Federal Student Aid Chief Information Officer Library

Welcome to the Federal Student Aid Chief Information Officer (CIO) Library. The documents presented here offer an overview of the organization's goals, targets, and current operations, and focus on the use of information technology within Federal Student Aid. The CIO Library is made public to serve as a resource for those who would like to do business with Federal Student Aid. Selected documents, however, do not encompass all of the documentation necessary to perform work for Federal Student Aid.

The library includes material in three broad categories:

General and Federal Guidelines

This section of the CIO library highlights select laws, regulations, standards and guidelines applicable to Federal Student Aid. Go to this section of the library.

U.S. Department of Education Directives

The Department issues handbooks and directives that identify security policies and procedures contractors doing business with the Department must comply with. Go to this section of the library.

Federal Student Aid Specific Resources

This section of the library contains material that uniquely applies to Federal Student Aid, including Enterprise, Target State Vision and Technical documentation. These resources go through regular reviews, and new versions are released periodically. While relatively current, the material presented here may therefore not fully reflect the most up to date Federal Student Aid standards, targets, procedures and guidelines. Go to this section of the library.

General and Federal Guidelines

Important Legislative Drivers

• Clinger-Cohen Act (The Information Technology Management Reform Act of 1996) - Amends/Reforms acquisition laws and information technology management of the Federal Government.
• E-Government Act of 2002 - An act to enhance the management and promotion of electronic government services and processes by using Internet-based information technology.
• Electronic Signatures in Global and National Commerce Act
• Federal Information Security Act (FISMA) of 2002 - A section of the E-Government Act of 2002 focusing on the Security needs to implement the legislations.
• Government Paperwork Elimination Act of 1998 (GPEA) - Further mandates the reduction of paperwork in agencies within the Federal Government.
• The National Institute of Standards and Technology's Computer Security Resource Center maintains a list of legislative and regulatory drivers directly pertinent to computer and information security.
• Section 508 of the Rehabilitation Act: Electronic and Information Technology Accessibility Standards - Section 508 of the Rehabilitation Act requires access to electronic and information technology procured by Federal agencies. The Access Board developed accessibility standards for the various technologies covered by the law.
• 1998 Amendments to the Higher Education Act of 1965 - Establishes Federal Student Aid as a Performance Based Organization (PBO) and outlines the purposes of a PBO.

Back to top

National Institute of Standards and Technology Resources

The National Institute of Standards and Technology (NIST) is a non-regulatory federal agency within the U.S. Department of Commerce. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. The NIST website offers many valuable resources.

NIST's work in the area of information security is of particular interest and relevance to the work of Federal Student Aid. The Federal Information Security Management Act of 2002 (FISMA) charged NIST with developing and issuing standards, guidelines, and other publications to assist federal agencies in implementing the Federal Information Security Management Act (FISMA) of 2002 and in managing cost-effective programs to protect their information and information systems.

The United States Congress, and Office of Management and Budget (OMB) have instituted laws, regulations, and directives that govern creation and implementation of federal information security practices. These laws and regulations place responsibility and accountability for information security at all levels within federal agencies, from the agency head to system users. These laws, regulations, standards, and guidance:

• Establish agency-level responsibilities for information security;
• Define key information security roles and responsibilities;
• Establish a minimum set of controls in information security programs;
• Specify compliance reporting rules and procedures; and
• Provide other essential requirements and guidance

NIST's Computer Security Resource Center offers extensive resources on the subject matter. Of particular note within the site are:

• A list of legislative and regulatory drivers;
• Special Publications ;
• Federal Information Processing Standards (FIPS) Publications; and
• Multiple resources on Security Management and Assistance

We call the reader's attention to the following NIST Special Publications and FIPS Publications:

• NIST-SP 800-12 – An Introduction to Computer Security –The NIST Handbook.
• NIST-SP 800-18 – Guide for Developing Security Plans for Federal Information Systems Revision.
• NIST-SP 800-30 – Risk Management Guide for Information Technology System 2002.
• NIST-SP 800-34 – Contingency Planning Procedures for Information Technology Systems, June 2002.
• NIST-SP 800-53 – Recommended Security Controls for Federal Information Systems.
• NIST-SP 800-53A – Guide for Assessing the Security Controls in Federal Information Systems.
• NIST-SP 800-60 – Guide for Mapping Types of Information and Information Systems to Security Categories.
• NIST-SP 800-64 – Security Considerations in the Information System Development Life Cycle.
• NIST-SP 800-65 – Integrating IT Security into the Capital Planning and Investment Control Process.
• NIST-SP 800-100 – Informs members of information security management team about various aspects of information security programs across the federal government.
• NIST-FIPS 199 – Standards for Security Categorization of Federal Information and Information Systems.
• NIST FIPS 200 – Minimum Security Requirements for Federal Information and Information Systems.

