/15 / Planning
Deliverable 1: EPA discovery and solutions assessment engagement for Federated Identity Management.
Performance Measure: Documentation of current as-is system from the perspective of application programming interfaces, technical requirements, functionality, and end-user interactions. Documentation that describes the additional or modified services needed for NAAS and Virtual CROMERR to meet the proposed future state documented in Goal 5. Verification of the technical feasibility of the proposed solution in the form of use cases and proof of concept code. / $25,617.00 / 8/15/16 / Planning
Deliverable 2: Host state (New Mexico Environment Department) discovery and solutions assessment engagement for Federated Identity Management.
Performance Measure: Documentation of current as-is system from the perspective of application programming interfaces, technical requirements, functionality, and end-user interactions. Documentation that describes the additional or modified services needed for SEP to meet the proposed future state documented in Goal 5. Verification of the technical feasibility of the proposed solution in the form of use cases and proof of concept code. / $85,248.00 / 10/15/16 / Planning
Deliverable 3: Partner State Tennessee discovery and solutions assessment engagement for Federated Identity Management.
Performance Measure: Documentation of current as-is system from the perspective of application programming interfaces, technical requirements, functionality, and end-user interactions. Documentation that describes the additional or modified services needed for Tennessee’s Single Sign On system to meet the proposed future state documented in Goal 5. Verification of the technical feasibility of the proposed solution in the form of use cases and proof of concept code. / $118,182.00 / 11/1/16 / Planning
Deliverable 4: Partner State Wyoming discovery and solutions assessment engagement for Federated Identity Management.
Performance Measure: Documentation of current as-is system from the perspective of application programming interfaces, technical requirements, functionality, and end-user interactions. Documentation that describes the additional or modified services needed for Wyoming’s Single Sign On system to meet the proposed future state documented in Goal 5. Verification of the technical feasibility of the proposed solution in the form of use cases and proof of concept code. / $117,364.00 / 12/15/15 / Planning
Deliverable 5: Research, solutions assessment, recommendations and presentations.
Performance Measure: Whitepapers comparing industry solutions, design documentation and technical specifications describing the proposed solution – the future state Federated Identity Management Framework for interoperability, risk assessment of proposed new services recommended for EPA systems and partner systems, technical specifications and other E-Enterprise artifacts that will be submitted to the E-Enterprise Architecture Repository, and materials for presentation to the E-Enterprise Leadership Council and the Exchange Network Conference. / $63,720.00 / 4/1/2017 / Planning
Project Closeout
(Internal NMED resources only) / $25,750.00 / 5/30/2017 / Planning
Budget
Comments: Federal funds were awarded via Federal Assistance award #83594501.
Description
/FY16 & Prior
/ FY17 / FY18 / FY19&AfterStaff - Internal
/ 1. Project Manager2. Systems Analyst / $25,750 / $25,750 / 0 / 0
Consulting Services / 1. Systems Integrator
2. Solutions Architect
3. Technical Writer / $116,000 / $213,325 / 0 / 0
Hardware / N/A / 0 / 0 / 0 / 0
Software/Licensing / Conference line, Xerox DocuShare licenses, WebEx account, modeling software / $9,540 / $1,500 / 0 / 0
Staff Travel / Trips to Washington DC, Wyoming, Tennessee, Philadelphia / $10,805 / $15,000 / 0 / 0
Partner states / Compensation to TN & WY for Goals 3 & 4 participation / $27,500 / $27,500
Total / $189,595.00 / $283,075.00 / 0 / 0
IT System Analysis (On this document, or as an attachment, provide a summary description of the technical architecture)
As this project is an analysis and assessment of current technologies, it will not produce technical architectural changes. Any proof of concept will be performed on existing NMED test server systems and will utilize the existing Exchange Network Node service architecture that has been in place and operational since 2006. The NMED test server systems are virtual Linux instances running on the DoIT UCS platform since 2014.Interoperability (Describe If/how this project interfaces with existing systems/Applications)
Interoperability between the grant partner state systems (specifically NM, TN and WY) that collect environmental information from the regulated community to meet EPA regulations and EPA systems that store and publish collected information from state systems will be verified in a test environment. Recommendations to achieve interoperability for production implementations are included as outcomes of this project work.Independent Verification & Validation (Include summary of the latest IV V report)
IV&V approach will be determined during the Planning Phase. One option, preferred by the Lead Agency, is to utilize the mandatory Quality Assurance controls required by the EPA on this project. For details, see Attachment A: EPA Quality Assurance Requirements (Verbatim).Significant Risks and Mitigation Strategy
Risk One:
If individual state solutions are non-compliant with CROMERR and other federal data and authentication and security standards, a federated solution may not be cost-effective and/or usable.Mitigation:
Requiring non-compliant states to come up to required minimal standards before the project can move forward.Risk 2:
If partner states are unable or unwilling to fully disclose their SSO technical specifications and requirements, a complete, valid assessment will not be possible.Mitigation:
The partner state will have to be removed from the project and a new, more cooperative partner state be invited.Risk 3:
An extensible, REST-based solution is optimal. However, some states have not yet adapted the technology. This risks making a federated solution more complex and less efficient.Mitigation:
Additional requirements and specifications will be required to make state solutions using older technologies (e.g., SOAP) compatible. This may require extending the project schedule.Transition to Operations: (Describe agency plan to migrate project solution to production. include agency plans to fund and maintain this project after deployment. )
There will be no transition to operations as this is an analysis and assessment project. Any proof of concept will be performed and remain on existing NMED test server systems (running on virtual Linux instances running on the DoIT UCS platform).
Attachment A: EPA Quality Assurance Requirements (Verbatim)
Within 90 days of the award issuance date, the award recipient must submit a tailored Quality Assurance Reporting Form (QARF) to the EPA Regional Project Officer for approval . The form can be obtained at http://www.epa.gov/exchangenetwork/grants/index.html. This tailored QARF must describe the project’s relevant QA criteria, how the recipient will ensure adherence with the QA criteria , and how the recipient will confirm and document that the project deliverables meet the QA criteria . Specifically, the tailored QARF shall include the following :
a) the QA criteria (with specific references or guidelines ) that relate to each task as described in the project work plan;
b) how the recipient will ensure adherence to the identified QA criteria (and specific references and guidelines) throughout the course of the project (e.g., management approaches, task-specific QA training for staff and/or contractors, periodic QA checks and corrective measures as needed , etc.); and
c) how the recipient will confirm and document that the project deliverables for each task in the work plan adhere to the identified QA criteria (and specific references, and guidelines). For example, an applicant whose project involves the development of an Exchange Network node should verify that the node meets all of the Network Node Specifications and that it passes the relevant operational tests using the Network Node Test Site. See http://www.exchangenetwork.net for more information.
Revision: 6/18/13 Page 8 of 8