DOJ’s New IT Strategic Plan

The Department of Justice (DOJ) has a new set of IT laws to abide by now. DOJ recently updated its IT Strategic Plan for 2022-2024 to propel the department and its bureau components forward in all things information technology. The plan seems to check off all the boxes, covering service delivery and cybersecurity, as well as IT management and financial responsibility. According to the forward note by CIO, Melinda Rogers, the purpose of the plan is to, “Identify opportunities for technology to improve processes, explore new capabilities, support workforce needs, and scale solutions to keep the Department at the forefront of technology, information management, and service delivery.”

The strategy is centered on five goals, each shaped by several factors including: user experience expectations; sophisticated cyber threats; increasing technology complexities; demand for a distribution workforce; and the need for the optimization of resources.   

Within the strategy is a list of objectives and expected benefits for the above five goals. The strategy also outlines several initiatives (underway or planned) under each goal. Initiatives that appear to be contractor-addressable are summarized here:

Enhance Service Delivery:

• Justice Management Division (JMD): Implement an eDiscovery solution to allow users to search and identify JMD evidence
• Office of Justice Programs: Build out the JustGrants systems, a combination of all three DOJ grant-making components
• Implement the Fix NICS system for improved database capabilities in firearms purchase
• Strengthen biometrics capabilities as a service to deliver a modernized solution to all law enforcement
• Bureau of Prisons: Upgrade wireless technology at Inmate Housing Units to improve medication dispensing, detect unauthorized mobile devices and improve monitoring and tracking activities
• Assess new technology under a shared service model for common requirements and create an information management strategy for enhanced governance

Elevate Cybersecurity

• Enforce Endpoint Lifecycle Management System (ELMS) agents to every laptop, desktop and service, and scan for routers and switches
• Implement an “allow listing” approach which will permit DOJ to scan applications before being added to devices
• Adopt zero trust architecture
  • Implement a Zero Trust Broker to remove VPN’s from the DOJ network
  • Implement a zero trust governance structure to ensure collaboration among all components
  • Transition off legacy networks to IPv6
• Implement a Vulnerability Disclosure Program to permit the public to report on vulnerabilities in DOJ public-facing applications and systems
• Improve penetration testing with ground truth testing for all systems
• Combine DOJ’s identity providers into a single, unified provider and require users to authenticate using a personal identity verification credential
• Install endpoint detection and response agents on DOJ assets to expand endpoint security
• Centralize auditing capabilities at the Justice Security Operation Center (JSOC), including integrating cloud administration activities into JSOC, starting with enterprise cloud applications and IaaS environments
• Implement a Security Posture Dashboard for insight to all cloud assts and network health assessment
• Develop an enterprise-wide view of IT supply chain and risk through new processes and tools, and utilization of existing tools with capabilities to identify what components are using certain vendors, what risk scores exist for vendors, what components of systems may be or are impacted by vulnerabilities, and where actions need to be taken

Embrace Innovation

• Expand innovation engineering group efforts to prototype solutions
• Establish resources for a joint innovation lab for department stakeholders to explore emerging technologies
• Bureau of Prisons: Migrate the agency’s inmate management system, SENTRY, to an AWS cloud environment
• Bureau of Prisons: Perform network infrastructure upgrades of LAN to increase bandwidth and permit embrace of innovative technologies
• Bureau of Alcohol, Tobacco, Firearms and Explosives: Implement a contractor owned/operated managed LAN environment to allow for agility in deployment of new technologies
• Compile and annually update an AI use case inventory and create a test bed for AI that can be used across the department to safely experiment the technology
• Identify and publish data exchange standards and practices, as well as develop a data exchange framework for DOJ components to document how information is exchanged to be retained in DOJ’s data inventory

Expand the Workforce

• Partner with the FBI and Huntsville Analytics to create a Data Science Academy to expand data and analytics efforts
• Enhance telework tools and introduce new ones such as VDI to allow access from non-GFE devices
• Office of Justice Program: Moving to a new headquarters facility with modernized technology to support workplace of the future efforts

Increase Financial Transparency

• Help DOJ components onboard to the Unified Financial Management System platform
• Develop the OCIO Billing Dashboard where customers can view consumption metrics in real-time