Free Response to Motion - District Court of Federal Claims - federal

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 1 of 32

Exhibit 22

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 2 of 32

Status Report to the Court Number Twenty-Two
For the Period April 1, 2005 through June 30, 2005

August 1, 2005

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 3 of 32

STATUS REPORT TO THE COURT NU~fBER TWENTY-TWO August 1, 2005 TABLE OF CONTENTS
I*

INTRODUCTION .............................................................................................................. SECRETARY GALE NORTON'S OBSERVATONS .................................................. INFORMATION TECHNOLOGY. ................................................................................ CADASTRAL SURVEY ................................................................................................ MINERALS MANAGEMENT SERVICE ...................................................................

3 4 6 15 18 19 29 32 34 34 37 37 40 43 45 47 49 49 52 52 57 57 59 61 63

II. A. B. C.

D. OFFICE OF HISTORICAL TRUST ACCOUNTING ............................................... III. OFFICE OF THE SPECIAL TRUSTEE FOR AMERICAN INDIANS ...................

A. TRUST REVIEW AND AUDIT .................................................................................... B. 1. C. 1. 2. 3. 4. 5. D. 1. E. 1. IV. A. B. C. OST-OFFICE OF THE CHIEF INFORMATION OFFICER ................................... RECORDS MANAGEMENT ..................................................................................... TRUST ACCOUNTABILITY ....................................................................................... TRUST BUSINESS PROCESS MODELING .......................................................... TRUST DATA QUALITY AND INTEGRITY ........................................................ INDIAN FIDUCIARY TRUST TRAINING PROGRAM ...................................... RISK MANAGEMENT ......... i .................................................................................... REGULATIONS, POLICIES AND PROCEDURES .............................................. FIELD OPERATONS ..................................................................................................... APPRAISAL ................................................................................................................. TRUST SERVICES ......................................................................................................... CURRENT ACCOUNTING ACTIVITIES ............................................................. BUREAU OF INDIAN AFFAIRS ................................................................................. TRUST REGULATIONS, POLICIES AND PROCEDURES ................................... FRACTIONATION ........................................................................................................ PROBATE .......................................................................................................................

ACRONYMS AND ABBREVIATIONS ....................................................................................

2

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 4 of 32

STATUS REPORT TO THE COURT NUMBER TWENTY-TWO August 1, 2005 A. Introduction This section describes the status of Interior IT systems, particularly the systems that house or provide access to IITD or provide various computing capabilities, including functions critical to the proper administration of the individual Indian trust responsibilities within Interior. In addition, this section describes various efforts being made to improve IITD security within Interior, pursuant to OMB Circular A-130 Appendix HI, and the status of Internet connectivity. Accomplishments and Completions Computer Security: Interior continues to make progress in ensuring IT security and, in particular, addressing the potential risks associated with unauthorized access to IITD from the Internet. A primary focus for this reporting period has been providing documentation responsive to the April 25, 2005, Court Order. Over 4.5 million pages of documentation have been collected and produced pursuant to this Order. Additional efforts were focused on responding to penetration test results from our contracted monitoring program through the Inspector General, preparing for the annual FISMA evaluation, completing site and facility compliance reviews, conducting annual IT security awareness training, and continuing to validate and improve the C&A packages completed previously. The most noteworthy accomplishments and completions during the reporting period are described below. Prevention and Monitoring Interior continued testing Internet-accessible systems against an operational security profile based on the SANS Top 20 vulnerability list. For the fifth consecutive reporting period, no hosts were found to have vulnerabilities listed in the SANS Top 20. The SANS Top 20 lists the ten most commonly exploited vulnerabilities in Windows, and the ten most commonly exploited vulnerabilities in Unix. Although there are thousands of security incidents each year affecting these operating systems, the overwhelming majority of successful attacks target one or more of these twenty services. These monthly scans assist bureaus and offices in prioritizing their IT security efforts so they can address the most dangerous network vulnerabilities first. Interior initiated more robust automated vulnerability scan testing of Internet-accessible systems to include more than the SANS Top 20 vulnerability listing. Potential vulnerabilities were detected and are being analyzed or have been mitigated. Results from these heightened scanning activities are expected to be reflected in future reports as Interior further refines the process. INFORMATION TECHNOLOGY Information Technology

