U.S. DEPARTMENT OF TRANSPORTATION
FEDERAL AVIATION ADMINISTRATION
Information and Technology National Policy
ORDER
IT 1100.171
Effective Date:
07/02/18
Distribution: Electronic
Initiated By: AIT-1
This order describes and provides the Office of Information and Technology’s (AIT) mission,
functions, responsibilities and organizational structure to the lowest level. The organizational
structure, including functions at the director level, is documented in the current edition of Federal
Aviation Administration (FAA) Order 1100.1, FAA Organization—Policies and Standards.
The FAA Chief Information Officer (CIO) is the principal adviser to the Administrator and to the
Lines of Business (LOBs) and Staff Offices (SOs) on matters involving Information Technology (IT)
management, and has primary FAA oversight responsibility for all Agency IT investments. The CIO
promotes and guides FAA IT direction and implementation that foster agency goals for improving
"safety, mobility, global connectivity, environmental stewardship, security, and organizational
excellence. To monitor FAA IT activities and measure progress, the CIO organizational components
and work activities include the following:
• Immediate Office of the Chief Information Officer/Information & Technology (AIT-1)
Strategy & Performance Service (ASP-1)
Enterprise Program Management Service (AEM-1)
• Business Partnership Service (APS-1)
• Solution Delivery Service (ADE-1)
• Infrastructure & Operations Service (AIF-001)
• Information Security and Privacy Service (AIS-001)
Chief Data Office (ADO-1)
Revisions to this order should be made based on the organizational needs, and management’s
consideration and approval. AIT’s Policy and Administrative Branch (ASP-110) is responsible for
the maintenance of this order.
SUBJ:
Office of Information and Technology (AIT) Organization
07/02/18 IT 1100.171
ii
Table of Contents
Chapter 1General Information ............................................................................................... 1-1
1. Purpose of this Order ................................................................................................. 1-1
2. Audience .................................................................................................................... 1-1
3. Where Can I find This Order ..................................................................................... 1-1
4. Reference ................................................................................................................... 1-1
5. Federal Information Technology Shared Services Strategy ...................................... 1-1
Chapter 2—Information & Technology (AIT)........................................................................... 2-1
1. Deputy Assistant Administrator for Information and Technology/Chief Information
Officer (AIT-1) .......................................................................................................... 2-1
2. Mission ....................................................................................................................... 2-1
3. Temporary Special Program Office ........................................................................... 2-2
4. Line of Succession ..................................................................................................... 2-2
5. Authority to Change this Order.................................................................................. 2-2
Chapter 3Strategy & Performance Service (ASP) ................................................................. 3-1
1.
Director of Strategy & Performance Service (ASP-1). .............................................. 3-1
a. Roles and responsibilities .................................................................................... 3-1
b. Mission ................................................................................................................. 3-1
2. Workforce Development Staff Office (ASP-003) ...................................................... 3-1
a. Resource Management ......................................................................................... 3-2
b. Training and Education ........................................................................................ 3-2
c. Planning and Strategy .......................................................................................... 3-2
3. IT Strategy, Policy & Business Planning Division (ASP-100)................................... 3-3
a. Policy & Administration Branch (ASP-110) ....................................................... 3-3
b. IT Strategy & Investment Portfolio Branch (ASP-120) ...................................... 3-3
4. IT Asset & Purchase Management Division (ASP-300) ............................................ 3-3
a. IT Purchasing Management Branch (ASP-310) .................................................. 3-3
b. Hardware Asset Management Branch (ASP-320) ............................................... 3-4
c. Life Cycle Management Branch (ASP-330) ........................................................ 3-4
5. Contract Strategy & Support Division (ASP-400)...................................................... 3-4
a. Contract Services A Branch (ASP-410) ............................................................... 3-4
b. Contract Services B Branch (ASP-420) ............................................................... 3-5
c. Contract Strategy & Metrics Branch (ASP-430) ................................................. 3-5
d. Enterprise Software Management Branch (ASP-440) ......................................... 3-5
6. Organizational Chart ................................................................................................... 3-6
Chapter 4Enterprise Program Management Service (AEM) .................................................. 4-1
07/02/18 IT 1100.171
iii
1. Director of Enterprise Program Management Service (AEM-1) ................................ 4-1
a. Roles and responsibilities .................................................................................... 4-1
b. Mission ................................................................................................................. 4-1
2. Enterprise Risk Staff (AEM-003) ............................................................................... 4-1
3. Operations Management Portfolio Division (AEM-100) ........................................... 4-1
(1)
Operations Management Portfolio A Branch (AEM-110)................................... 4-2
(2)
Operations Management Portfolio B Branch (AEM-120) ................................... 4-2
4. Unmanned Aircraft System (UAS) Program Office Division (AEM-200) ................ 4-2
(1)
Unmanned Aircraft System (UAS) A Branch (AEM-210).................................. 4-2
5. Business Management Portfolio Division (AEM-300) .............................................. 4-2
a. Business Management Portfolio A Branch (AEM-310) ...................................... 4-2
b. Business Management Portfolio B Branch (AEM-320) ...................................... 4-2
6. Enterprise Management Portfolio Division (AEM-400) ............................................ 4-3
(1)
Enterprise Management Portfolio A Branch (AEM-410) .................................... 4-3
(2)
Enterprise Management Portfolio B Branch (AEM-420) .................................... 4-3
7. Performance, Planning, & Program Control Division (AEM-500) ............................ 4-3
(1)
Budget & Program Control Branch (AEM-510) ................................................. 4-3
(2)
Capital Planning & Investment Control (AEM-520) ........................................... 4-3
(3)
Planning & Reporting Branch (AEM-530) .......................................................... 4-3
8. Organizational Chart ................................................................................................... 4-4
Chapter 5—Business Partnership Service (APS) ....................................................................... 5-1
1. Director of Business Partnership Service (APS-1). ................................................... 5-1
a. Roles and responsibilities .................................................................................... 5-1
b. Mission ................................................................................................................. 5-1
2. Business Partnership Management Division (APS-100). .......................................... 5-2
(1)
Business Partnership Management A Branch (APS-110) ................................... 5-2
(2)
Business Partnership Management B Branch (APS-120) .................................... 5-2
(3)
Business Partnership Management C Branch (APS-130) .................................... 5-2
(4)
Field Relationship Management (APS-140) ........................................................ 5-2
i.
Eastern Field Section (APS-142) ................................................................... 5-2
ii.
Western Field Section (APS-144) .................................................................. 5-2
(5)
Intake Branch (APS-150) ..................................................................................... 5-2
3. Customer Support Services Division (APS-200). ...................................................... 5-2
(1)
Service Catalog and Customer Satisfaction Branch (APS-210): ......................... 5-3
(2)
IT Training Service Branch (APS-220) ............................................................... 5-3
4. MyIT Service Center Division (APS-300). ............................................................... 5-4
(1)
Service Delivery & Operations Branch (APS-310) ............................................. 5-4
(2)
Helpdesk and Deskside Operations Section (APS-311) ...................................... 5-4
(3)
Project Implementation Support Services Section (APS-312) ............................ 5-4
(4)
Service Assurance & Performance (APS-320)
5. Organizational Chart. ................................................................................................. 5-5
Chapter 6—Solution Delivery Service (ADE) ........................................................................... 6-1
07/02/18 IT 1100.171
iv
1.
Director of Solution Delivery Service (ADE-1). ....................................................... 6-1
a. Roles and responsibilities .................................................................................... 6-1
b. Mission ................................................................................................................. 6-1
2.
Quality Management & Planning Division (ADE-100). ........................................... 6-1
a. Program Quality Branch (ADE-110) ................................................................... 6-1
b. Product Quality Branch (ADE-120)..................................................................... 6-2
c. Quality Planning and Testing Section (ADE-121) .............................................. 6-2
3.
Solution Strategy Division (ADE-200). .................................................................... 6-2
(1)
Enterprise Architecture Branch (ADE-210) ......................................................... 6-2
(2)
Product Management Section (ADE-211) ........................................................... 6-3
(3)
Enterprise Information Management Branch (ADE-220) .................................... 6-3
(4)
Solution Architecture Branch (ADE-230) ........................................................... 6-4
(i) Solution Design & Development Section (ADE-231) ............................. 6-4
4.
Information Services Division (ADE-300) ................................................................ 6-4
(1)
Social Collaboration Services Branch (ADE-310) .............................................. 6-4
(2)
Enterprise Search & Integration Services Branch (ADE-320)............................. 6-5
(3)
Data Visualization Branch (ADE-330) ................................................................ 6-5
5. Solution Management Division (ADE-400) ............................................................... 6-5
(1)
Solutions Monitoring and Management Branch (ADE-410) ............................... 6-6
(2)
Middle Tier Services Branch (ADE-420) ............................................................ 6-6
(a)
Software & Tools Management Section (ADE-421) ............................... 6-6
(b)
Data Management Section (ADE-422) .................................................... 6-6
(c)
Adaptive Maintenance Section (ADE-423) ............................................. 6-6
(3)
Solution Operations Branch (ADE-430) .............................................................. 6-7
i.
Solution Operations A Section (ADE-431) ............................................. 6-7
ii.
Solution Operations B Section (ADE-432).............................................. 6-7
iii.
Solution Operations C Section (ADE-433).............................................. 6-7
6. Organizational Chart .................................................................................................. 6-7
Chapter 7Infrastructure & Operations Service (AIF) ............................................................. 7-1
1.
Director of Infrastructure & Operations Service (AIF-1). ......................................... 7-1
a. Roles and responsibilities .................................................................................... 7-1
b. Mission ................................................................................................................. 7-1
2.
FAA Cloud Services (FCS) Special Program Office (SPO) (AIF-001) .................... 7-1
3.
Enterprise Operations Center (AIF-010) ................................................................... 7-1
4.
Performance & Planning Division (AIF-100) ........................................................... 7-2
1. Performance & Reporting Branch (AIF-110) ...................................................... 7-2
2. I & O Project & Resource Management Branch (AIF-120) ................................ 7-2
3. Network & Data Center Planning & Design Branch (AIF-130) .......................... 7-3
4. Client Planning & Design Branch (AIF-140) ...................................................... 7-3
5.
Transition Services Division (AIF-200) .................................................................... 7-3
a. Enterprise Change & Configuration Branch (AIF-210) ....................................... 7-4
b. Release Branch (AIF-220) ................................................................................... 7-4
c. Pre-Production Environment Management Branch (AIF-230) ............................ 7-4
07/02/18 IT 1100.171
v
d. Client Integration & Testing Branch (AIF-240) .................................................. 7-5
6.
