Office of Learning and Information Technology

University of Wisconsin CIO Council Teleconference

Madison, WI

April 19, 2007

SFS upgrade

Dwan Schuck reported that UWSA has secured the services of DoIT Security to look at SFS. The LAB is expressing greater interest in security concerns and SFS wants to be pro-active. IAA SFS will be rolled out in the near future. A few large projects need IAA SFS in place before they can be implemented.The IAA SFS was not implemented with the SFS 8.8 upgrade. Given how IAA works, password security will be contingent upon the controls that are in place at the UWS institutions.

Paul Moriarty distributed a summary of UWS institutional compliance with the password security minimums that were previously adopted by the CIOs for participation in IAA. Seven of the UWS institutions meet or exceed the requirements and the remainder are well on the way to being compliant.

Dwan Schuck explained that WISDM is already using IAA with password security in its current form, but SFS is the UWS book-of-record and SFS has additional features like check writing capabilities. Jack Duwe recalled that the first rollout of IAA was for Learn@UWM, which has additional, internal role-based security, as does SFS.

At Dwan Schuck's request, Jim Lowe previously emailed a work-in-progress document regarding institutional credential stores. It looks at overall password issues. It is also concerned with identity proofing, the distribution of credentials, and security for institutional credential stores. He is looking for a repeatable processes based upon InCommon NIST standards. The next steps include:

  • An assessment period during May 1 - 15 during which institutions complete questionnaires that document their security practices, credential stores and known risks
  • The distribution of a systemwide report at the end of May with subsequent time for the institutions to respond to the recommendations with either remediations or explanations
  • By mid-August, password security measures will be in place at all of the UWS institutions using the previously agreed upon requirements
  • Another assessment will be conducted in December prior to the SFS go live prior in January 2008.

IAA SFS is about to be used in a test environment, which includes restricted data, so the goal is to bring every institution up to full compliance as soon as possible. Jim Lowe's Levels of Authentication (LOA) spreadsheet covers the 4 levels of the NIST 800-63 standard and the UWS proposal for meeting those standards. Credential stores will be at level 1 or level 2. If higher levels of assurance are needed in particular cases, e.g., the system engineers at the UW–Madison campus, there may be a need for an additional hardware token or other mechanism.

There was consensus on the part of the Council that they would like to review the initial survey for a week before it is officially distributed.

Microsoft update

Regarding the class action lawsuit, Lori Voss reported that DoIT product management licensing group has been looking at purchases of computers from OEMs. There are also data regarding the purchases of licenses via the enterprise agreement. Thus far, Brian Kishter of DoIT has only received feedback from about half of the UWS institutions regarding additional computers to include in the settlement. Now is the time for the UWS institutions to submit their reports. A summary spreadsheet for the UWS will be completed next week. Kolleen Apelgren reported that Chris Ashley will write the cover letter for the claim submission, which is officially due June 30th.

The UWS institutions are currently being surveyed by Chip Eckardt regarding possible changes in the licensing agreement. Kolleen Apelgren explained that the most significant changes will be in regard to taking advantage of the advanced features of Exchange and Sharepoint. Microsoft has offered to come to licensing sessions the week of May 14th and explain the changes.

Microsoft license payments from the campuses for the 2006-07 fiscal year will be collected shortly.

Common Systems Roadmap and Budget Discussion

There was a Common Systems Review Group retreat in mid-March at which the budget was approved. A set of roadmap graphics were distributed that summarize the discussions. In the 2011-12 timeframe, there will be re-evaluations of the directions of several of the systems.

Bruce Maas reported that there was a discussion at the retreat regarding the need for consistent talking points across the UWS institutions regarding such items as system costs. Jack Duwe suggested that the roadmap needs additional explanation, especially with the new HR system, supply chain management system and middleware upgrades on the horizon. The diagram of overlapping circles could be paired with a page that gives additional context.

The need for provost and CBO involvement at meetings was stressed. Jack Duwe suggested that if a provost can't attend, he/she recruit a provost from another campus, not a substitute from their own campus, which typically falls to the CIO. Otherwise, the meetings can have an overabundance of CIOs.

CIO Feedback on the Academic Affairs Planning Exercise Questions

Rebecca Martin is conducting a planning exercise to set the groundwork for the hiring of a new senior vice president. Four questions are being addressed to stakeholders:

  1. What are your expectations of the role(s) of the Office of Academic Affairs?
  2. How does/can the work of the Office of Academic Affairs add value to your work?
  3. What can we do differently to better meet your needs?
  4. What are your expectations of your institution’s role in the work of the Office of Academic Affairs

Most of the interaction between Academic Affairs and the CIOs occurs through Ed Meachen and the OLIT office. From a institutional perspective, visions are generated at the campus level, not at UWSA. The UWS institutions look for support of their local visions from UWSA and Academic Affairs in particular. It would be useful for UWSA to help foster alignment between UWS and campus plans. The issue was raised of whether UWS is a federation or a system. The answer determines which level supports the other.

Bruce Maas suggested that IT not have a strategic plan per se, but rather respond to the strategic plans of the institution. A new senior vice president could assist the provosts in understanding the need for technology.

Next meeting

The next CIO Council meeting will be May 17, 2007. The agenda will include Erik Phelps, who is a partner at Michael Best & Friedrich LLP, discussing e-discovery and Oskar Anderson of the Wisconsin Division of Electronic Technology. Meeting dates, the directory of UWS CIOs and meeting summaries are available at: http://www.uwsa.edu/olit/cio/