US Army FDM Application

Application Name: US Army Financial Disclosure Management Information Application
Funded by: The Office of Judge Advocate General (JAG)[1], Virginia
Developers: US Army[2], Communications Electronics Command (CE-COM)[3], Software Engineering Center (SEC)[4], Fort Monmouth, NJ


Legal Background

In 1978, the Ethics in Government Act (EIGA)[5] established a comprehensive code of ethics for federal officials in the entire government. EIGA mandates government officers to file public financial disclosure statements (SF 278)[6] in order to make it possible to identify conflicts of interest. The law requires public disclosure in such detail to give the public enough information to make an informed judgment about an official’s compliance with the ethics laws.

In the US Army, regular and reserve military officers whose pay is O-7 and above, including the Brigadier General, Major General, Lieutenant General, and General, have to file SF278 forms in conjunction with the ethics law, within 30 days of assuming their position.[7]

Problem

The Office of the Judge Advocate General in Virginia (JAG[8]) provides legal assistance to Army personnel worldwide. In conjunction with the SF278 forms, they sought an application that would simplify the filing process for use by their clients, senior level Army management worldwide, while utilizing digital signature technology to provide access by the appropriate people. Typically, the process involves filling out the paperwork manually or electronically, sending the form to the Office of Government Ethics (OGE), having the information approved, and posted on public records. A report is not considered "filed" until it is received in the designated office.[9] This process can be long and arduous, especially when users want to access the information or need to file within the 30 days of assuming their position.

The problem was addressed to the Software Engineering Center (SEC) to develop an application to handle their needs and provide a secure method of using the digital signature technology (PKIs) for their users.

Solution

Purpose of Application: to electronically send SF278 forms to appropriate users on a secure program

The Software Engineering Center (SEC), headed by Steven Weiner, developed the Financial Disclosure Management Information Application, launching the production version on 3/31/05. The purpose of the application is to allow appropriate users the ability to enter and access financial information using a secure electronic method that verifies user certificates. The application simplifies the process of filing the SF278 form, eliminating the long process of filling, mailing, and approving forms, which can take up to several weeks to process while crossing many unnecessary channels.

This new Financial Disclosure Management Application uses the Infomosaic SecureXML Java Applet for accessing Common Access Card (CAC) or Smart Card based PKI certificates to create cryptographically secure W3C standard compliant XML signatures. This system uses a J2EE Application Server along with the Infomosaic SecureXML Signature on the server side for signature digest calculation, certificate validation and signature verification. The application uses the SecureXML Java Applet on the client side for access to user certificate and private key for digest encryption, an integral part of digital signing. The number of users of this system is expected to be approximately 40,000.

The Infomosaic SecureXML Java Applet provides seamless integration with ActivCard Gold and Litronic NetSign CAC middleware for CAC demographic data access in addition to private key access for signing, from both Microsoft Internet Explorer and Mozilla Firefox browsers. It works with both the Sun as well as the Microsoft Java Virtual Machines when using Internet Explorer for document signing. The Infomosaic SecureXML Java Applet requires zero client side installation and setup allowing the US Army to effortlessly deploy the Defense Financial Disclosure Management System world-wide to the Army personnel already in the field.

Summary of Benefits

The foreseen benefits include efficiency in filing process, reduction in paper/mailing costs, and convenience for all users.

Speeds up filing process for officers who need to meet their deadline of 30 days to fill out the form, helps them to avoid late fines, etc.

Process can be done entirely online, where officers can fill out the form online, and have it electronically sent and verified by all necessary individuals.

[1] JAG site
[2] US ARMY, Fort Monmouth Site
[3] http://www.monmouth.army.mil/CELCMC/
[4] SEC website
[5] EIGA site
[6] SF278 form
[7] National Institutes of Health Ethics Program
[8] The Judge Advocate General
[9] US Dept of Health & Human Services Site

Government Paper Work Reduction Act

Case 1: The OCSE State Plans System
Funded by: Office of Child Support Enforcement[1] (OCSE), Administration for Children & Families[2] (ACF), The U.S. Department of Health & Human Services (HHS)

Background Information

The Administration for Children and Families (ACF), within the Department of Health and Human Services (HHS), is responsible for federal programs that promote the economic and social well being of families, children, individuals, and communities.[3]

History

In health care, the use of electronic systems lags far behind the computerization of information in other sectors of the economy. To help bring health care into the information age, in 2004, President Bush established the role of a National Coordinator for Health Information Technology.[4] At President Bush's direction, HHS created the new position of National Health Information Technology Coordinator.[5] The coordinator's office provides national leadership to support efforts across government and in the private sector to develop the standards and infrastructure to support more effective use of information technology to promote higher quality care and reduce health care costs.