Operations Services Division (AIF-300) ................................................................... 7-5
a. The Directory Services Branch (AIF-310) ........................................................... 7-5
(a) Account Management Section (AIF-311) ...................................................... 7-5
b. Network Services Branch (AIF-320) ................................................................... 7-6
(a) Network Services B Section (AIF-321) .......................................................... 7-6
c. Data Center Services Branch (AIF-330) .............................................................. 7-6
d. Infrastructure Applications Branch (AIF-340) ..................................................... 7-6
(a) Messaging Operations Services Section (AIF-341) ....................................... 7-6
7.
Organizational Chart .................................................................................................. 7-7
Chapter 8Information Security and Privacy Services (AIS) .................................................. 8-1
1. Director of Information Security & Privacy Services (AIS-1) ................................... 8-1
a. Roles and responsibilities .................................................................................... 8-1
b. Mission ................................................................................................................. 8-1
c. Major Functions ................................................................................................... 8-1
d. Functional Organization....................................................................................... 8-1
e. Delegations .......................................................................................................... 8-1
f. Line of Succession ............................................................................................... 8-1
2. Chief of Privacy Office (AIS-10) ............................................................................... 8-2
3. Security & Privacy Risk Management Staff (AIS-020) ............................................. 8-2
4. Security Governance Division (AIS-100) ................................................................... 8-2
(1) Policy, Training & Customer Liaison Branch (AIS-110) .................................... 8-3
(2) Security Architecture & Resilience Branch (AIS-120) ....................................... 8-3
5. Security Compliance Division (AIS-200) ................................................................... 8-3
a.
Vulnerability Management Branch (AIS-210) ...................................................... 8-4
b.
Continuity Management Branch (AIS-220) .......................................................... 8-4
c. Security Assessment Branch (AIS-230) ................................................................ 8-5
d.
Audit & Reporting Branch (AIS-240) ................................................................... 8-5
6.
Security Operation Center (SOC) Branch (AIS-300) .................................................. 8-5
a. Cybersecurity Operations Support Branch (AIS-310) ......................................... 8-6
b. Cybersecurity Services Branch (AIS-320) ........................................................... 8-6
c. Cybersecurity Metrics & Exercises Branch (AIS-330) ....................................... 8-6
d. Security Operation Center (SOC) Branch (AIS-340) .......................................... 8-6
7. Organizational Chart .................................................................................................. 8-6
Chapter 9Chief Data Office (ADO) ....................................................................................... 9-1
1. Director of Chief Data Office (ADO-1)............................................................... 9-1
2. Organizational Chart ............................................................................................ 9-1
Chapter 10—Administration .................................................................................................... 10-1
1. Organizational Chart .......................................................................................... 10-1
2. Distribution ........................................................................................................ 10-1
07/02/18 IT 1100.171
vi
Appendix A—FAA Form 1320-19 Directive Feedback Information ...................................... A-1
07/02/18 IT 1100.171
1-1
Chapter 1. General Information
1.
Purpose of this Order. This order describes the organizational structure, mission, functions,
and responsibilities of the Office of Information and Technology (AIT) in the Office of Finance
and Management (AFN).
2.
Audience. This order affects all organizations and external parties who receive services from
AIT and interface with FAA IT and infrastructure systems.
3.
Where Can I Find This Order? This order is available on the MyFAA employee website;
https://employees.faa.gov/tools_resources/orders_notices/ and on the public website;
http://www.faa.gov/publications_polices/orders_notices/.
4.
Reference. Department of Transportation (DOT) Order 1351.39 IT Governance Policy; CIP
Chapter 1351.39; Departmental Information Technology Governance Policy.
5.
Federal Information Technology Shared Services Strategy. In 2010, the Office of
Management and Budget (OMB) released the Federal IT Shared Services Strategy, which further
emphasizes the need for agencies to use a “Shared-First” approach to IT service delivery. The
overall plan is to increase return on investment, eliminate waste and duplication, and improve the
effectiveness of IT solutions.
07/02/18 IT 1100.171
2-1
Chapter 2. Information & Technology (AIT)
1.
Deputy Assistant Administrator for Information & Technology/Chief Information
Officer (AIT-1/CIO).
a.
Has authority to make changes in AIT structure, and authority or responsibility to adjust
roles and responsibilities to fit its business needs at the directorate level and below.
b.
This office provides leadership and management for secure enterprise-wide information
technology services to support the FAA’s mission. The AIT organization is managed by AIT-
1/CIO and Deputy Director AIT/Deputy CIO, AIT-2, and is comprised of seven (7) service
offices.
c.
AIT-1 is the FAA’s CIO principal information technology (IT), cyber security, privacy,
and records management advisor to the Administrator, and is the final authority on these matters
within the Agency. The Office of the CIO supports the Organizational Excellence Strategic Goal
by providing leadership on all matters associated with the Agency’s IT portfolio. The CIO
participates with each IT Service Director in the strategic direction and oversight of agency
initiatives under their scope and authority.
d.
FAA’s Deputy CIO (AIT-2) is the senior advisor to the FAA CIO for all matters
including policy, budget formulation, planning, execution, and oversight. The Deputy CIO is
responsible for effectively leading AIT on a daytoday basis, overseeing the budget and the
activities of employees engaged in IT management and service delivery.
e.
FAA’s office of the CIO/Deputy CIO (AIT-1/2) is responsible for the approval of all
agency wide external hiring actions for positions in the technical series 334 (Computer
Specialist). This pertains to the hiring of new FAA employees into the 334 series. The
CIO/Deputy is also responsible for obtaining approval from the DOT CIO for said positions.
f.
FAA’s office of the CIO/Deputy CIO (AIT-1/2) is responsible for the approval of all
agency wide IT procurement actions that are in accordance with the FAA Acquisition
Management System (AMS). This pertains to AMS Policy 3.8.2.5 and AMS Guidance T3.2.1.
g.
Serves as the Chairperson, IT Shared Services Committee (ITSSC). The purpose of the
ITSSC is to direct the effective, secure, and cost-efficient application of Mission Support
information technologies, related personnel resources and funding to meet the FAA’s business
needs, consistent with the goals of the FAA’s IT Shared Services Transformation Plan and the
FAA IT Shared Services Strategy.
h.
The CIO follows guidelines as outlined in DOT Order 1351.39 IT Governance Policy,
Section 39.5.
2.
Mission. AIT’s mission is to deliver core IT services to keep FAA’s employees connected
and productive. AIT drives transformative IT efforts that move the FAA enterprise forward; and
as a trusted advisor to our business partners, develops innovative IT solutions to solve complex
challenges.
07/02/18 IT 1100.171
2-2
3.
Temporary Special Program Office. Each office director is authorized to have Temporary
Special Program offices in support of their missions and provides input on FAA policies and
procedures for which the directorate has oversight. The functional elements of these Temporary
Special Program offices are under the direction of the office Director.
4.
Line of Succession. In the event that AIT-1 is unable to fulfill their duties, the following line
of succession will apply:
a.
Deputy CIO, Information & Technology (AIT-002);
b.
Director, Information Security and Privacy Service (AIS-001); or
c.
Director, Solution Delivery Service (ADE-001).
5.
Authority to Change this Order. AIT-1/CIO is authorized to make changes as appropriate
to this order through the directives management process.
07/02/18 IT 1100.171
3-1
Chapter 3. Strategy & Performance Service (ASP)
1.
Director of Strategy & Performance Service (ASP-1).
a.
Roles and responsibilities:
(1)
Has authority to make changes in ASP structure, authority or responsibility to adjust
roles and responsibilities to fit its business needs at the directorate level and below, and authority
to enforce changes in FAA IT policy and procedures as directed by the CIO;
(2)
Provides day-to-day management of the AIT organization’s foundational support
activities;
(3)
Delivers human capital, vendor and acquisition management, and communications
support to FAA IT;
(4)
Provides management and oversight of the IT portfolio and investments;
(5)
Provides centralized management of FAA software licenses inventory and currency;
(6)
Defines and measures enterprise effectiveness against the IT strategy;
(7)
Develops policy, maintains reference documents and ensures compliance;
(8)
Leads the FAA IT strategic planning process;
(9)
Provides management and oversight of strategic initiatives to ensure organizational
alignment; and
(10)
Coordinates AIT employee training.
b.
Mission: ASP is responsible to the CIO for AIT’s business management activities. ASP
concentrates on AIT’s policies, processes, and investment portfolio, along with IT purchasing,
hardware management, lifecycle management, and IT contract strategy and support.
2.
Workforce Development Staff Office (WDSO) (ASP-003). Works to align employee and
manager learning and development with AIT strategies. The staff serves as a conduit to expedite
employee actions through coordination between AIT, AFN and Office of Human Resource
Management (AHR). The staff works across organizational boundaries to formulate and develop
near-term and long-range workforce planning for AIT in addition to planning programs,
including short-term strategies, to optimize resources and identify and fill workforce gaps.
WDSO provides guidance and support to AIT leaders across all AIT service organizations to
establish and maintain the foundational roadmap for the FAA IT workforce of the future.
07/02/18 IT 1100.171
3-2
a. Resource Management:
(1)
Expedites employee actions through the coordination between AIT, AFN and AHR;
(2)
Provides guidance and support to AIT leaders across all AIT service organizations;
and
(3)
Works within the AIT Resource Management team to perform organizational and
personnel management functions such as personnel actions, re-organizations, performance
management, hiring, policy, and document management.
b. Training and Education:
(1)
Aligns employee and manager learning and development with AIT strategies;
(2)
Researches and provides training opportunities for AIT Managers and employees to
assist in leadership and employee development;
(3)
Works with leadership to assess training needs;
(4)
Works with the eLMS team to better understand the capabilities and functionality of
eLMS system to provide responsive training information to managers and employees;
(5)
Assists in providing managers and employees with eLMS system functionality to
allow for self-sufficiency in searching and retrieving training information;
(6)
Updates training records for managers and employees;
(7)
Identifies and recommends low-cost training opportunities, including travel, hotel,
tuition and other any other fees associated with training;
(8)
Assists the team in collecting information on tuition assistance programs in the FAA;
and
(9)
Processes purchase request forms for AIT managers and employees.
c. Planning and Strategy:
(1)
Works across organizational boundaries to formulate and develop near-term and long-
range workforce planning for AIT plans and programs;
(2)
Identifies and fills workforce gaps;
(3)
Provides guidance and supports to AIT leaders across all AIT service organizations;
and
07/02/18 IT 1100.171
3-3
(4)
Establishes and maintains the foundational roadmap for the FAA IT workforce of the
future.