Back to top

Office of Management and Budget Resources

The U.S. Office of Management and Budget's (OMB) predominant mission is to assist the President in overseeing the preparation of the federal budget and to supervise its administration in Executive Branch agencies. Among other responsibilities, OMB oversees and coordinates the Administration's procurement, financial management, information, and regulatory policies. The OMB Web site offers a significant number of resources regarding information technology in the Executive Branch. We call the reader's attention to the following OMB resources:

• Financial Management Systems – Laws, regulations, guidance and various resources regarding the management of financial management systems in the Federal Government.
• Information Policy, E-Gov and IT – Laws, regulations and other guidance regarding several IT policies in the Federal Government.
• E-Government Initiatives – Information regarding the Federal Enterprise Architecture and Executive Branch initiatives.
• OMB Circulars – Instructions or information issued by OMB to Federal agencies. These are expected to have a continuing effect of two years or more. For example, see:
  • OMB Circular A-123 – Management's Responsibility for Internal Control Systems.
  • OMB Circular A-130 – Management of Federal Information Resources.
• OMB Memoranda – Instructions or information issued by OMB to Federal agencies.

U.S. Department of Education Directives

Administrative Communications System Directives

Security requirements for contractors doing business with the Department of Education.

OMB's Budget Exhibit 300

A list of the Department of Education's OMB Budget Exhibit 300.

Federal Student Aid Resources

The following documents have been made public to serve as a resource to those who would like to do business with Federal Student Aid to provide background knowledge of the goals, targets, and current operations of the organizations. These documents are meant to provide information, and do not encompass all of the necessary documentation to perform work for Federal Student Aid.

Application Architectural Model

This document presents an Architectural Model that documents and communicates Federal Student Aid's architectural vision. There are number of architecture models each covering a particular solution domain (i.e., architectural area). This document specifically addresses application architecture, which provides insight into Federal Student Aid's vision for building business applications.

Business Technology Integration Group Vision Framework

The Business Technology Integration Group Vision Framework outlines FSA strategic objectives, core business outcomes, and aligns them with the tactical objectives of the organization.

Enterprise Data Management Resources

Provides readers with a context and history for Enterprise Data Management at Federal Student Aid and educates them on current and planned data management initiatives. We call the reader's attention to the following Enterprise Data Management resources:

• Enterprise Data Management Concept of Operations (ConOps)
• Data Migration Roadmap: A Best Practice Summary
• Data Model Standards and Guidelines, Registration Policies and Procedures
• Data Standardization Policies and Procedures
• Enterprise Data Management Data Governance Plan
• Enterprise Conceptual Data Model (ECDM)
• Enterprise Data Management Data Policies
• Enterprise Data Dictionary Standards
• Federal Student Aid – ECDM – Business Information
• PESC Guidelines for XML Architecture and Data Modeling

Enterprise Operational Change Management Plan

The Enterprise Operational Change Management Plan defines Federal Student Aid’s operational change management concepts related to enterprise events, configuration and release managements.

Enterprise Testing Standards Handbook

Provides standards and guidance to Federal Student Aid employees and contractors regarding effective test planning, repeatable test processes, standardized templates, defect management and other tools that will help make test efforts better planned, executed and monitored.

Independent Verification and Validation Handbook

This document outlines in detail, Federal Student Aid’s IV and V practices from the Life Cycle Management, to the "best practices" adopted by the organization in Independent Verification and Validation. The document includes an introduction to metrics collection and reporting methodologies.

Portal Architecture Model

This document specifically addresses portal architecture, which assist in providing insight into Federal Student Aid's vision for developing and deploying portal applications.

Post Implementation Review (PIR) Process Description

Guidelines and common procedures that define the objectives, activities, and documentation required to perform a Post Implementation Review (PIR) on a project.

Production Readiness Review (PRR) Process

The Production Readiness Review (PRR) serves as the final, formal, and documented decision point before a new application or a significant release of an existing application enters Federal Student Aid's production environment and is exposed to end-users.

Strategic Planning, Performance and Reporting

The Federal Student Aid Five-Year Plan and Annual Performance Plan are available on this section of the Web Gateway.

Target State Matrix

Provides a chart of the enterprise business functions defined by the Target State Vision.

Target State Vision

Defines a high-level contractor methodology for portal application development services, hardware and software infrastructure support, and any other portal-related resources and services.

Technology Standards and Products Guide

The Federal Student Aid Technology Standards and Products Guide describes the Federal Student Aid enterprise-wide architecture standards.

To-Be Enterprise Business Function Narratives

Provides guidance to Federal Student Aid employees and contractors regarding the creation and maintenance of enterprise roles, access controls, and audit logging implementations.

Virtual Data Center Concept of Operations

The VDC Concept of Operations provides a description of the strategies for implementing changes in the data center operations and services for Federal Student Aid. These strategies are based on an IT industry approach to developing solutions based on people, processes, tools, and technologies. CIO is implementing a resource plan to obtain the skills and resources to support future operations of the data center.

Work Products Guide

The Work Products Guide (WPG) serves as a tool that provides guidance to the Federal Student Aid project managers and vendors in the decision-making process for deliverables, during the project lifecycle from initiation through retirement.

Note: The WPG is provided as a 34MB ZIP file. After downloading, please extract the entire ZIP file and open the "WPG4.3.doc" document. Extracting the entire ZIP will allow the links within the document to work correctly.