PCCD CONCEPT PAPER AND GRANT
APPLICATION TECHNOLOGY CONDITIONS
Compliance with State and Federal Information
Technology Grant Conditions:
PCCD is required to include mandated
subgrant conditions for Information Technology (IT) Grants. These conditions are required in order to
ensure that technology projects funded by PCCD are compatible with state and
federal IT standards and requirements.
State Technology Condition Information:
All IT components (hardware, software
and/or firmware) funded through this award must be compliant with applicable
Commonwealth IT Standards (as referenced in Pennsylvania Office of
Administration’s Information Technology Policies (ITPs) that have been
promulgated at the time of this award.
In addition, if technology is being
implemented as part of a larger IT project, these components must also comply
with all Office of Administration (OA) standards that have been promulgated at
the time the hardware/software specifications of the detailed system design are
approved by the (OA/OIT) project manager.
A listing of the Commonwealth IT Standards
is found at:
In addition, all grantees must review these
standards quarterly during the project funding cycle, as well as at major
project milestones through design, finalization and procurement.
Deviation from Commonwealth IT standards will require final approval from
program staff within PCCD, who will coordinate this review process with OA/OIT.
Federal Technology Condition Information:
The Global Standards Council (GSC)
was created to support the work of DOJ's Global working groups and related
bodies by coordinating the establishment of a common, consistent, and
standards-based approach to implementing justice information sharing solutions.
To further this goal, the GSC developed the Global Standards Package (GSP) which describes a full information sharing technology
standards implementation suite that addresses data standardization, messaging
architecture, security, and privacy requirements. In order to promote
consistency and interoperability of systems across the justice and public
safety community, OJP requires grantee compliance to the GSP and all components
thereof. In addition to offering a common mechanism to share information across
agencies, the GSP also promotes the use of open, consensus-based standards to
avoid proprietary or restrictive approaches to system integration and interface
development. This approach enables adopters to fully realize the cost savings
and operational efficiencies that have been demonstrated by those who have
already implemented elements of the GSP.
Compliance to the GSP requires
conformance to all components of the GSP whenever applicable. If the grantee is
planning to exchange information across agencies or systems using a common data
format, such format is required to be conformant to the National Information
Exchange Model (NIEM). If the grantee is planning to adopt a service-oriented
approach to sharing information, it must leverage the Global Reference
Architecture (GRA), and so on. The primary components of the GSP are as
follows:
·
National Information Exchange Model
(NIEM)
·
Global Reference Architecture (GRA)
·
Global Federated Identity and
Privilege Management (GFIPM)
In addition, certain GSP components enable
the development of national, or "reference," specifications that
further promote reuse for enhanced interoperability. Whenever applicable, these
reference specifications should be used as a foundation for implementation of
complementary business processes. If the grantee wishes to use an alternate
format for which a reference specification already exists, specific
justification must be included in the grant application narrative.
National Information Exchange Model
(NIEM)—the NIEM data model and tools are
supported by a robust governance process and program management office. NIEM
conformance is defined explicitly across a number of dimensions, including data
modeling, XML representation, exchange development, and implementation.
Detailed guidance on NIEM conformance for grantees can be found at https://www.niem.gov/getting-started. NIEM also maintains a repository of reusable exchange specifications
that can be found at https://www.it.ojp.gov/implementation/niem-iepd.
Global Reference Architecture (GRA)—the GRA provides both a reference architecture to speed
agency adoption of Service-Oriented Architecture (SOA)-based approaches to
information sharing, as well as a standard methodology for developing
particular service specifications that align with specific business functions.
Conformance to the GRA generally relies on adherence to the GRA Framework for
the former and to the GRA Service Specification Guidelines for the latter.
Detailed guidance on GRA implementation for grantees can be found at https://www.it.ojp.gov/initiatives/gra On the same page can be found a listing of reference
service specification packages (SSPs) that should be reused whenever applicable.
Global Federated Identity and
Privilege Management (GFIPM)—the
GFIPM specifications and guidelines are designed to support secure access to
various information systems based on commonly understood and applied protocols
for user access and attribute-based access control policies. Rather than
serving as a universal approach to securing justice information systems, GFIPM
should be used in particular cases where regional, multijurisdictional, or
cross-boundary information sharing is occurring and there is a need to create a
“federation” of participants who must agree on policy and technical solutions
to satisfy interoperability requirements. Conformance to GFIPM primarily relies
on use of the GFIPM Metadata standard and adherence to operational policies and
procedures. Detailed guidance on GFIPM implementation can be found at https://www.it.ojp.gov/initiatives/gfipm.
As stated above, compliance with the
GSP is dependent on the grantee conforming to each of the GSP’s normative
components above, whenever applicable. For instance, if the grantee is
supporting a project to integrate two reporting systems that already operate
within the same security environment and there are no new access control
provisions required, then conformance to the NIEM and GRA components of the GSP
will be sufficient to satisfy the requirement to comply with the GSP. In
general, OJP does not require formal certification of software, tools, etc., to
verify conformance. However, additional requirements may be imposed by
particular funding programs. In cases where software or services are being
procured from private sector partners, the grantee should follow procedures
such as those recommended by the IJIS Institute to ensure that procured
services are in fact conformant. See http://www.ijis.org/?page=Info_Share_Standards.
In addition to complying with the
GSP, grantees are also required to adequately address the protection of privacy
and civil liberties of those subjects whose data are being shared. OJP
requires that prior to implementation of an information exchange solution that
such exchange must be governed by an appropriate privacy policy that meets the
minimum standards as described by DOJ’s Global Privacy Guide. If the exchange
is covered under an existing or umbrella policy, then such policy should be
noted and communicated to the grant office prior to execution. For a
comprehensive set of resources to address privacy protection in information
sharing projects, please visit http://www.it.ojp.gov/privacy.
PCCD
will use the following checklist for determining when to apply this special
condition:
·
The
grant seeks to develop new justice or public safety information sharing.
·
The
proposed information exchange is between more than one justice organizations,
now or in the foreseeable future.
·
If
yes to both, the special conditions must be applied.
Concept papers and applications requesting
technology development, enhancements or acquisition will be jointly reviewed
with PCCD’s Information Technology Planning and Services Unit.