3.
IT Strategy, Policy & Business Planning Division (ASP-100). This division provides
support services for the business of IT. ASP-100 concentrates on IT strategy, policy, and business
management.
a.
Policy & Administration Branch (ASP-110):
(1)
Coordinates and maintains IT-related policies, and provides program management
and oversight for the FAA Directives, Forms, Orders, National Archives and Records
Administration (NARA), Records Management, Paperwork Reduction Act, and Section 508
Compliance;
(2)
Manages and supports the AIT Business Management System (BMS); and
(3)
Serves as the point of contact for matters related to FAA administrative systems,
employees and space.
b.
IT Strategy & Investment Portfolio Branch (ASP-120):
(1)
Assesses the effectiveness of the investment process and refines investment-related
policies and procedures. Evaluates the IT investment portfolio to assess business value and
makes recommendations to optimize investments;
(2)
Builds a structured approach to categorize, evaluate, prioritize, and manage IT
investments;
(3)
Supports the development, execution, and tracking of spend plans for AIT, and tracks
IT spending allocations across projects and departments to enhance fiscal stability;
(4)
Works with teams across AIT to document processes and procedures, and provides
AIT performance dashboards; and
(5)
Collects and maintains data required for budget and Business Plan analysis reports.
4.
IT Asset & Purchase Management Division (ASP-300). ASP-300 oversees all FAA IT
assets that are procured, managed, or otherwise determined by FAA management or policy to be
the responsibility of IT, coordinates IT purchases, and manages IT assets through their life
cycles.
a.
IT Purchasing Management Branch (ASP-310):
(1)
Serves as the centralized source for the procurement of FAA IT related equipment,
software, supplies, and services; and
07/02/18 IT 1100.171
3-4
(2)
Processes Procurement Requests (PR), Interagency Agreements (IAA), and Purchase
Card (PC) transactions utilizing the FAA’s Purchase Request Information System (PRISM)
ensuring that the goods or services requested are received in a timely manner.
b.
Hardware Asset Management Branch (ASP-320):
(1)
Integrates financial, contractual and inventory functions to manage FAA IT assets,
including hardware, office equipment, and peripherals;
(2)
Reviews available options and assists with procurement planning and documentation;
(3)
Develops and maintains policies, standards, processes, systems, and measurements to
manage the IT asset portfolio with respect to risk, cost, governance, and performance objectives;
and
(4)
Manages excess inventory, investigates lost equipment, and maintains a loaner pool
of devices configured for international travel and/or contingency operations.
c.
Life Cycle Management Branch (ASP-330):
(1)
Concentrates on Life Cycle Management (LCM) for FAA IT assets, including
hardware, office equipment, and peripherals;
(2)
Maintains and tracks IT assets needs and manages asset replacements upgrades to
maximize efficiencies and minimize costs; and
(3)
Manages the disposal of IT equipment that is no longer required by the agency.
5.
Contract Strategy & Support Division (ASP-400). ASP-400 serves as Contracting Officer
Representatives (CORs) and provides day-to-day administration support of AIT contracts, task
orders, AIT enterprise services contracts, and the FAA Strategic Sourcing for the Acquisition of
Various Equipment and Supplies (SAVES) contract. Provides contract strategy and metrics along
with enterprise software management for FAA.
a.
Contract Services A Branch (ASP-410):
(1)
Works with the Contracting Officer (CO) on ratifications and changes to contracts,
including Purchasing Requests (PRs) for new requests and for incremental funding for existing
contracts; and
(2)
Provides assistance and oversight for the Project Manager’s (PM’s) development of
the Statement of Work (SOW), Performance Work Statement (PWS), Statement of Objective
(SOO), Independent Government Cost Estimate (IGCE), and IT Acquisition Requests (ITAR)
which leads to a purchase or PR.
07/02/18 IT 1100.171
3-5
b.
Contract Services B Branch (ASP-420):
(1)
Serves as the COR or Engineering Technical Officer (ETO) and provides day-to-day
administration support of existing AIT contracts and task orders, including serving as ETO on
multiple task orders under the National Airspace System (NAS) Integration Support Contract
(NISC); and
(2)
Other responsibilities (see Contract Services A Branch (ASP-410) above).
c.
Contract Strategy & Metrics Branch (ASP-430):
(1)
Provides strategic and advisory services relative to acquisitions, IT service contracts,
vendor management, and makes recommendations to AIT management on the overall acquisition
approach and contract type and/or vehicle that would deliver the best results;
(2)
Evaluates existing contract portfolios, provides contract comparisons, analyzes
business value, makes contract consolidation recommendations, and gathers vendor performance
metrics;
(3)
Provides data collection and reporting on IT acquisition activities and provides input
for the acquisition roadmap for all the legacy and expiring contracts as AIT Services moves
forward with follow-on agreements; and
(4)
Provides due diligence and coordination with FAA organizations on requests for IT
acquisitions subject to review and approval by the CIO in accordance with the FAA Acquisition
Management System (AMS).
d.
Enterprise Software Management Branch (ASP-440):
(1)
Manages the FAA’s enterprise software licensing and maintenance agreements, and
serves as the vendor lead/COR for software licensing requirements;
(2)
Manages the FAA’s number of user count for each agreement and oversees software
licensing, and maintenance currency for the FAA workforce;
(3)
Works with the contracting office and vendors to negotiate the best pricing position
for the FAA on software acquisitions;
(4)
Conducts internal reviews of installed software products to ensure compliance with
FAA agreements, and collaborates with vendors to make adjustment/true-ups to maintain license
currency;
(5)
Serves as the FAA’s central point of contact for software management, reporting, and
exchange of information with DOT and other federal agencies to comply with the Federal
Information Technology Acquisition Reform Act (FITARA) and other OMB reporting on FAA
Software acquisitions and ownership;
07/02/18 IT 1100.171
3-6
(6)
Serves as the FAA’s central point of contact for performing and maintaining a
software inventory baseline and implementing a software harvesting process, and
(7)
Facilitates the National Software board to review software requests for compatibility
in the AIT environment.
6.
Organizational Chart. The organization chart is available on the MyFAA employee
website: https://my.faa.gov/content/dam/myfaa/org/staffoffices/afn/information/AIT-
Organization- Chart.pdf.
07/02/18 IT 1100.171
4-1
Chapter 4. Enterprise Program Management Service (AEM)
1.
Director of Enterprise Program Management Service (AEM-1).
a. Roles and responsibilities:
(1)
Has authority to make changes in AEM structure, authority or responsibility to adjust
roles and responsibilities to fit its business needs at the directorate level and below, and authority
to enforce changes in FAA IT policy and procedures as directed by the CIO;
(2)
Organizes and manages resources to execute approved programs and projects;
(3)
Ensures programs and projects are completed within the defined scope, quality, time,
and cost constraints using consistent and defined standards;
(4)
Enables informed decision making;
(5)
Facilitates risk awareness and risk management;
(6)
Manages and tracks the AIT portfolio of programs and projects to ensure everything is
properly resourced, coordinated, and effectively run; and
(7)
Tracks FAA capital investments and reports on Exhibit 300 and Exhibit 53 items.
b. Mission: The Enterprise Program Management Service (EPMS) provides program and
project management services along with portfolio management services for AIT efforts.
2.
Enterprise Risk Staff (AEM-003).
a.
Manages risk within AIT’s portfolio of programs and projects, and provides EPMS
leadership with the necessary information to make risk aware decisions;
b.
Provides risk management training, consulting, and tools to identify, assess, manage,
monitor, and report IT risks;
c.
Determines project portfolio and risk profile and tolerance, using risk assessment tools, as
well as IT Risk Management Framework to guide the development of strategies to mitigate and
manage risks; and
d.
Ensures AIT is in compliance with all federal risk management regulations.
3.
Operations Management Portfolio Division (AEM-100).
a.
Manages AIT’s portfolio of operations-related programs and projects for Aviation Safety
(AVS), Air Traffic Organization (ATO), Airports (ARP), and Commercial Space Transportation
(AST);
07/02/18 IIT 1100.171
4-2
b.
Coordinates the creation and delivery of work products and deliverables;
c.
Provides dayto day management and oversight of the critical elements of programs and
projects including budget, schedule, risk, and Earned Value Management (EVM) when
applicable; and
d.
Works closely with technical subject matter experts (SMEs) in other AIT Services to
ensure projects are executed successfully.
(1)
Operations Management Portfolio A Branch (AEM-110): Supports AVS projects.
(2)
Operations Management Portfolio B Branch (AEM-120): Supports Air Traffic
Organization (ATO), ARP and AST projects.
4.
Unmanned Aircraft System (UAS) Program Office Division (AEM-200).
a. Manages AIT’s portfolio of UAS-related projects;
b. Coordinates the creation and delivery of work products and deliverables;
c. Provides daytoday management and oversight of the critical elements of programs and
projects including budget, schedule, risk, and EVM when applicable; and
d. Works closely with technical SMEs in other AIT Services to ensure projects are executed
successfully.
(1)
Unmanned Aircraft System (UAS) A Branch (AEM-210): Supports AVS and
ATO projects related to UAS.
5.
Business Management Portfolio Division (AEM-300):
a.
Manages AIT’s portfolio of business-related projects;
b.
Coordinates the creation and delivery of work products and deliverables;
c.
Provides daytoday management and oversight of the critical elements of programs and
projects including budget, schedule, risk, and EVM when applicable; and
d.
Works closely with technical SMEs in other AIT Services to ensure projects are executed
successfully.
(1)
Business Management Portfolio A Branch (AEM-310): Supports AFN and AHR
projects.
(2)
Business Management Portfolio B Branch (AEM-320): Supports Office of Audit
and Evaluation (AAE), AHR and AIT projects.
07/02/18 IT 1100.171
4-3
6.
Enterprise Management Portfolio Division (AEM-400).
a.
Manages AIT’s portfolio of enterprise-wide projects for AIT and FAA services;
b.
Coordinates the creation and delivery of work products and deliverables;
c.
Provides daytoday management and oversight of the critical elements of programs and
projects including budget, schedule, risk, and EVM when applicable; and
d.
