The Enterprise Services Center (ESC) and the Department of Transportation’s (DOT) Office of Budget and Performance B-30 have been collaborating over a year on designing and deploying an exciting new Robotic Process Automation (RPA). These inventive RPA capabilities have been highly sought after by the Federal Chief Financial Officer community. While there has been a lot of enthusiasm for the innovative potential that RPA brings to financial and information system communities, there has also been an ongoing focus to ensure the roll-out of such powerful technology was done carefully with cybersecurity in mind at every step.

Being one of the first movers in this area, ESC collaborated with DOT, FAA, and other agencies (through an RPA Federal Community of Practice group) on plans to address the new complex cybersecurity elements that are needed to make this project successful. All of these efforts had to be rolled into a holistic effort focused on documenting, assessing, and authorizing the security of the entire ESC RPA environment and capability as a program. This initiative required hours of evaluation of the proposed environment against the full body of National Institute of Standards and Technology (NIST) Special Publication 800-53, "Security and Privacy Controls for Federal Information Systems and Organizations." Once this evaluation was complete and documented, a third-party assessment organization conducted a thorough evaluation which included an overall risk-analysis of the environment, in conjunction with a list of items that should be addressed to strengthen the security posture of the system. This information was then passed onto the FAA Chief Information Security Officer (CISO) who then provided an additional analysis and a "go/no go" recommendation for the system to be authorized for use.

With a CISO package review approval in hand, the final authorization documentation was provided to an FAA executive for final approval for production use. In this case, the authority sits with Mike Monroney Aeronautical Center’s Director, Michelle Coppedge. Last week, with this final stroke of Ms. Coppedge’s pen, the RPA environment became officially approved for use. The lengthy chapter of careful design and development has been closed and ESC’s RPA capability is now officially open for business. The ESC Financial Services team, already having heavy involvement in preparing the system for authorization, established the business processes and appointed the appropriate personnel necessary to immediately execute rapid development and deployment of RPA automations. With the first few automations already staged to debut, the ESC and DOT’s Office of the Secretary (OST B-30) are already looking forward to seeing the time and cost savings that will be realized with this innovative, powerful capability.