Wednesday, March 9, 2016 -
12:00pm to 1:30pm

Location Details: 

Information Technology Dept.
Room 438
4201 Normandy Street North
Bismarck, ND 58503

Meeting Agenda:


Time Topic Presenter

Update on EA Activity

Jeff Quast


Update on ITD Activity

  • Brown Bag Lunch - review
  • Upcoming meetings - SITAC and LITC
  • Proxy rules for Security Standards
  • Contact Us email list
Gary Vetter
1:30 ITD Rate Reductions Greg Hoffman

Service Level Agreements

  • Active Directory SLA and AD Standard
  • Email SLA and mailbox quota
Gary Vetter
1:55 IT Planning Overview Justin Data
2:05 Mobile Phone OWA Dan Sipes
2:15 MFA Budget Planning Dan Sipes
2:25 Future Agenda Items  


Meeting Recap:

Update on EA Activity
  • The Security Architecture team met March 1st and topics included:
    • Proxy rules to block access to EA Security standards
    • Implementation of recently approved changes to the Access Control standard
    • A new Service Level Agreement for Active Directory
    • A possible new directory to address a project at WSI
    • ITD’s plans for a new naming scheme for privileged accounts
    • More details about the topics from this meeting can be found in the Security Architecture meeting recap.
  • Data Architecture met on March 3rd and the main discussion was about the Imaging standard. The meeting recap has more information about the discussion.
  • The Technology Architecture meeting was to be held on March 10th, and the Application Architecture meeting on March 15th.


Update on ITD Activity
  • Gary Vetter gave a brief overview of the Brown Bag Lunch video, ‘The Imminent Revolution in Information Security’, which was presented before the ITCC meeting. All IT Coordinators are welcome to attend the Brown Bag Luncheons, where ITD presents a video once a month from the Gartner annual CIO conference. Bring your own lunch and join us.
  • Upcoming Meetings of interest included SITAC on March 9, 2016 from 3:00 pm to 4:30 pm in ITD room 438, and the Legislative IT Committee on March 10, 2016 from 8:00 am to 4:00 pm in ITD room .438
  • Proxy Rules have been reinstated to block EA Security standards from public access. Users trying to access Security standards will route to page explaining that those standards must be requested by contacting the service desk, or if it is a vendor, by contacting the assigned Procurement Officer. All security standards are available in one document to send to vendors. That document is on the EA SharePoint site and can also be requested by contacting the service desk.
  • A list of agency contacts/email accounts has been developed that includes the email addresses that receive communication from the ‘Contact Us’ application on the NDGOV portal. Agencies should review the list to ensure the proper email address is listed for their agency. The list is available on EA SharePoint under "Documents" and "Other." (Authentication required.)
  • Updates have been made to the Employee Email lookup on the NDGOV Portal, which is now called “Contact a State Employee”. The email address in the ‘From’ field is now the service desk, as opposed to the email address entered by the citizen. The citizen’s email address has been moved into the body of the email. The updates were in response to employees that suspected those emails in the past of being phishing attempts.


ITD Rate Reductions
  • ITD has initiated several rate reductions that were expected to be implemented for the 17-19 biennium. The early implementation of February 1st, 2016 was to help agencies offset the required 4.05% budget cuts in the current biennium. The Rate Reductions are available on ITD’s web site.


Service Level Agreements
  • ITD has developed a new Service Level Agreement (SLA) for Active Directory, which was presented to the ITCC for feedback. One change will be made to the SLA after the ITCC meeting and then the SLA will be published. The SLA focuses on the service details while the standard could now be simplified to only include the actual “policy”. Possible changes to the Active Directory standard and Access Control standard will be reviewed at the April Security Architecture meeting, with the goal of removing those service details that are a better fit for the SLA.
  • Also updated was the Email SLA, which includes the new larger Exchange 2013 mailbox quotas, and a new Account Management section, which includes one item from the Access Control standard.


Statewide IT Plan
  • The IT Planning Process was presented at a high level. That process has been moved to the ITD Project Management Office, which will be sending out a survey soon to request feedback from agencies about the process. Project Managers will be available as ‘planning consultants’ for agencies to utilize, and agencies will be contacted in April to establish a meeting date. The timeline will be similar to past bienniums, with rates being announced in April, agency meetings in May-July, and a plan due date of August 15. Large Project ranking by SITAC will be done in September.


Data Center Outage
  • ITD presented some details and lessons learned regarding the February 24th data center outage. Although it was not a security event, technical details about the outage and recovery efforts will not be included in this recap for security purposes. Communication options were discussed, including a reminder that Twitter was being used and is used when conventional communication channels are not available. ITD also used Assurance NM to communicate to ITD employees, but has not used it to contact agency coordinators. ITD will continue to evaluate communication tools and options to better inform agencies of problems going forward.


Mobile Phone OWA
  • The update to Exchange 2013 has resulted in all existing accounts having the OWA for Devices access enabled, while newly created accounts have the OWA setting disabled. OWA for Devices is used to connect with mobile devices that have an OWA email application installed instead of using the native email client that connects using ActiveSync. ITD is considering disabling OWA on the existing accounts to be consistent with how ActiveSync is managed, which would then require a WMS request to enable OWA.


MFA Budget Planning
  • ITD is seeing indications of possible increased need for Multi Factor Authentication (MFA) next biennium, mostly driven by increased Federal regulations. Agencies should be evaluating their security requirements and if MFA looks likely, incorporating those expectations into the 17-19 budget cycle. MFA for public customers will likely be SMS messages to a mobile device. Application level MFA is much more complex, and would probably require an API, so agencies should contact ITD about application level MFA as soon as a need have been identified.


Open Discussion/New Topics
  • ITD has hired Sean Wiese as the Chief Information Security Officer. Mr. Wiese will be begin at ITD on March 23rd.
PDF icon ITCC-20160309-Presentation