6

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 5 of 32

STATUS REPORT TO THE COURT NUMBER TWENTY-TWO August 1, 2005 Information Technology

Potential incidents that were reported to DOI-CIRC during this reporting period, are as follows:

int~sio,

[

0

If_

0

[syst.e.m.M!seek ..................... [ ....................... ............................ 6!,547 ............................... 4 ...............................
Social Engineering 0 161 {[ IWeb Defacement 0 [ 0 ................................................................ 1 ............................................................................................................................................. f [Root Compromise 7 0 User Compromise 0 0 I ~

o ........................ 1Hoax ...................................................... 0 .............................. ;[ .................................
~c a~@robfls ......................... ![ ................ 30}{,5! 5,98.8 .................. ......................... 10 ...................................

,0 .......................... ............................ [ [!>ie~ackdoor ..................... [ ................................................... 0.
tOther (Incidents .N/A to . "~ 4 ..... %.3 .3D~O'O0 ' ab°ve cate go_nes) ................. ![ 9

rot,, ......................... .............33 ..................... 3s3,,68,s7 ................... .................... I .................
The types of incidents reported in the "Othe, r" category include any type of potential incident not included in the other areas. Examples of those incidents include: laptop theft, e-mail address spoofing and spare/fraudulent e-mail received. Of the 33 reported successful incidents occurring during this reporting period, none appear to have resulted in any known compromise of sensitive data. Successful ktcidents are those that could not be prevented or blocked by Interior at the time of their occurrence. In the previous reporting period, BLM received initial results from the contracted penetration testing. The IG's contractors reported successful penetration of BLM's external perimeter and Intranet servers. The contractor also noted the presence of up-to-date patches on servers, and external DNS servers were identified as being compliant with best security practices. Two [ITD servers responded to a ping test. However, the contractors did not report exploit of servers containing IITD. Attempts to exploit IITD would have met additional layers of security controls. These include password protection on the underlying databases, application-level security implemented via internally defined access control lists and implementation of strong passwords on BLM's Indian trust software application user accounts. After the contractor penetration testing, BLM took immediate action to further increase its IT security. BLM implemented the recommendations made in the IG penetration report and, as

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 6 of 32

STATUS REPORT TO THE COURT NUMBER TWENTY-TWO August 1, 2005 Information Technology

a result, has significantly strengthened BLM's overall IT security architecture. BLM first responded to the initial results by taking immediate steps to further protect IITD by disconnecting trust servers and workstations from the BLM network. There has been a longstanding issue in BLM concerning the need to segregate these servers into a virtual private network. These servers are not expected to be reconnected until the segmentation is completed. BLM implemented corrective actions for the technical vulnerabilities identified by the IG. These actions have improved the level of BLM's network security. BLM has also joined the Departmental WAN (ESN), which provides another layer of network security. BLM has slowly been restoring Internet services after thorough testing and verification of security improvements, and expects to continue to implement longer-term solutions that prevent and detect vulnerabilities. NBC received initial results from the contracted penetration testing initiated in the last reporting period. The IG's contractor that performed the NBC penetration testing was able to access some of the components of the NBC systems. During the testing, the IG contractor did not access any NBC-hosted IITD applications. These applications are isolated and protected; penetration into that portion did not occur. The IG's contractor did successfully penetrate a reporting database allowing viewing of confidential personnel information pertaining to Interior employees and employees in other agencies using Interior financial services. NBC has initiated an extensive remediation plan to address vulnerabilities identified in the penetration testing against NBC systems. Immediate action was taken to resolve or mitigate critical vulnerabitities. During this reporting period, 21 of 37 identified remediation tasks have been completed, and NBC continues to track progress of remaining tasks. As part of the remediation effort, NBC purchased additional tools to identify web application and database vulnerabilities. Using one of those tools, approximately 50 critical web applications have gone through an initial vulnerability scan and remediation effort, and are being rescanned. NBC has also begun initial database vulnerability scans and analysis. ¯ During this reporting period, the IG's contractor conducted extensive penetration testing against MMS systems, but was unable to access its systems or data. OST upgraded its intrusion detection sensors, which enhanced its network monitoring capability by allowing more of its network to be monitored. OHA completed the migration of its network operating systems to Interior's Active Directory, providing a single operating directory for control of user access to network resources.