Works closely with technical SMEs in other AIT Services to ensure projects are executed
successfully.
(1)
Enterprise Management Portfolio A Branch (AEM-410): Supports AIT projects.
(2)
Enterprise Management Portfolio B Branch (AEM-420): Supports AIT projects.
7.
Performance, Planning & Program Control Division (AEM-500).
a.
Manages and tracks the AIT portfolio of programs and projects to ensure that it is
properly resourced, coordinated, and effectively run; and
b.
Tracks FAA Capital Investments and reports on Exhibit 300 and Exhibit 53 items.
(1)
Budget & Program Control Branch (AEM-510):
(a)
Concentrates on the resources of EPMS, including financial and human resources,
estimates costs and develops budgets for EPMS programs and projects;
(b)
Tracks and secures funding from FAA customers for respective Project Level
Agreements (PLAs); and
(c)
Supports the AIT Intake process and assists EPMS leadership with resource
management, to enable the organization to focus resources where most needed.
(2)
Capital Planning & Investment Control (CPIC) Branch (AEM-520): Tracks and
reports on the IT portfolio of investments to meet CPIC requirements, including Agency IT
Portfolio Summary (IPS), Agency Cloud Spending Summary (CSS), Major IT Business Case
(MITBC) and Major IT Business Case Detail (MITBCD).
(3)
Planning & Reporting Branch (AEM-530):
(a) Concentrates on business planning and reporting, and manages the AIT’s Project
Management Center of Excellence;
(b) Supports EPMS’s business planning efforts, and reports on EPMS’s portion of the
AIT Business Plan;
07/02/18 IT 1100.171
4-4
(c) Manages tool, used for portfolio and resource management, which tracks the
progression of programs and projects throughout the Program Management Lifecycle (PMLC)
and assists EPMS leadership manage all aspects of the portfolio;
(d) Manages EPMS’s Integrated Master Schedule (IMS); and
(e) Promotes project management methodology and best practices, provides training
and opportunities to enhance PM skills and shares knowledge via Community of Practice
sessions.
8.
Organizational Chart. The organization chart is available on the MyFAA employee
website: https://my.faa.gov/content/dam/myfaa/org/staffoffices/afn/information/AIT-
Organization- Chart.pdf.
07/02/18 IT 1100.171
5-1
Chapter 5. Business Partnership Service (APS)
1.
Director of Business Partnership Service (APS-1).
a. Roles and responsibilities:
(1)
Has authority to make changes in APS structure, authority or responsibility to adjust
roles and responsibilities to fit its business needs at the directorate level and below, and authority
to enforce changes in FAA IT policy and procedures as directed by the CIO;
(2)
Business Partnership Service (BPS) is responsible for enterprise-wide customer
relationship management. As the front door into IT and serving as the liaison for FAA business
customers who need IT support, BPS interacts with customers to ensure their needs are met. BPS
develops and maintains customer relationships, as well as collaborates, and provides immediate
technical support;
(3)
BPS provides the primary interaction with IT customers to understand their needs,
foster collaborative solutions, and build credibility as a trusted partner. BPS is responsible for the
end-to-end customer relationship management process and the National Helpdesk Services;
(4)
BPS maintains the AIT Service Catalog, the central location for customers to fulfill
their standard IT needs and manages the MyIT Service Center, the FAA’s 24x7 IT helpdesk, to
provide support and quickly resolve customer IT questions; and
(5)
BPS manages AIT requirements for Service Level Agreements (SLAs) and/or
Memorandum of Agreements (MOAs) requirements and works with other IT offices to meet or
exceed their requirements.
b. Mission:
(1)
Relationships: Fosters a collaborative and unifying culture fueled by communication
and outreach;
(2)
Responsive: Shepherds business needs to translate business needs and connect
customers with options and solutions;
(3)
Service: Employees are professional, courteous, respectful, and promote a sense of
community;
(4)
Trust and value: Trusted advisors in strategic initiatives with our business partners;
and
(5)
Change agents: Continually drives change to ensure a peak customer experience.
07/02/18 IT 1100.171
5-2
2.
Business Partnership Management (BPM) Division (APS-100).
a. Provides consultative services and fosters relationships between IT customers and the IT
organization; and
b. Seeks to understand customer priorities and constraints while fostering innovative IT
solutions.
(1) Business Partnership Management A Branch (APS-110): Serves as account
managers for AIT’s customers in ATO, AFN, and AHR.
(2) Business Partnership Management B Branch (APS-120): Serves as account
managers for AIT’s customers in AVS, AST, Office of Security and Hazardous Material
Materials (ASH), ARP, and NextGen (ANG).
(3) Business Partnership Management C Branch (APS-130): Serves as account
managers for AIT’s customers in Office of Audit and Evaluation (AAE), Office of the Chief
Council (AGC), Office of Government and Industry Affairs (AGI), Office of the Administrator
(AOA), Office of Communications (AOC), Office of Civil Rights (ACR), and Office of Policy,
International Affairs & Environment (APL).
(4) Field Relationship Management Branch (APS-140):
(a) Serves as account managers for AIT’s customers in FAA field offices throughout
the United States; and
(b) Actively listens for emerging IT trends in the field, responds to IT inquiries from
field personnel, and provides IT coordination services in field offices.
i. Eastern Field Section (APS-142): Serves as account managers for AIT’s
customers in the Eastern U.S.
ii. Western Field Section (APS-144): Serves as account managers for AIT’s
customers in the Western U.S.
(5) Intake Branch (APS-150): Manages, routes, tracks and reports on IT requests. This
Team is responsible for “triaging” customer requests coming into AIT and routing requests
appropriately for rapid fulfillment. APS-150 is responsible for evaluating customer requests and
determining if the request is standard fulfillment or requires a more customized
approach/solution.
3.
Customer Support Services Division (APS-200).
a.
Provides support for the Customer Relationship Management process;
b.
Manages the AIT Service Catalog, and IT Training Services; and
07/02/18 IT 1100.171
5-3
(1) Service Catalog and Customer Satisfaction Branch (APS-210):
(a) Manages the AIT Service Catalog, known as MyIT Services, a resource for all
FAA employees to find and learn more about the IT services and products offered by AIT;
(b) Regularly monitors, analyzes, and reports on services delivered within the catalog;
(c) Ensures that the IT workforce is knowledgeable about IT capabilities and services
that are available to the business;
(d) Regularly monitors, researches, and replies to IdeaHub messages related to IT
topics; and
(e) Manages and administers surveys for internal AIT use.
(2) IT Training Service Branch (APS-220):
(a) Provides dynamic training solutions to meet the IT learning needs of FAA
employees to enable a highly productive workforce;
(b) Collaborates with the FAA Chief Learning Officer, Learning Enterprise
Architecture Steering Committee (LEA SC), and other training organizations within the FAA;
(c) Develops instructional materials as needed;
(d) Identifies IT training needs, determines the ideal training delivery method,
delivers the training, and evaluates the learning outcomes; and
(e) Designs and develops training using several methods:
i.
Training Aids – quick steps on how to perform specific functions with IT
products and services;
ii.
Instructional Videos – released “just in time” to address a customer’s need, or
available within eLMS for the long-term;
iii.
Computer Based Training (CBT) modules – often used to teach specific skills
and test employees’ knowledge (available within eLMS);
iv.
Instructor Led Training (ILT) classes – short one to two hour webinars via
eLMS in a virtual classroom environment;
v.
AIT’s training webinar studio located in Washington, DC headquarters, offers
the capability for any Line of Business(LOB)/Staff Office (SO) to conduct and record their own
training session to employees across the country; and
07/02/18 IIT 1100.171
5-4
vi.
Blackboard – utilizes Blackboard technology and incorporates a blended
learning approach of videos, CBTs, and ILT classes.
4.
MyIT Service Center Division (APS-300).
a.
Serves as the central point of contact between customers and IT service management, and
includes telephone and on-site support for restoration of service, new service requests, status of
incidents, and problems and service requests (Tier 1); and
b.
Provides deskside services including deskside support and client support.
(1) Service Delivery and Operations Branch (APS-310):
(a)
Provides management and oversight of the FAA with helpdesk and deskside
support services vendors; and
(b)
Develops, validates, and integrates processes, provides technical and policy
guidance, manages the escalation process, and enables self-service tools.
(2) Helpdesk and Deskside Operations Section (APS-311):
(a) Provides management and oversight of the ATO Tech Ops Maintenance Display
Terminals (MDTs), support and coordination for hardware lifecycle management (LCM), local
FAA facility activities, and special projects tools;
(b) Oversees escalation management along with the self-service tools available;
(c) Advocates for AIT to their customers, and for their customers within AIT;
(d) Promotes, on a daily basis, IT programs and projects to their customers,
intervenes to resolve issues before they become critical, and maintains collaborative relationships
across AIT; and
(e) Reviews Helpdesk and Deskside processes in order to streamline support and
improve the overall customer experience by working directly with Helpdesk and Deskside
management on day-to-day efforts to shift support from right to left to the lowest tier of support
whenever possible.
(3) Project Implementation Support Services Section (APS-312): Provides
management and oversight of the ATO Tech Ops MDTs, and supports the coordination for
hardware LCM, local FAA facility activities, and special projects which require support from the
Helpdesk and Deskside Operations group.
(4) Service Assurance and Performance Branch (APS-320): Handles incident
management, problem management, root cause analysis, knowledge management, request
management, Service Center change management, quality assurance and service level metrics,
07/02/18 IIT 1100.171
5-5
tools support, and the product catalog used for data categorization.
5.
Organizational Chart. The organization chart is available on the MyFAA employee
website: https://my.faa.gov/content/dam/myfaa/org/staffoffices/afn/information/AIT-
Organization- Chart.pdf.
07/02/18 IT 1100.171
6-1
Chapter 6. Solution Delivery Service (ADE)
1.
Director of Solution Delivery Service (ADE-1).
a.
Roles and responsibilities:
(1)
Has authority to make changes in ADE structure, authority or responsibility to adjust
roles and responsibilities to fit its business needs at the directorate level and below, and authority
to enforce changes in FAA IT policy and procedures as directed by the CIO;
(2)
Provides application development and information delivery services, with an
emphasis on the design, development and support of technical solutions, to meet and exceed the
needs of IT customers;
(3)
Provides collaboration, business intelligence and reporting services that support
decision-making and performance tracking; and
(4)
Delivers production management services.
b.
