Company: Engility, Chantilly, VA
Company Description: Engility is a pure-play government services contractor providing highly skilled personnel wherever, whenever they are needed in a cost-effective manner. Headquartered in Chantilly, Virginia, Engility is a leading provider of specialized technical consulting, program and business support services, engineering and technology lifecycle support, information technology modernization and sustainment.
Nomination Category: Products & Product Management Categories
Nomination Sub Category: New Product or Service of the Year - Financial Services

Nomination Title: Engility's Secure Payment System for the U.S. Treasury

1. Tell the story about this nominated product or service (up to 525 words). Describe its function, features, benefits, and performance to date:

In 2013, the Secure Payment System (SPS) marked its 10th anniversary.

Payment Management, within the Bureau of Fiscal Service of the U.S. Treasury, is the organization that most government entities trust for payment services. The Engility-developed SPS is like the lock to the checkbook for the U.S. Government, providing secure transmission of payment data and strongly auditable certification of payments. If you had an income tax refund deposited to your bank account this year, you can thank the SPS team for making sure it didn’t get hijacked by some cyber thug.

The SPS Team is responsible for the all phases of the Software Development Life Cycle with SPS. The online payment request and certification system processes over 1 billion transactions with a value of $2.5 trillion annually within a secure architecture that protects critically sensitive payment information and provides 24x7 support to more than 2,400 users in over 200 federal government organizations worldwide. Our team designed and developed this web-accessible system, which was uniquely architected to secure high-value and high-volume transactions, using CMMI level 3 assessed practices and procedures and adhering to the Bureau of Fiscal Service IT Service Management processes. Our team followed a disciplined software development and management process and an architectural-driven approach to develop and implement the SPS solution and enhance it in 2013.

Due to the high sensitivity of data transmitted through SPS, each interface design focuses on three areas: maintainability, extensibility, and reliability. To ensure application and data security, the system employs specific role-based capabilities, encryption, and Public Key Infrastructure (PKI) credentialing. The security and privacy of each SPS transaction was maintained with the architecture we developed—a claim that the National Institute of Standards and Technology (NIST) substantiated when it evaluated and validated the architecture.

By its nature, SPS demands fresh solutions to meet today’s challenges. Engility continues its innovative support today, delivering multiple secured systems interfaces across heterogeneous platforms, using a variety of secured messaging formats and technologies. Our strong security features manage authentication, authorization, privacy, non-repudiation, and auditability. We also leverage strong cryptography using the Treasury PKI, persistent digital signatures for approval workflows and data integrity, FIPS-140-2 cryptographic hardware tokens and hardware key stores, and NIST-approved cryptographic and digital certificate validation techniques.

In 2013, SPS was recompeted, and Engility was selected to continue supporting the system and the Bureau of Fiscal Service. Our new work introduces the following capabilities to the tool:

• Personal Identity Verification (PIV)—Driven by NIST FIPS-201 (PIV) and associated OMB guidance.

• New Crypto Algorithms—“Cryptopocalypse” is warned by some security experts, unless applications are able to be cryptographically nimble. For SPS, this will include expansion of its CryptoStrength features to incorporate:
o “Elliptic Curve” public key algorithms and associated “ECDSA” (Elliptic Curve Digital Signature Algorithm) signatures
o SHA3 message digest algorithm
o As-yet unannounced cryptographic algorithms to be endorsed by NIST
o Next Generation Data Architecture.

Billions of transactions and trillions of dollars later, SPS is still helping the Treasury to securely make federal payments over the web. Our team has assisted in this by maintaining innovation and introducing cutting-edge technologies to the SPS solution.

Upload a collection of supporting files and web addresses to our server to provide more background information to the judges. You may upload any number of attachments and URLs through the "Add Attachments, Videos, or Links to This Entry" link above. (Do NOT list your URLs below.)

2. Provide a brief (up to 125 words) biography about the leader(s) of the team that developed this nominated product or service:

Jay Etris, SPS project manager, has broad SPS domain knowledge, including an understanding of transformation strategy for moving to an integrated solutions approach, business processes tailored to meet SPS-specific needs, and applications development and infrastructure management experience in the SPS environment. He has experience in managing geographically dispersed custom development systems in a performance-based environment.

Jay has managed the 15-member SPS for 3 years. In that time he has ensured that his team and project have maintained requirements at 99.6% error free. Additionally, he developed and managed the Integrated Master Schedule; created, maintained, and updated project documents including project plans, policies, and procedure; and trained and cross-trained team members and all new hires since January 2010 with minimal turnover.