¯

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 7 of 32

STATUS REPORT TO THE COURT NUMBER TWENTY-TWO ,August 1, 2005, , Policies and Guidance The Interior CIO issued OCIO Directive 2005-007, "'FY 2005 Plans of Action and Milestones (POA&M) Process Verification," to the heads of bureaus and offices on May 3, 2005. This directive establishes criteria for maintaining, improving and certifying the POA&M process. The Interior CIO issued a memorandum, "Enterprise Services Network (ESN) Connection Approval Process," to the bureau and office chief information officers on May 24, 2005. This memorandum establishes a connection approval process for creating a single WAN by joining bureau WAINs. BLM was the first bureau to complete the process and join the Department's WAN (ESN). Training and Awareness ¯ Interior completed annual IT security awareness training for over 92% of Interior staff as of the end of this reporting period. Interior entered into an agreement with OPM to provide online training as a means to deliver role-based IT security training for bureaus and offices subscribing to this service. The quarterly MMS Information Security Awareness Newsletter, Spring 2005, was distributed to employees and contractors to keep users abreast of IT security issues. Information Technology

¯

¯

Plans of Action and Milestones: Interior tracked 1,659 POA&M recorded weaknesses, of which 521 weaknesses were identified this quarter and 1,138 weaknesses were carried over from the second quarter. Interior remediated and closed out 453 weaknesses this quarter. Interior is currently tracking 1,206 open weaknesses. A-130 Certification and Accreditation: During this reporting period, 42 non-trust and 2 trust C&A packages were independently reviewed by a contractor. In addition, C&A packages that had not met minimum compliance review scores on initial reviews continue to be improved. IT Systems Architecture: Interior's enterprise architecture program was rated the highest among 25 federal agencies assessed by OMB. DOI's EA program received a 4.06 rating, with the average rating among federal agencies being a 3.19. This rating signifies the architecture is being operationalized across Interior and is providing performance impact to business operations. This is consistent with Interior's previously-reported self-assessment. Interior's top-rated IT architecture program greatly adds to Interior's position that we are adequately securing our IT systems and data. 9

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 8 of 32

STATUS REPORT TO THE COURT NUMBER TWENTY-TWO August 1, 2005 Information Technology