Mission: Solution Delivery Service (ADE) provides technical expertise and develops
innovative products and services to solve complex challenges facing AIT’s business partners.
From quality management and planning, to enterprise data management, solution and enterprise
architecture, and information delivery, to application development, testing, and sustainment,
ADE delivers. ADE is committed to designing new and innovative ways to leverage the FAA
cloud, to dynamically improve data analysis, enable data-driven decision-making, and streamline
how information is provided to aviation stakeholders. ADE works closely with AIT’s business
partners in areas such as collaboration, mobility, and citizen development.
2.
Quality Management & Planning Division (ADE-100). ADE-100 serves as the “front
door” to Solution Delivery. This office tracks and monitors work assigned, manages the demand
for resources, and ensures products are suitable for its intended purpose, meets requirements, and
operates to customer expectations.
a.
Program Quality Branch (ADE-110):
(1)
Integrates innovative solutions into the AIT Work Intake process, as part of the
Discovery Team. In coordination with BPMs, this branch provides high-quality and realistic
proposals that offer relevant options for meeting customer needs;
(2)
Provides a comprehensive understanding of the work of ADE. This branch has
visibility into all activities and projects across the organization, and understands the pipeline of
inbound work. ADE-110 oversees the Solutions Work Assessment Team (SWAT), ensuring the
efficient intake of work. ADE-110 leads capacity planning and works closely with EPMS and
BPS to provide the appropriate staffing resources to support the execution of AIT’s programs
and projects;
07/02/18 IT 1100.171
6-2
(3)
Manages the contract strategy for ADE moving toward flexibility and resource
scalability by demand. ADE-110 has overall responsibility for processes within the organization,
and collaborates on standards to making them easily accessible and understood; and
(4)
Develops and monitors multiple metrics, manages ADE financials, manages
business planning and reporting, maintains the organization’s integrated Master Schedule to
support capacity management, and provides data for ADE leadership to make decisions.
b.
Product Quality Branch (ADE-120):
(1)
Ensures that ADE products are suitable for their intended purposes, meet all agreed to
requirements, and operates to customer expectations; and
(2)
In addition to the Section described below, this Branch includes two teams:
(a)
Requirements Team supports the creation of the Program Requirements and the
Requirements Definition Guidelines documents required for Joint Resources Council
(JRC)/AMS investments, and the team reviews proposed changes to AMS policy that relate to
these documents; and
(b)
Usability and User Experience (UX) Team works in crossfunctional teams to
plan, prioritize, and deliver information architecture, information design, visual design/page
layouts, tools, services, and applications to support a cohesive user experience. The team
leverages modern web technologies to define innovative user interfaces and interaction models
that result in improved productivity and operational efficiency, and educate project teams about
best practices.
c.
Quality Planning and Testing Section (ADE-121):
(1)
Designs, plans, and coordinates solution quality to identify the business value and
ensure those requirements are met;
(2)
Works with PMs on quality and test planning, ensuring the solution follows
methodology, meets standards and is suitable for its intended purpose and works correctly; and
(3)
Oversees test execution, including regression testing, user acceptance testing,
interface testing, compatibility testing, and performance testing.
3.
Solution Strategy Division (ADE-200).
a.
Designs solutions that effectively use data and align to the goals, processes, and standards
within AIT and the FAA.
(1)
Enterprise Architecture Branch (ADE-210):
(a) Supports the Branch in meeting its strategic objectives by employing its internal
07/02/18 IIT 1100.171
6-3
Technical Analysis Investment Team;
(b) Collects, connects, and relates data and information to assist management in
making informed strategic decisions to achieve future-state goals. Enterprise Architecture (EA)
is a management practice for aligning resources to improve business performance and help the
FAA better execute its core mission. EA describes the current and future state of the agency, and
lays out a plan for transitioning from the current state to that future state; and
(c) Facilitates and supports a common understanding of business needs, helps
formulate recommendations to meet those needs, and facilitates the development of a plan of
action that is grounded in an integrated view of technology planning, mission/business planning,
capital planning, security planning, infrastructure planning, human capital planning, performance
planning, and records planning. EA focuses on the FAA’s information, infrastructure,
applications, and performance architectural domains.
(2)
Product Management Section (ADE-211): Provides product portfolio management
for all AIT/ADE supported software products by maintaining a “living product roadmap;
(a)
Tracks all software products to ensure they are delivered, maintained, and
sunsetted appropriately, and meet the needs of system owners;
(b)
Works with AIT PMs, DevOps Leads, Sustainment Leads, BPMs, Enterprise
Architects, Security Engineers and others to have the latest information on current and future
improvements for the software product roadmap; and
(c)
Captures risks associated with software products in terms of security, finance,
technology, or business related impacts.
(3)
Enterprise Information Management Branch (ADE-220):
(a) Concentrates on bringing Enterprise Information Management (EIM) to life at the
FAA. EIM is an integrative discipline for structuring, describing, and governing information
assets across organizational and technological boundaries to improve efficiency, reduce cost,
promote transparency, and enable business insight;
(b) Ensures that information is treated as the valuable asset that it is. EIM strives to
streamline processes to allow data to be processed in a timely, cost effective, and efficient
manner. This branch is responsible for Master Data Management— ensuring that FAA master
data is consistent and includes a uniform set of identifiers and extended attributes that describe
the core entities of the data. EIM also creates, maintains, and communicates data quality policies,
data governance policies, and metadata standards/guidelines. EIM supports AIT project teams in
following these policies and guidelines, and advises them on the types of data services that are
required; and
(c) Works closely with solution architects to define the data characteristics of a
solution and the processes to ensure fast, easy access to well-maintained data. EIM builds data
07/02/18 IT 1100.171
6-4
models, and assists with database design and development. In addition, EIM monitors and
reports on compliance of policies and guidelines, and supports enterprise architects in producing
a roadmap for data governance and data management within the FAA.
(4)
Solution Architecture Branch (ADE-230):
(a) Ensures technology solutions align to business goals, follows approved processes,
uses enterprise information in a consistent manner, integrates effectively with other applications,
supports a common application environment and user interaction model, uses a common
technology platform, and achieves enterprise-level security and scale;
(b) Works closely with the Solution Architecture and EA teams to ensure alignment
with AIT standards while planning future technological capabilities; and
(c) Helps AIT hone in on technologies that will be useful to the FAA in the future by
employing the Research & Innovation team and conducts proof of technology and proof of
concept research.
i.
Solution Design & Development Section (ADE-231):
(i) Responsible for the logical and physical design of web applications; and
(ii) Oversees and manages the conceptualization, detailed design, and
development of technology solutions. Solution Architects concentrate on the definition and
description of the architecture of a system delivered in context of a specific solution, and as such
it may encompass an entire system or a specific part of that system. This section provides
oversight into the development of application-level code and processes within the application
development environment, including integration of new and existing functionality. ADE-231
ensures that delivered solutions are of a consistently high quality, are delivered against a clear
and stable set of requirements, moves the IT architecture forward, and are operationally fit.
4.
Information Services Division (ADE-300):
a.
Delivers “information as a service” to the FAA;
b.
Provides technology platforms to enable FAA employees and stakeholders to work
collaboratively, on the interoperability between tools and systems through search and
information integration services, and help array requested data and information in easily
consumable formats for customers; and
c.
Ensures "information as a service" is secure and safe to use, supports the MyAccess
platform which provides the FAA Identity and Access Management (IAM) service.
(1)
Social Collaboration Services Branch (ADE-310):
(a) Provides a variety of consultative capabilities and technology platforms that
enable FAA employees to work collaboratively;
07/02/18 IT 1100.171
6-5
(b) Understands how people collaborate in the context of geographically distributed
and adhoc teams, on-premise and mobile work environments, and how they work together to
use, develop, and apply content to business needs;
(c) Recognizes the “community” as the application, empowering users to solve
problems for themselves and apply the right tools to the problem in any situation; and
(d) Responsible for the Knowledge Services Network (KSN), collaboration projects,
www.faa.gov, my.faa.gov, and their supporting search and content management systems.
(2)
Enterprise Search & Integration Services Branch (ADE-320):
(a)
Supports the aggregation and integration of data and tools, within the framework
of EIM;
(b)
Creates structured and unstructured enterprise content that is easy to find through
indexing and retrieval;
(c)
Supports integration services including MyAccess, Service Oriented Architecture
(SOA), operational web services, and data virtualization; and
(d)
Provides technology platforms and advisory services for enterprise integration
services, which promote reuse via enterprise standards and frameworks, supports integration
services including MyAccess, SOA, operational web services, data virtualization, data
warehouse management, and document management, and Enterprise Search services by making
structured and unstructured enterprise content easy to find through indexing and retrieval.
(3)
Data Visualization Branch (ADE-330):
(a) Provides relevant and timely data analytics and reporting solutions, as a service;
(b) Supports the design and development of intuitive visual representations of
enterprise data, descriptive and predictive data analytics using real time, near real-time and
historical data, and self-service business intelligence (BI) tools to enable customers to more
easily make data-driven decisions;
(c) Views and analyzes data from multiple dimensions, and assists in designing and
implementing data-driven reports; and
(d) Provides guidance, best practices, and environments to develop/assist self-service
BI for desktop and mobile platforms.
5.
Solution Management Division (ADE-400):
a.
Configures, implements, and maintains applications, middle-tier software, platforms, and
07/02/18 IT 1100.171
6-6
environments that meet the business needs of the FAA; and
b.
Develops new strategies and technologies to improve, monitor, communicate, and report
application incidents and outages.
(1)
Solutions Monitoring & Management Branch (ADE-410):
(a)
Provides monitoring, reporting, and communication services for
application/system incidents and outages; and
(b)
Serves a major role in developing resolution and notification processes used in
AIT, related to application monitoring and reporting. As “first responders,” ADE-410 sends out
notifications, conducts root cause analysis, collects data, and ensures ADE responds to
application incidents and outages in a timely and collaborative manner.
(2)
Middle Tier Services Branch (ADE-420): Manages the “middle tier” architecture
for effective software development, as well as the reading and writing of data to create
applications.
(a) Software & Tools Management Section (ADE-421):
i.
Responsible for the web platforms and tools that AIT developers use to build
software;
ii.
Manages application servers, oversees the test and production environments,
and supports deployments from one environment to another;
iii.
Supports numerous custom web applications running on Internet Information
Services (IIS), TomCat, SharePoint, WebSphere, ColdFusion, and BPM platforms; and
iv.