HHS Agency for Healthcare Research and Quality (AHRQ) plans to spend a projected $50 million on research and demonstration projects to highlight how health information technology can improve the quality of care and patient safety in the year 2005. This includes grants to support state and regional demonstrations and to support information technology projects in small hospitals and rural communities, as well as funding to create a Health Information Technology Resource Center to provide technical assistance, expert health information technology support, educational services and other services to HHS grantees and state and local officials.[6]

Problem

The Office of Child Support Enforcement (OCSE) was selected to take a lead role in support of the Department of Health and Human Services' activities to build electronic technology systems to communicate with states on a secure, electronic basis. This included a pilot exploration of digital signatures.

The pilot project uses the approach known as Public Key Infrastructure (PKI). PKI uses a combination of technology, policies, and procedures to provide confidentiality, integrity, and authentication for electronic communications. Through the use of digital signatures and encryption, PKI provides a high degree of security in information exchange. Because the Office of Child Support Enforcement has automated some aspects of state plan information using a Web form interface, the automation project was chosen for the PKI demonstration.

Currently, the OCSE State Plan system allows state representatives to submit plans for approval by the governor and ACF Regional Office representative. The process begins with the state representative sending a state plan to the governor for approval. The governor reviews and signs the plan and forwards it to the appropriate ACF regional office. The ACF regional office representative verifies the governor’s approval and ensures that the plan complies with state policies, regulations and legislations. The ACF regional office then sends the plan to OCSE where the plan is archived and retrieved as necessary to research and resolve issues related to the state plans. This process for state planning amendments could take potentially up to several months and can cross many unnecessary hands.

Solution: Application Project by OCSE

Purpose of Application: To add digital signatures of State and Federal officials for state plan amendment submittal.

The new State Plans System has been designed and developed for state CSE staff to prepare state plans by inputing, updating, and validating data for regional offices to verify and approve. It allows the OCSE staff to acknowledge the submission of state plans, to analyze the data, and to prepare reports for the OCSE management as well as the annual report to Congress. In addition, the system has been designed to promote and to strengthen the communication and collaboration among states, regional offices, and the OCSE. These functions are essential for state plans data to be accurate, and for state plans submission to be on time.

The newly developed application has added digital signature capability to the existing electronic transmission capability for submittal and approval of state plan amendments. This has made the process of verifying and approving state plans efficient, effective, and secure. Please note that the actual deployment of the new system is currently in a pilot stage and only a handful of states are currently participating in the pilot. This new application will be made available to all fifty states in a few months time.

How Infomosaic's product helped in developing application

The OCSE State Plans System has been operational for many years, being recognized as a very efficient tool for State Plan data collection and analysis. However, due to the lack of the appropriate technology that supports the digital signature, the system was not able to meet the legal requirement of the governor approval and signature.

Under the HHS PKI initiative, Infomosaic’s PKI product, SecureXML Digital Signature, was introduced and integrated within the State Plan System to support the Governor’s, the State Representative’s, and the Regional Officer’s digital signatures. When this PKI-enabled State Plan System is complete, it will eliminate a very large amount of paperwork for state, regional, and central offices nationwide.

Anticipated Benefits

PKI will reduce time and costs and provide a secure medium for electronic communications. The PKI approach is designed to work with all levels of PKI certification where most, if not all, states will participate in this pilot program in the future. Potentially, there will be a minimum of two users for each state and US territory, two users for each of the 10 HHS regional offices, and 10 for the OCSE central office that will be utilizing this application. ACF expects that the findings will serve as models for use across HHS to enhance government-to-government secure communications. Since the models that ACF develops should be readily adapted to other plan approval processes and to other HHS business processes, ACF anti­cipates that HHS may showcase and subsequently implement this technology on a broader scale.[7]
For state plan amendments, paperwork will be drastically reduced to the minimum, while time saving would help government workers to do more in less time. Other cost saving for OCSE includes postage and handling, and for some areas, multiple trips to the Post Office.

Future Plans

If this pilot application is successful, ACF foresees other potential Federal programs piloting PKI technology with their state plans. When ultimately finalized, states will no longer be required to submit state plans in writing, and ultimately can evolve into a system of all-electronic documents.

[1] <http://www.acf.hhs.gov/programs/cse/index.html>
[2] <http://www.acf.hhs.gov/>
[3] <http://www.acf.hhs.gov/acf_about.html#mission>
[4] Text Excepted from: <http://www.cdc.gov/od/oc/media/pressrel/r050315.htm>
[5] http://www.os.dhhs.gov/healthit/mission.html
[6] Text Excerpted from: <http://www.hhs.gov/news/press/2004pres/20040427a.html>
[7] <http://www.acf.hhs.gov/programs/cse/pol/DCL/2004/dcl-04-20.htm>