GAO Audit Corrective Active Plan (CAP)/POAM Due 6/21

[MichaelSides]

Assist Lenia Cash/A0 with submitting a CAP/POAM, submitted through senior leadership, back to GAO on M-21-31 compliance NLT June 28.

Internal suspense for routing is NLT June 21.

[MichaelSides]

On Tap for this week (5/20-5/24):

• TTS CAP Sync with OCISO Project Plan. Scheduled 5/23, however LaKeisha would like it moved up to today or tomorrow. Reached out to Ben Peters, awaiting availability.
• Lenia Cash to schedule Discovery sessions with each TTS system
• Cloud.gov doesn't have avail until June.....
• So pivoting to guidance from LaKeisha: contact Jenn B from Login.gov, Russell from Data.gov, and Dawn/Jim from Search.gov to learn where these programs are with their logging. I understand USA.gov is on the Cloud.gov Platform but they should still be tracking their own app logs.
• Mike Sides to schedule sync session with OCISO SOC and invite ISSM.
  - [ ] Leverage discovery work/information already accomplished by OCISO and align the TTS CAP to it.
• Audit POC Neichole Linhorst provided recommendations and comments on the draft CAP. Lenia and Mike to review and adjudicate 5/20 afternoon.

[MichaelSides]

Meeting occurred with OCISO on 5/23/24 and TTS Tech Ops will be standing down on the "Leverage discovery work/information already accomplished by OCISO and align the TTS CAP to it." tasking until senior leadership makes a decision on SOCaaS path.

From Mukunda to all TTS Directors:
"I got a chance to speak with Ann about the SOCaaS proposal, our evaluation thus far, and where some concerns remain. Ann will be taking the lead on crafting a response to GSA IT and CISO with a summary of our evaluation of the SOC proposal, requirements for TTS's participation, and how that will need to work financially.

Ann has reached out to some of you for additional info. My thanks to you for the support here.

For the rest, there is no action for you. I deeply appreciate your input thus far.

LaKeisha, Lenia, Mike Sides, and I met with Bo and his team yesterday. We shared the plans above. Should you receive any questions from GSA IT or CISO about this, please direct them to me."

[MichaelSides]

Week of 5/28/24:

• Initial/high level discovery sessions with the TTS systems
• Planning for an alternate TTS CAP/POAM path (plan B/worst case), if coordination is not possible with OCISO. This
  would leave TTS to craft the CAP response independently in these situations:
  1. Lack of decision from senior leadership giving enough time to coordinate with OCISO, -or-
  2. Lack of agreement with OCISO on a TTS proposal altogether

[MichaelSides]

Met with Search.gov POC's. Dawn, Jim and Russell.

Search.gov provided the following tracking spreadsheet from the National Science Foundation:

https://drive.google.com/file/d/12MF2ZwFYl2nHFnUHt9_4Qf-oKePKfhGO/view

Search will be updating this within the next two/three weeks.

We will be repurposing it to capture the internal TTS system compliance specifics, with ECD's.

BLUF: They believe they are EL1/tier 1 compliant and many of the EL2/EL3 requirements are N/A. Inheritance needs to be fleshed out.

Meeting Notes: https://docs.google.com/document/d/15YWMYQpxD8moao88Gzo202rJXnZ4GtAcpRSbyBWRCJc/edit

[MichaelSides]

Repurposing NSF spreadsheet provided by Search.gov: OMB M-21-31 status sanitized v01 20231002 working copy

[MichaelSides]

Week of 6/3/24:

Tracking discovery meetings in #1555