Automates deployments using DevOps methodologies, which will streamline
AIT’s deployment of applications to the cloud.
(b) Data Management Section (ADE-422):
i.
Responsible for the maintenance and security of data and databases attached
to FAA applications in AIT’s production environments; and
ii.
Installs, configures upgrades, administers, monitors, and maintains a vast
number of FAA databases.
(c) Adaptive Maintenance Section (ADE-423):
i.
Plans for updates to AIT’s platform and middle-tier vendor products, and
orchestrates development activities required for business applications to adapt and integrate with
the updates; and
07/02/18 IIT 1100.171
6-7
ii.
Utilizes vendor product support roadmaps that outline expected upgrades and
patches, plans the activities and resources required to efficiently keep application environments
current.
(3)
Solution Operations Branch (ADE-430):
(a)
Is organized into three sections, collectively Solution Operations manages
business applications in AIT’s production portfolio;
(b)
Oversees the operations, break/fix, maintenance, environment upgrades, small
customer requests, and system administration of the applications that are in AIT’s production
environment;
(c)
Works closely with ADE’s Product Managers to manage the overall health of
each application specifically ensuring that it is available, technically viable, secure, and has
current documentation; and
(d)
Provides Tier 3 support to applications.
i.
Solution Operations A Section (ADE-431): Serves as developers and
sustainment coordinators. Their responsibilities are described above.
ii.
Solution Operations B Section (ADE-432): Serves as developers and
sustainment coordinators. Their responsibilities are described above.
iii.
Solution Operations C Section (ADE-433): Serves as developers and
sustainment coordinators. Their responsibilities are described above.
6.
Organizational Chart. The organization chart is available on the MyFAA employee
website: https://my.faa.gov/content/dam/myfaa/org/staffoffices/afn/information/AIT-
Organization- Chart.pdf.
IT 1100.171
07/02/18
7-1
Chapter 7. Infrastructure & Operations Service (AIF)
1.
Director of Infrastructure & Operations Service (AIF-001).
a.
Roles and responsibilities:
(1)
Has authority to make changes in AIF structure, authority or responsibility to adjust
roles and responsibilities to fit its business needs at the directorate level and below, and authority
to enforce changes in FAA IT policy and procedures as directed by the CIO;
(2)
Directs, manages and maintains FAA Mission Support and IT test and production
environments, protects from harm and re-establishes operations when a detrimental event occurs;
and
(3)
Manages and maintains the foundation of all FAA non-NAS IT networks, IT
infrastructure, and IT data centers.
b.
Mission: AIF manages AIT’s operational environments and protects them from harm.
The organization provides a wide array of services, ranging from planning, design, testing,
transition and operation support in the production environment. Delivering effective back-end
solutions, to monitor the integrity and optimization of the operation of the agency’s networks,
data centers, and applications, AIF ensures that the FAA runs an effective and efficient
infrastructure.
2.
FAA Cloud Services (FCS) Special Program Office (SPO) (AIF-001).
a. The mission of the FAA Cloud Services (FCS) Special Program Office (SPO) is to
provide an enterprise solution for agency cloud computing needs. AIF-001 provides a full scope
of program management support, including contract management, program control, and
stakeholder management;
b. Services cloud architecture needs by building and refining cloud architecture, developing
implementation strategies, and coordinating change effectively across the enterprise;
c. Manages migration of applications to the cloud, by conducting cloud suitability
assessments, planning for capacity, and coordinating migrations; and
d. Provides a full lifecycle of operational support, to include governance, implementation,
delivery orders, quality assurance, and incident response.
3.
Enterprise Operations Center (AIF-010).
a.
The Enterprise Operations Center’s (EOC) mission is to provide 24x7 automated
monitoring, alerting, services performance, reliability and optimization for infrastructure in FAA
facilities and applications in production. Using predictive analysis methods to anticipate issues
before they occur, reduce service interruptions, and maximize service uptime allows AIF and
IT 1100.171
07/02/18
7-2
system owners to be proactive with potential issues, and understand overall performance;
b.
Through continuous monitoring, AIF identifies interruptions to service as soon as they
occur, facilitates root cause analysis, and coordinates response efforts with other AIT
organizations to ensure service is restored in a timely manner. AIF initiates service interruption
notices and other communication to AIT stakeholders; and
c.
Manages several enterprise tools used to monitor and trend application and network
performance and availability, and conducts forensic analysis and problem resolution for more
complex issues.
4.
Performance & Planning Division (AIF-100).
a.
Serves as the front-door to the AIF organization; and
b.
Provides centralized infrastructure and operations planning, design, performance
tracking, AIF-specific project management and integration services to promote effective and
efficient operations.
(1)
Performance & Reporting Branch (AIF-110):
(a) Establishes, monitors, and reports on overall metrics and performance targets for
AIF. AIF-110 is responsible for collecting and analyzing baseline vs. current performance data
on network and server performance, conducting impact analysis, and providing information in
response to data calls; and
(b) Serves as an authoritative source for AIF data inquiries, performance and
trending; assists in reporting and gathering data for all agency data calls.
(2)
Infrastructure & Operations Project & Resource Management Branch (AIF-
120):
(a)
Oversees capacity planning, work intake, project management, incident
management, and workforce management. Provides the single view of the current workload of
the AIF organization, tracking all work initiatives, coordinating resource assignment and project
planning, and tracking the overall utilization and availability of AIF resources;
(b)
Manages AIF’s work intake. AIF-120 uses standard processes to accept, assess,
review, assign, and track Service Requests (SRs). They provide insight to AIF leadership on
workload levels and recommendations on resource availability and prioritization of work. AIF-
120 provides input into the portfolio planning process and coordinates inputs into SLAs;
(c)
Supports the management of customer incidents originating from the MyIT
Service Center and other sources. AIF-120 provides monitoring, initial assessments, accurate and
timely assignments, and standard reporting services for restoration and request incidents received
from customers; and
IT 1100.171
07/02/18
7-3
(d)
Provides project management support for projects and initiatives specific to AIF.
AIF-120 collaborates with AIF management to identify appropriate project leads to execute
identified infrastructure projects, and ensures that AIF has the required project management
resources available. AIF-120 coordinates with AIT work intake teams as well as EPMS in the
delivery of enterprise projects, and manages and tracks said projects.
(3)
Network & Data Center Planning & Design Branch (AIF-130):
(a)
Collaborates within AIF and across the AIT Services to design and implement
new network and data center technologies and configurations;
(b)
Fulfills requests to lead or participate in network, data center, and infrastructure
services projects. AIF-130 provides the business case for testing and implementing new
technology and, once approved by management, initiates projects related to the new technology.
AIF-130 forecasts the project budget, sets priorities, analyzes project risks and constraints, and
manages resources to best achieve the project goals; and
(c)
Architects, configures, and implements the hardware required to operate networks
(Local Area Network (LAN)/Wide Area network (WAN)) and data centers, in coordination with
AIF’s Operations Services Division. AIF-130 plans, designs, and manages the lifecycle of
network and data center topologies and configurations, and sets and documents standards for
network and data center technologies. AIF-130 provides network and data center guidance to
facilities that are new, moving, or renovating and coordinates the installation of new network
circuits.
(4)
Client Planning & Design Branch (AIF-140):
(a)
Collaborates within AIF and across the AIT Services to plan for and design new
client technologies and configurations;
(b)
Fulfills requests to lead or participate in client related projects. AIF-140 provides
the business case for testing and implementing new technology and, once approved by
management, initiates projects related to the new technology. AIF-140 forecasts the project
budget, set priorities, analyzes project risks and constraints, and manages resources to best
achieve the project goals; and
(c)
Develops the roadmap for the continuing evolution of the client in coordination
with ADE’s Enterprise Architecture Branch, S&P’s Asset Management Branches, and BPS’s
Business Partnership Management Division. In coordination with AIF’s Client Integration and
Testing Branch, architects hardware and software required to operate the FAA client. AIF-140
assists with building the client image(s), planning and designing the lifecycle of client topologies
and configurations, and sets and documents standards for client technologies.
5.
Transition Services Division (AIF-200): Provides comprehensive management and
oversight of AIT’s test and production environments. AIF-200 manages the transition process
from test to production and is responsible for the planning, scheduling, bundling, releasing, and
IT 1100.171
7-4
07/02/18
tracking of all changes.
a. Enterprise Change & Configuration Branch (AIF-210):
(1)
Manages AIT’s Enterprise Change Management Process, and focuses on the efficient,
effective, and comprehensive management of all changes to the IT production environment;
(2)
Utilizes standardized methods and procedures to promptly handle all requests for
changes to the IT production environment in order to minimize the number and impact of related
incidents on service. AIF-210 is responsible for receiving, logging, prioritizing, and facilitating
the completion of all change requests. This includes updates the change log with all progress as it
occurs, closes requests for completed changes, and provides reports to management on all
changes to the IT production environment;
(3)
Chairs AIT’s Enterprise Change Management Board. The AIT Enterprise Change
Management Board assesses, approves and authorizes for implementation changes to the IT
Production Environment; and
(4)
As the Librarian of all configuration items, works closely with Asset Management to
ensure AIT has a clear picture of all hardware, software, and supporting assets that are in the
FAA’s IT production environment. AIF-210 manages the Configuration Management Database
(CMDB) tool.
b. Release Branch (AIF-220):
(1)
Protects the integrity of the FAA’s IT production environment by effectively
planning, scheduling, communicating, and deploying releases from the test environment to the
live production environment;
(2)
Ensures that releases are clearly defined and successfully transitioned into production.
AIF-220 conducts a final readiness review on all new solutions, client configurations, patches,
equipment, and any other changes to the IT production environment. After deployment to the
production environment, AIF-220 verifies the success of the deployment, and provides regular
metrics and reports to AIF management; and
(3)
Takes an active role in assisting with the installation and deployment of hardware into
the production environment. AIF-220 assists AIF’s operational branches to perform assigned
functions by traveling to a location, installing, replacing, and in some cases configuring
hardware. They interact with AIF’s Client Planning & Design Branch, and AIF’s Client
Integration & Testing Branch, to ensure operability and successful deployments and installations
on client endpoints.
c. Pre-Production Environment Management Branch (AIF-230):
(1)
Builds, documents, and manages test environments to support the transition of
solutions into the IT production environment; and
IT 1100.171
07/02/18
7-5
(2)
Builds both Client and Isolated System test environments that simulate multiple
facets of the IT production environment including, but not limited to, applications, Group Policy
Objects (GPO), client images, and patching.
d. Client Integration & Testing Branch (AIF-240):
(1)
Collaborates with members of the Client Planning & Design Branch to test and
implement new hardware and software client technologies; and
(2)
Responsible for patching clients, managing all aspects of Group Policies and scripts,
implementing client baseline configurations, packaging applications that require changes to the
client, testing changes to clients, and managing the client portion of the Pre-Production
Environment.
