Having the right people with the right skills is critical to ensuring the CFTC receives the best value for the 35-45 percent of appropriated dollars it spends each year for goods and services. A highly qualified team of contracting officers has been hired, and over the last two years they began renegotiating our largest contracts and leases for lower prices, engaged in strategic sourcing to procure a total technology infrastructure replacement, and sought to gain other efficiencies through the use of performance contracts.
Program staff, contracting officer technical representatives (COTRs), continue to struggle with clearly defining acquisition requirements. Improvements can be made in overseeing an ever increasing blended workforce entrusted with implementing Federal financial regulatory reform. CFTC has established policies and procedures for effective management and training of our acquisition workforce. However, more work needs to done to ensure that contracting officer’s technical representatives have the necessary skills to effectively monitor contractor performance, and ensure that requirements are met, especially when the scale, scope, and complexity of our contracts for services have grown substantially.
With the addition of a fifth Contract Specialist to the CFTC Procurement team in the last quarter of FY 2009, the CFTC Procurement team has been able to meet the exceptional workloads occasioned by the Commission’s need to house and otherwise support its rapidly expanding headcount. With the Supervisory Contract Specialist reporting directly to the Chief Financial Officer, the Commission has met its goals to plan and manage both immediate and strategic efforts to support the agency mission with a sound, effective procurement program. The Procurement team has both seasoned senior staff and employees at the mid-career level. The Commission plans to add one acquisition professional during FY 2012.
The CFTC is continuing General Support System (GSS) infrastructure technology refreshment and consolidation that was begun in FY 2009 as a result of increased appropriations provided based on the recognition that the futures industry was rapidly transitioning from physical, localized trading venues with moderate trading volumes to electronic, global, inter-connected venues with significantly higher trading volume, products, product complexity, number of participants, and data volume.
CFTC goals for server room consolidation, relocation, and migration to infrastructure as a service (Iaas), platform as a service (PaaS), and software as a service (SaaS) are aligned with the agency strategic goal to provide a modern and secure information system that reflects the strategic priorities of the Commission. Our objectives within that goal are to:
From the outset, this refreshment and consolidation has focused on server virtualization, centralized storage, and reducing server-room footprint in regional offices (Chicago, Kansas City, and New York). We have also adopted an evolutionary approach to address change management and information security risks, with basic prioritization being 1) address critical need by upgrading the headquarters server room and communications infrastructure; 2) improve disaster recovery time and recovery point performance by supplementing the headquarters server room with a hot site; and 3) leveraging infrastructure as a service (IaaS) maturity gained through hot site implementation and platform as a service (PaaS) maturity gained through outsourcing Web site hosting to transfer all core computing offsite with an optimum set of IaaS, Paas, and SaaS.
We have ostensibly completed virtualization and storage centralization. We are establishing a hot site for the headquarters server room and implementing full-function, scalable offsite PaaS for Web site and Web services in FY 2011. In FY 2011 and FY 2012 we will plan and architect our migration to offsite IaaS/PaaS/SaaS. We plan to begin migration in FY 2012.
We have adopted this approach to mitigate information security and change management risks.
In order to effectively manage a significantly increased number of IT projects, the CFTC has developed and implemented a Project Management Life Cycle (PMLC) program. The PMLC requires the use of a document management and collaboration Web site for each major project where project initiation, planning, requirements, design and development, implementation, operations and maintenance, and retirement phase documents and resources are maintained. Metrics are maintained and risk is managed for each project and is planned to be reported on an executive management site to provide ongoing review and monitoring of schedule and risk. Currently the Commission has no high risk IT projects.
The CFTC has decided on the ‘Twenty Critical Controls for Effective Cyber Defense: Consensus Audit’ (Version 2.1: August 10, 2009) as the target state for our General Support System (the CFTC Network) automated control set.
The ‘Twenty Critical Controls for Effective Cyber Defense: Consensus Audit’ (Version 2.1: August 10, 2009), http://www.sans.org/critical-security-controls/, are a subset of NIST Special Publication 800-53 Revision 3 Controls. The automation of these Top 20 Controls will lower the cost of security while improving its effectiveness.
Though some of the recommended 146 sub-controls have already been implemented, manually implemented, or partially implemented for the CFTC Network, the Commission is currently developing a detailed project plan for full automated implementation. That implementation will include addressing continuous monitoring requirements as well as alignment with the Federal Enterprise Architecture Security and Privacy Profile v3.0 (FEA-SPP v3.0).
Per the July 15, 2010, memorandum from Director Berry of the U.S. Office of Personnel Management (OPM), this overview summarizes the ongoing CFTC Employee Engagement initiatives.
The following summary results of the all-employee CFTC Employee Viewpoint Survey of 2010 demonstrate the very considerable success of agency efforts to date to improve employee engagement and satisfaction with the CFTC workplace:
These improvements result in part from the steps taken over the past year under the Action Plan of September 2009:
Based on the 2010 Employee Viewpoint Survey results, CFTC will continue agency efforts affecting all aspects of the work environment, but with special emphasis on these two major objectives:
The CFTC Office of Human Resources has lead responsibility for this action plan, which it will share with its OPM Human Capital Officer and with our employees, starting with the CFTC Web site posting of the complete 2010 survey results that includes year-over-year trends and detailed analysis.
Per OPM’s July 15, 2010, guidance on wellness submissions, the request to submit a wellness implementation plan, complete the WellCheck online tool, and respond to the questionnaire does not apply to our agency because we are not a CHCO designated agency. CFTC does, however, consider worksite wellness to be a vital piece of our worklife plan and promotes healthy lifestyles for our employees by providing access to health services, an Employee Assistance Program, onsite fitness facilities, healthy choices in the vending machines, and a telework program. In FY 2011, we will continue to evaluate our worksite wellness programs in order to develop initiatives to encourage health living among our employees.