The "'Department of the Interior Transition Plan" was developed, reviewed and submitted to OMB for assessment. This document provides a structured approach for closing the gap between Interior's current or "as-is" architecture and its conceptual target architecture. This approach is supported by a structured methodology and supporting tools (e.g., DEAR), which are used to improve Interior's mission performance. Approximately 63% of Interior's systems inventory contained in DEAR has been mapped to the BRM. During this reporting period, Interior launched a Department-wide effort for mapping its systems inventory contained in DEAR to the DRM. The DRM contains high-level categories of data managed by DOI (e.g., recreation, financial, etc.). This information is useful in determining potential authoritative data sources in Interior' s system portfolio. At the time of this report, approximately 68% of the systems contained in DEAR have been mapped to the DRM. As noted in the last Status Report to the Court, Interior continues to validate Phase 3B populated data and make appropriate updates and corrections as needed. DOI Land and Resource Management System (DLRM) As previously reported, the DLRM system is expected to provide a long-term solution for the legacy functionality of the CGI leasing software module, formerly a part of the TAAMS project. The FRD for DLRM was approved, which is expected to enable the DLRM to replace certain legacy systems and interface with other systems as required. The acquisition phase of the project began with the assignment of a contracting officer and the solicitation is expected to be published in August 2005. The UAT for Version 2.0 of the realty (leasing) portion of TAAMS was conducted through April 1, 2005. The tests covered range, forestry, surface, minerals, rights-of-way, and leasing reports. The tests were successful for all of the areas, and it was determined that the reports are suitable for use but may need more modification. Use of TAA S as an interim solution for leasing was approved by the TESC. The TAAMS pilot went "live" at the Anadarko and Concho agencies on June 30, 2005. ESN ¯ ¯ The ESN was certified and accredited on April 15, 2005. Five ESN Internet gateways were installed. These gateways are expected to provide consolidated Interact service to the Department with additional layers of perimeter security. On June 28, 2005, BLM became the first bureau to be connected to the ESN.

¯

ZANTAZ ¯ As noted in the previous reporting period, OSM had discovered an additional transmission problem in March. This was determined to be a problem involving a Dynamic Linking 10

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 9 of 32

STATUS REPORT TO THE COURT NUMBER TWENTY-TWO August 1, 2005 Information Technology

Library file installed on 53 workstations. The problem lasted from March 7 through March 23. Affected messages were retransmitted to ZANTAZ on April 5 and 6. From April 5 through April 10, there was a disruption in OSM's VPN to ZANTAZ, which delayed transmission of messages to ZANTAZ. OSM experienced similar problems for the periods of May 14 through May 19 and from May 30 through June 2, again delaying the transmission of messages to ZANTAZ. During this reporting period, OSM migrated from GroupWise to Outlook in order to resolve these transmission problems. As noted in the previous reporting period, NBC's e-mail messages likely did not travel to the ZANTAZ Digital Safe on February 15-17, 2005. NBC sent three back-up tapes containing email messages captured during that time period to ZANTAZ. The NBC tapes have been processed and messages successfully restored. ¯ As reported in open court on June 30, 2005, NBC discovered on June 21, 2005, that some of its e-mail servers were not transmitting all e-mail messages to the ZANTAZ Digital Safe. NBC expects to correct the issue during the next reporting period. Other bureaus and offices that transmit e-mail messages to the Digital Safe are being tested for similar issues. As reported in open court on July 17, 2005, so fhr, only SOL and BIA report similar problems. Though these systems do not house or access IITD, NBC wishes the Court to be aware of two matters involving its Boise and Reston offices: (1) Prior to March 1, 2005, Boise did not retain backup tapes indefinitely; (2) Prior to October 30, 2004, Reston did not retain backup ¯ tapes indefinitely. On May 13 and 17, 2005, due to a BLM server outage, BLM was unable to send e-mail messages to the ZANTAZ Digital Safe. In both cases, after BLM resolved the issue, messages queued during these incidents went to ZANTAZ. A-130 Certification and Accreditation: Ninety-seven percent of Interior systems have full authority to operate (ATO) status. C&A reviews conducted by a qualified third party have been completed for 67% of the C&A packages as of the end of this reporting period. 67% of these packages received passing scores. ,, 43 systems were identified as responsive to the current evidentiary hearing. Of these, 34 have received passing scores and nine are pending initial or second review. Reports: These reports may be of interest to the Court. ,, GAO issued "Internet Protocol Version 6: Federal Agencies Need to Plan for Transition and Manage Security Risks" (GAO 05-471) and "Internet Protocol Version 6: Federal Agencies

11

7

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 10 of 32

STATUS REPORT TO THE COURT NUMBER TWENTY-TWO August 1, 2005 Information Technology