6.
Operations Services Division (AIF-300). Responsible for the health of the overall
operational environment. They manage the effective execution of IT operations, and the delivery
of infrastructure services including directory and account management services, network
operations, data center services, and infrastructure applications.
a. The Directory Services Branch (AIF-310):
(1)
Administers and monitors the Mission Support authentication systems and services.
Troubleshoots and resolves associated service degradations and outages;
(2)
Makes updates to directory services based on applications, patches and security
needs;
(3)
Provides escalated IP address management, name resolution and group policy
technical support;
(4)
Creates and manages trusts and administers the Active Directory Private Key
Infrastructure for the Mission Support environment to allow for resource access and Personal
Identity Verifications (PIV) or Common Access card; and
(5)
Works closely with Security Operation Center (SOC) to assist with and provide
information for security incidents
(a) Account Management Section (AIF-311): As part of the Directory Services
Branch, this branch:
i.
Authenticates and organizes user accounts and services on the FAA network;
ii.
Oversees the effective delivery of directory and account management services,
designates and enforces access rights across the network, tracks and updates individual and
group directory accounts, establishes policies and standards for individual and group objects, and
makes updates to directory services based on patches and security needs; and
IIT 1100.171
07/02/18
7-6
iii.
Creates test accounts, creates groups, runs Lightweight Directory Access
Protocol queries, and helps integrate PIV in the FAA environment.
b. Network Services Branch (AIF-320):
(1)
Enables the successful operation of the FAA’s network systems and services
including LANs, WANs and Trusted Internet Connections (TICs). AIF-320 administers,
configures, manages, and troubleshoots the infrastructure that protects the FAA’s network,
including firewalls, switches and routers, Network Access Control (NAC), wireless, Bluecoat,
BlueCat, IronPort, and BlackHole; and
(2)
Maintains availability of network services and work closely with the Network & Data
Center Planning & Design Branch to schedule and implement updates to all network services.
AIF-320 detects, diagnoses, troubleshoots, and resolves all network services outages and
performance issues as they are identified.
(a) Network Services B Section (AIF-321):
i. Enables the successful operation of the FAA’s network systems and services
including LANs, WANs, and TICs. AIF-321 administers, configures, manages, and
troubleshoots the infrastructure that protects the FAA’s network, including firewalls, switches
and routers, NAC, wireless, Bluecoat, BlueCat, IronPort, and BlackHole; and
ii. Maintains availability of network services and works closely with the
Network & Data Center Planning & Design Branch to schedule and implement updates to all
network services. AIF-321 detects, diagnoses, troubleshoots, and resolves all network services
outages and performance issues as they are identified.
c. Data Center Services Branch (AIF-330):
(1)
Manages the provisioning of hosting solutions for AIT’s customers at the FAA’s data
centers, located in FAA Headquarters, the William J. Hughes Technical Center, and the Mike
Monroney Aeronautical Center, as well as FAA Cloud Services. AIF-330 supports hosting file
share resources for FAA field shares; and
(2)
Responsible for managing AIT’s operating systems, servers, virtual infrastructure,
storage and backup solutions, and the F5 environment for load balancing application servers.
AIF-330 provides environmental (space, power, cooling) hosting within the data centers,
provisions the infrastructure to support web hosting, and configures the operating system
environment for system disaster recovery solutions. AIF-330 provides engineering support
services to system owners to develop high efficiency, resilient hardware solutions.
d. Infrastructure Applications Branch (AIF-340):
(1)
Responsible for the operation and management of enterprise FAA business services,
including but not limited to: Mobile Device Management (MDM) services, Video Tele-
IT 1100.171
07/02/18
7-7
Conferencing services, Endpoint Protection services, and Messaging operations services;
(2)
Responsible for the system administration and operation of the MDM system, which
enables easy and secure access to FAA network resources for approximately 5,000 government-
furnished mobile devices and implements configuration settings to ensure the security of
managed devices when connected to the FAA network;
(3)
Provides second and third-tier level support for the FAA’s roombased video
conferencing systems, and software licenses for the mobile and desktop video conferencing
application. AIF-340 provides consulting support on audio visual projects across the agency,
from single room implementations through multipurpose conference centers with flexible space
considerations; and
(4)
Responsible for the system administration and operation of the agency’s anti-virus
and full disk encryption McAfee application suite, which provides protection to FAA’s non-NAS
network systems. AIF-340 implements configuration settings to ensure the security and
protection of these systems.
(a) Messaging Operations Services Section (AIF-341):
i. Responsible for the system administration and operation of the FAA’s
Microsoft Office cloud messaging service;
ii.
Supports accounts that provide email, instant messaging, and e-archiving
services;
iii. Provides support services including e-discovery, integration with external
business applications, and set-up of enterprisewide broadcast announcements; and
iv. Maintains an instance of the legacy Lotus Notes application to support e
discovery requests.
7.
Organizational Chart. The organization chart is available on the MyFAA employee
website: https://my.faa.gov/content/dam/myfaa/org/staffoffices/afn/information/AIT-
Organization- Chart.pdf.
IT 1100.171
07/02/18
8-1
Chapter 8. Information Security and Privacy Services (AIS)
1.
Director of Information Security and Privacy Service (AIS-001).
a.
Roles and responsibilities:
(1)
Has authority to make changes in AIS structure, authority or responsibility to adjust
roles and responsibilities to fit its business needs at the directorate level and below, authority to
enforce changes in FAA IT policy and procedures as directed by the CIO. All other authorities,
roles, and responsibilities as documented in the current edition of FAA Order 1370.121, FAA
Information Security and Privacy Program & Policy;
(2)
Performs the operational day-to-day activities intended to mitigate information
security and privacy risks at the technical level;
(3)
Develops and delivers IT security policy, architecture, standards, best practices, and
privacy management for the FAA; and
(4)
Ensures the security of the IT environment is compliant with FAA, DOT and federal
requirements; and
b.
Mission: The Information Security & Privacy Service (IS&P) fortifies the security of the
FAA’s network and infrastructure, including the three domains (Mission Support, NAS, and
Research & Development (R&D)). To safeguard the agency and its personnel, IS&P manages
accountabilities in the three domains, develops IT security policies, ensures compliance with
FAA security policies and security/privacy controls, maintains Continuity of Operations (COOP)
plans, supports the FAA’s Architecture, provides tooling resources, supports cyber exercises, and
through the SOC, provides 24x7 monitoring and technical support to detect security threats and
attacks against the agency.
c.
Major Functions:
(1)
Performs the role of the Chief Information Security Officer (CISO);
(2)
Responsible for developing, issuing, updating, and carrying out the FAA Enterprise
Information Systems Security and Privacy Program; and
(3)
Advises the Risk Executive of risk acceptance disagreements between the CISO and
Authorizing Official.
d.
Functional Organization: Information Security and Privacy Services.
e.
Delegations: The Information Security and Privacy Service Deputy Director.
f.
Line of Succession: The Information Security and Privacy Service Deputy Director.
IT 1100.171
8-2
07/02/18
AIT-1 will determine line of succession if AIS -1 or AIS-2 cannot fulfill their duties.
2.
Chief Privacy Office (AIS-010):
a.
Provides expertise and oversight for privacy requirements across the FAA. AIS-10
implements accountability and continuous improvement of FAA privacy processes and
programs, reviews and approves privacy compliance documentation, including Privacy
Threshold Analysis (PTAs), Privacy Impact Analysis (PIA), and privacy assessments, and
provides updates to System of Record Notices (SORNs);
b.
Manages the Identity Monitoring Code issuance process, responds to FAA privacy
incidents, and oversees the handling of privacy requests, appeals, and complaints. AIS-10
supports teams within IS&P who are performing privacy risk assessments, PTAs, privacy
awareness training, writing policy, Privacy Impact Assessment (PIAs), privacy audits and
privacy audit tracking;
c.
Provides guidance for the protection of Personally Identifiable Information (PII) and
privacy records. AIS-10 works with stakeholders throughout AIT, FAA and DOT to ensure
privacy requirements are met, and provides guidance for contact language involving privacy
data; and
d.
Works closely with the SOC on information security incidents involving privacy data,
and works closely with AOC during privacy incidents that generate media interest.
3.
Security & Privacy Risk Management Staff (AIS-020):
a.
Social Security Number Reduction Plan security/privacy projects. Manages the security
dashboard and reporting mechanisms that support communication of the current state of security
and privacy of the enterprise; and
b.
Provides enterprise Security Risk Management support, and leads the assessment,
determination, and correlation of quantitative and qualitative values of security risk related to an
identified situation and a recognized threat. AIS-20 establishes and communicates the security
and privacy risk tolerance of the enterprise in the form of policies, and performs periodic security
and privacy risk assessments for the enterprise to ensure risk mitigations are in place and
tolerance is being met. Works with security architects to develop and implement solutions that
meet the risk tolerance while achieving business goals.
4.
Security Governance Division (AIS-100).
a.
Serves as the authority for ensuring effective IT Security governance throughout IS&P.
AIS-100 specifies the accountability framework, and ensures that security strategies are aligned
with business objectives, adhere to policies and internal controls, and are consistent with
applicable laws and regulations; and
b.
Oversees the IT Shared Services IS&P Information System Security governance and acts
IT 1100.171
07/02/18
8-3
as the managing conduit for interaction with the consumers of the IS&P IT Shared Services.
(1)
Policy, Training & Customer Liaison Branch (AIS-110):
(a) Develops and updates FAA IT Security policies to ensure security and privacy
requirements are addressed, interprets policy and other regulatory requirements related to
cybersecurity, and assists with developing standard operating procedures and policy positions for
the agency;
(b) Oversees the FAA’s annual Security and Privacy Awareness Training,
Information Security System (ISS) key personnel role based training, and other information
security and privacy training as needed. Maintains Key ISS personnel listing;
(c) Serves as customer liaisons (Information System Security Officers/Privacy
Managers) to the Agency’s LOBs and SOs and facilitate services, information flow, and
remediation activities; and
i.
