Information Sharing Environment
2008 Performance Goals & Measures
2008 Performance Goals & Measures
INFORMATION SHARING MANDATES

IRTPA

Executive Orders

Presidential Guidance

National Strategy for Information Sharing

Implementation Plan Vision and Goals

ISE MEASUREMENT FRAMEWORK
Creating a Culture of Sharing

Develop a set of shared values that change behavior of ISE participants through established training programs, trained personnel, incentive programs, and privacy protections among ISE participants.

Training
Incentives
Privacy
Personnel Appraisals
Reducing Barriers to Sharing

Establish interoperability that facilitates sharing through a common ISE IT security framework, to include approved ISE-wide Information Assurance (IA) solutions, government-wide physical and personnel security practices, and as a CUI framework

ISE Shared Spaces
CUI
Security
Improving Sharing Practices

Establish a set of activities and strategic approaches to facilitate sharing among all levels of government, private sector, and foreign partners.

ITACG
ISE SAR
Foreign Partners
Fusion Centers
Private Sector
Institutionalizing Sharing

Establish capabilities that allow ISE participants to create and use quality terrorism information by improving business processes, developing a common enterprise architecture framework, refining common standards, and instituting effective resource management for government-wide programs.

CTISS
Governance

Creating a Culture:

  • Training - In addition to the ISE Core Awareness Training released July 2008, ISE participants are required to develop tailored training programs that achieve specific, related, learning objectives.1 One-third of the agencies surveyed in the fall indicated that they had established and completed some form of training to increase information sharing awareness. This number increased to 47% in the spring assessment and is expected to increase with the recent publication of the ISE Awareness Training Course.

  • Incentives - Several agencies provided actual examples of how they use incentives to promote information sharing including personnel recognition, cash awards, and other rewards. The overall response of agencies using information sharing incentives grew from 40% last fall to 73% in this spring's performance assessment.

  • Privacy - Fall baseline data revealed that 47% of agencies had established privacy policies that complied with the ISE privacy guidelines, a number that increased to 60% in the spring assessment. ISE agencies' adoption of the ISE Privacy and Civil Liberties Implementation Guide, released in September 2007, is expected to gradually (but significantly) increase the number of privacy-compliant agencies.

  • Personnel Appraisals - Last fall, ISE agencies' self-reported data revealed that 27% of ISC member agencies have taken initial steps to ensure accountability for information sharing via performance appraisals. The number grew to 47% this spring, with several agencies requesting coordination with the Office of Personnel Management (OPM) to insert information sharing into their performance appraisals. Additional agencies also reported a desire to use ISE-wide training to determine the elements needed to evaluate personnel performance in terrorism-related information sharing.

    Reducing Barriers:

  • Disincentives - In the fall assessment, 53% of agencies were able to identify steps they took to remove information sharing disincentives in the areas of document dissemination (e.g., reduced use of originator controls), writing for release, and policies for sharing between internal departments. This number increased to 73% for the spring assessment.

  • Shared Spaces - The ISE Profile and Architecture Implementation Strategy (PAIS) provides the official standard necessary to implement ISE shared spaces was published in May 2008. After close coordination with agency Chief Information Officers (CIOs), enterprise architects, and Office of Management and Budget (OMB) officials, the fall baseline response of 13% of agencies having implemented shared spaces grew to 33% in the spring.

  • CUI Framework - As noted earlier, a policy framework has been established and released by the President for standardizing SBU (now termed CUI) information. Because the CUI framework was only recently approved (May 2008), the PM-ISE was not able to collect performance data.

  • Physical and Personnel Security Practices - The ISE has begun to coordinate and collaborate on security policies across the five ISE communities. The PM-ISE did not collect performance data on this topic; however, it intends to focus efforts on this area in the future.

    Improving Sharing Practices:

  • ITACG - The Interagency Threat Assessment and Coordination Group (ITACG) has achieved 75% of its initial operating capability, specifically in the areas of staffing, establishing standard procedures, and integrating operations with the National Counterterrorism Center (NCTC). Further information on the ITACG can be found in a separate Report to Congress.

  • Suspicious Activity Reporting (SAR) Processes - Roughly half (53%) of agencies reported having a Suspicious Activity Reporting (SAR) process in place. While the data made it clear that SAR processes are generally not yet standard across the ISE, the percentage of agencies that reported having a SAR process in place increased to 73% in the spring assessment.

  • Sharing with Foreign Partners - The Foreign Government Information Sharing Working Group developed a checklist of issues for agencies to consider when negotiating terrorism-related information sharing agreements with foreign partners, including privacy protections and possible review procedures. Released this spring, the checklist was recommended but not mandatory. As part of the spring 2008 measurement findings, 13% of ISC member agencies reported having adopted the checklist in Department-wide processes.

  • State and Major Urban Area Fusion Centers - Both DOJ and DHS are able to document Federal activities completed in support of establishing and maintaining a baseline level of capability for fusion centers, including providing training and connectivity, and attempting to tie baseline capabilities to the grants process.

  • Sharing with the Private Sector - Sharing with the private sector is called for in the NSIS and remains a priority for the ISE. Though no performance data were collected at this time, efforts such as the FBI's InfraGard Program which shares information with private sector infrastructure security officials through a homepage on the LEO network, reflect progress achieved in sharing information with the private sector.

    Institutionalizing Sharing:

  • CTISS -In part because of their participation in developing the ISE-SAR Functional Standard, the first Common Information Sharing Standards (CTISS) program issuance, 33% of agencies reported adoption of the CTISS Program. The number of agencies adopting the CTISS Program increased to 47% after the January 2008 release of the ISE-SAR Functional Standard, and several agencies were also adopting Agency-wide standards processes. In addition, agencies cited the NIEM and Federal Enterprise Architecture (FEA) Standards as examples of where they are working across the ISE to align technologies to facilitate information access and exchange.

  • Governance - As a means to facilitate information sharing within their own agencies and across the environment, a full 93% of agencies reported having established their own information sharing governance bodies in the spring assessment. This is an increase from the 73% of agencies that reported having established governance bodies last fall. This measure is a positive indicator of ISE members taking steps to ensure that information sharing is appropriately addressed within their agencies.

Visit us at http://www.ise.gov