Tuesday, February 9, 2016 -
1:00pm to 2:30pm

Location Details: 

Information Technology Dept.
Room 208V
4201 Normandy Street North
Bismarck, ND 58503

Agenda:

  • News and Updates
  • Public Online Services User Authentication standard
  • Survey Results
  • Application Development Tools standard
  • Open Discussion

Recap:

News and Updates
  • Microsoft recently announced that SharePoint Foundation will not be an option when version 2016 is released. ITD intends to keep the current 2013 Foundation platform running through the 2017-19 biennium if it remains supported, but agencies should be planning for rate increases and migration to SharePoint Enterprise in the future.
  • Surveys for updates to the Web Development standard and Web Development Best Practices, and a recommendation to rescind the Methodology Standard, will be posted once the Security surveys are completed.

 

Public On-Line Services User Authentication (State Login ID) - Survey Results
  • The group discussed the survey results from the recently approved DPI Waiver for the State Login ID. About one third of survey responses found the standard to be Very Important, and half found it to be Somewhat Important. These results did not support the idea of rescinding the standard as was being recommended by Application Architecture during previous reviews. The group therefore discussed the features and limitations of the current solution again.
    • Features include:
      • Without the standard we would have a large number of different account management solutions stored in non-encrypted in databases.
      • Improvements have been made in recent years, like the ability to lock accounts after a certain number of successive failed login attempts.
      • ITD is working on adding Texting as an option for password reset verification
    • Limitations include:
      • Does not support agency-specific or application-specific security levels.
      • The only security option is to default an account to the highest security requirements needed by an application.
      • Applications require some custom work to use the State Login ID front end.
  • The initial draft of Public Access standard was also reviewed, which was drafted by Security Architecture to address requirements for public facing authentication if the State Login ID was rescinded. Several suggestions will be relayed back to Security Architecture for consideration
 
Application Development Tools standard
  • After previous reviews and discussions, the group intended to work on Best Practices or Guidance to replace the standard, including “Points to Consider” when evaluating tools or platforms. After a further review, the group will recommend rescinding the standard and not replacing it with Best Practices or Guidance, feeling instead that the procurement process provides adequate opportunities to review and evaluate tools and platforms.