Establishes and supports the AIT Intake processes for IS&P established by
BPS which serves as the front door into IT services; and
ii.
Acts as a facilitator by connecting customers with appropriate security subject
matter experts within IS&P.
(d) Processes cybersecurity, information security and privacy deviations and waivers
to IT Security and Privacy policies.
(2)
Security Architecture & Resilience Branch (AIS-120):
(a) Works with other Security Divisions, Staff Offices and Agency POCs to enable
Primary Mission Essential Functions and Essential Supporting Activities continue to be
performed during a wide range of emergencies, including localized acts of nature, accidents, and
technological or attack-related emergencies;
(b) Develops and maintains AIT’s COOP plans, supports and ensures development of
the FAA’s Security Architecture;
(c) Ensures that the information security requirements necessary to protect the
organizational mission/business functions are adequately documented in all aspects of enterprise
architecture including reference models, segment and solution architectures processes; and
(d) Collaborates with the Solution Delivery Service, who is the primary lead for the
Enterprise Architect.
5.
Security Compliance Division (AIS-200). Responsible for assessing information system
compliance with federal, DOT, and FAA policies, standards, and controls. Monitors/tracks
security vulnerabilities, coordinates vulnerability scans, monitors/tracks security incidents, DR
IT 1100.171
07/02/18
8-4
exercises, Information System Contingency Plan (ISCP) and ISCP testing to include Business
Impact Assessments. Additionally, this branch is responsible for Audit and Reporting on data
calls from Office of Inspector General and General Accounting (GAO), Federal Information
Security Management (FISMA), Capital Assessment Project goals, Section M contract reviews
and privacy compliance act reviews.
a.
Vulnerability Management Branch (AIS-210):
(1) Provides services related to monitoring and tracking vulnerabilities within the FAA’s
FISMA reportable systems. AIS-210 ensures Plan of Action & Milestones (POA&Ms) are
entered into the Cyber Security Assessment and Management (CSAM) system. In addition,
monitors and tracks the POA&Ms, provides support to stakeholders on remediation/mitigations,
the quarterly review of open POA&M’s with System Owners and processes and coordinates
MOAs/Memorandum of Understanding (MOUs), coordinates vulnerability scanning,
monitors/tracks security incidents, monitoring and tracking binding operational directives and
responds to audits related to POA&Ms;
(2) Manages vulnerability mitigation and remediation as identified by the FAA’s Data
Loss Prevention (DLP) service security assessments, vulnerability scans and incident events;
(3) Manages vulnerability mitigation and remediation of all Department of Homeland
Security (DHS) Cyber Hygiene scanning vulnerabilities; and
(4) Provides coordination on the scheduling and remediation of vulnerabilities as
identified by operating system, web application, database, and dynamic and static code scanning
for all FISMA reportable systems in accordance with DOT Cybersecurity Compendium
requirements.
b.
Continuity Management Branch (AIS-220):
(1) Provides business continuity management support to ensure that the agency has an
integrated, overlapping COOP capability, so that should disaster strike, the agency can carry out
essential functions;
(2) Responsible for all security and privacy aspects of the Continuity Management and
Disaster Recovery (DR) services in coordination with AIT’s, APS’s, AIF’s, ADE’s, and AIS’s
Security Governance division; and
(3) Provides technical SME and advisory support to stakeholders to develop, maintain,
and implement the ISCP and DR strategies and solutions, including risk assessments, Business
Impact Analysis, strategy selection, and documentation of recovery procedures. AIS-220
supports regular mock-disaster exercises to test existing plans and strategies. Upon activation of
the ISCP, AIS-220 provides incident response support by creating and maintaining the incident
log, coordinating communications, and providing recovery support and coordination of the
incident review activities.
IT 1100.171
07/02/18
8-5
c.
Security Assessment Branch (AIS-230):
(1) Responsible for scheduling, conducting, and tracking security assessments. AIS-230
reviews completed security assessments and processes for authorization signature. They provide
guidance on National Institute of Standards and Technology (NIST) Standards and Publications
that relate to the Security Authorization Process and authors the Agency Authorization
Handbook;
(2) Develops, reviews, updates PTA, PIA, and System Disposal Assessments (SDA) to
ensure systems are appropriately assessed to identify privacy risk, and determine whether
additional privacy compliance activities are necessary. Submits PTA/PIA/SDA to the DOT and
tracks adjudication status. Provides guidance to System Owners on PTA/PIA/SDA development
and resolves any documentation issues. Coordinates with Records Manager and General Council
on PTA/PIA and resolves any documentation issues; and
(3) Maintains the Agency’s FISMA-reportable IT inventory and required system data in
the DOT FISMA Reporting System of Record, CSAM. Provides CSAM account approval and
tracking for the Agency.
d.
Audit & Reporting Branch (AIS-240):
(1) Provides audit and data call Agency liaison coordination services for a variety of
audits, including Financial Statement audits, FISMA audits, Office of Inspector General audits,
Government Accountability Office audits, and the Cybersecurity Act of 2015 also known as
Cybersecurity Information Sharing Act. This requires aggregating stakeholder feedback for
audits and data calls and then responding to the auditor. AIS-240 provides audit liaison support
for external audits with a sensitive awareness of applicable requirements and regulations directed
by DOT, OMB, DHS, Office of Personnel Management (OPM), and NIST;
(2) Conducts Section M Contract Reviews, to ensure that FAA contractor systems that
handles PII have the appropriate AMS clauses related to privacy incorporated into the contract;
and
(3) Conducts regulatory Privacy Compliance Reviews, maintains responsibility for
ensuring reporting integrity, makes recommendations on findings, and collaborates with
stakeholders in making adjustments to policies, priorities, structure, or procedures to make
operations as efficient, economical, and effective as possible.
6.
Security Operations Division (AIS-300). Responsible for the day-to-day activities to
mitigate security and privacy risks at the technical level. The division provides tooling resources
and security services, delivers performance metrics, and supports internal and external cyber
exercises. The division also hosts the FAA’s SOC which provides 24x7 monitoring and technical
support to detect security threats and attacks against the FAA.
IT 1100.171
07/02/18
8-6
a.
Cybersecurity Operations Support Branch (AIS-310):
(1)
Provides the authoritative direction, support services, and coordination for security
architecture and engineering compliance across the FAA’s Mission Support, NAS, and R&D
domains. This branch maintains documentation and ensures the tools that are needed to detect
adversary attacks are current and available for use by the SOC and partners in the NAS and R&D
domains.
b.
Cybersecurity Services Branch (AIS-320):
(1)
Provides tactical execution of cybersecurity services by scanning for and evaluating
vulnerabilities and risks. This branch performs vulnerability assessment scan on the operating
system, web application, database and application code scans, conducts and facilitates
penetration testing, and provides patch management support for systems in all three FAA’s
domains (Mission Support, NAS, and R&D). Ensures scanning inputs and outputs are complete
and concise, shares results with the Vulnerability Management Branch or other requestors, and
provides information as needed to respond to data calls; and
(2)
Delivers continuous monitoring by providing technical solutions supporting the
Agency’s CDM program.
c.
Cybersecurity Metrics & Exercises Branch (AIS-330):
(1)
Provides metrics to evaluate the agency’s overall cybersecurity performance. They
also provide metrics for specific goals related to the detection, disruption, and denial of cyber-
attacks, and the detection, response, and remediation of threats and vulnerabilities; and
(2)
Executes internal cyber exercises to test the agency’s incident response capabilities,
and participates in external cyber exercises.
d.
Security Operation Center (SOC) Branch (AIS-340):
(1)
Provides the services needed to detect, analyze, respond to, report on, and ultimately
prevent cybersecurity incidents;
(2)
Provides incident response, advanced persistent threat analysis, intrusion detection,
and forensic analysis services for the FAA Enterprise; and
(3)
Consolidates cybersecurity functions by performing the day-to-day activities needed
to mitigate IS&P risks at the technical level.
7.
Organizational Chart. The organization chart is available on the MyFAA employee
website: https://my.faa.gov/content/dam/myfaa/org/staffoffices/afn/information/AIT-
Organization- Chart.pdf.
IT 1100.171
07/02/18
9-1
Chapter 9. Chief Data Office (ADO)
1.
Chief Data Office (ADO-1). Concentrates on the opportunities, threats, capabilities, and
gaps related to managing FAA information as a strategic asset and potentially a liability. The
office leverages data and information for decision-making, engages industry, manages
information for operational efficiency, and manages risk inherent in massive and fast changing
data resources through effective governance. The Director has authority to make changes in
structure, authority or responsibility to adjust roles and responsibilities to fit its business needs at
the directorate level and below, and authority to enforce changes in FAA IT policy and
procedures as directed by the CIO.
2.
Organizational Chart. The organization chart is available on the MyFAA employee
website: https://my.faa.gov/content/dam/myfaa/org/staffoffices/afn/information/AIT-
Organization- Chart.pdf.
IT 1100.171
07/02/18
10-1
Chapter 10. Administration
1.
Organizational Chart. The organization chart is available on the MyFAA employee
website: https://my.faa.gov/content/dam/myfaa/org/staffoffices/afn/information/AIT-
Organization- Chart.pdf.
2.
Distribution. This order is distributed to the division level in Washington headquarters,
regions and centers with distribution to each field office and facility.
IT 1100.XX
07/02/18
A-1
Appendix A. FAA Form 1320-19, Directive Feedback InformationForm
U.S. Department of
Transportation
Federal Aviation
Administration
Appendix A. FAA Form 1320-19, Directive Feedback Information
Please submit any written comment or recommendation for improving this directive, or suggest
new items or subjects to be added to it. Also, if you find an error, please tell us about it.
Subject: FAA Order IT 1100.XX – Office of Information and Technology (AIT) Organization (OPR:
ASP-110)
To: Directives Management Officer, ASP-1
(Please mark all appropriate line items.)
An error (procedural or typographical) has been noted in paragraph Click here to enter text.
on page Click here to enter text.
Recommend paragraph Click here to enter text. on page Click here to enter text. be
changed as follows:
(Attach separate sheet if necessary.)
Click here to enter text.
In a future change to this Order, please cover the following subject:
(Briefly describe what you want added.)
Click here to enter text.
Other comments:
Click here to enter text.
I would like to discuss the above. Please contact me.
Submitted by: Date:
FAA Form 1320-19 (10-98)