Need to Plan for Transition and Manage Security Risks" (GAO-05-845T). These reports cover issues regarding emerging technology issues government-wide. GAO issued "'Information Security: Federal Agencies Need to Improve Controls over Wireless Networks" (GAO-05-383). This report assesses the status of wireless networks generally. GAO issued "'Information Security: Emerging Cybersecurity Issues Threaten Federal Information Systems" (GAO-05-231). This report assesses the challenges from new IT security threats government-wide. GAO issued "information Security: Improving Oversight of Access to Federal Systems and Data by Contractors Can Reduce Risk" (GAO-05-362). This report assesses risks and responses to contractor access to IT systems and data government-wide. GAO issued "information Security: Continued Efforts Needed to Sustain Progress in Implementing Statutory Requirements" (GAO-05-483T). This report addresses implementation of FISMA government-wide. The President's Information Technology Advisory Committee issued a Report to the President, February 2005, "Cyber-Security: A Crisis of Prioritization." This report concludes a year-long study of the security of IT infrastructure of the U.S., with particular attention to intentional attacks, considering tihe potential impacts to national and homeland security, as well as everyday life of all American citizens. This report provides suggestions to improve the Nation's cyber-security. Delays and Obstacles As can be seen from the many GAO reports noted above, there are many challenges that must be addressed regarding the integration, performance, funding, security, and data integrity of IT systems generally. Like other federal agencies, Interior must address these challenges for its IT systems. Interior initiated or completed steps to address some of the challenges reported in this and previous reporting periods. However, delays and obstacles listed here impede progress in achieving Interior's IT management goals: Litigation Collection and production of documents and court appearances have placed significant strain on available staff and contractor resources throughout most of this reporting period, resulting in substantial delays in accomplishing planned and required work. The extent of the effort required for this document production resulted in significant backlogs and rescheduling that will hamper Interior's efforts for months to come. Production of documents has exceeded 4.5 million pages. Examples of impacted actions include:

12

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 11 of 32

STATUS REPORT TO THE COURT NUMBER TWENTY-TWO August 1, 2005 Information Technology

o FISMA compliance actions o Interior's financial audit o OMB and Congressional reporting requirements o Migration to a single e-mail messaging system o Migration to a single Active Directory system o Complying with HSPD-12 for implementing E-Authentication in Interior o Delay in moving Interior bureaus and offices to a single "NAN Employee fears about becoming personally implicated in the Cobell litigation have been heightened as individuals from varying levels in Interior have been required to testify at the evidentiary hearing. These fears continue to undermine communication and decisionmaking, and along with bum-out from demands for volumes of document production, are contributing factors to low employee morale. Funding Considerable expense was incurred as a result of collecting and producing over 4.5 million pages of material for the litigation. This expense diminished the funding available for security improvement and program evaluation. Funding availability will continue to dictate the timing of IT-related initiatives. Interior's FY2005 and FY2006 budgets will require managing a variety of IT-related requirements and tradeoffs. Staffing Interior is experiencing high staff and management turnover in critical IT positions, particularly IT security. Resulting impacts to communication, efficiency, and oversight are impeding IT security service area functions. Denied Internet Access Several Interior bureaus and offices (BIA, OHA, OST and SOL) have not been permitted by the Court to have Intemet access since December 5, 2001. Lack of Internet access impedes work processes and the ability to communicate effectively, both internally and externally. Maintaining security on internal systems is more difficult without access to the Internet for research, reporting, and patch management. Similarly, promulgation of policy and training is substantially hampered by the lack of interconnectivity and Internet access.

13

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 12 of 32

STATUS REPORT TO THE COURT NUMBER TWENTY-TWO August 1, 2005 Information Technology

Assurance Statement I concur with the content of the information contained in the Information Technology section of the Status Report to the Court Number Twenty-Two. The information provided in this section is accurate to the best of my knowledge. Date: August 1, 2005 ¯ Name: Signature on File W. Hord Tipton Interior Chief Information Officer

14

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 13 of 32

STATUS REPOR T TO THE CO UR T NUMBER TWENTY-TWO August 1, 2005 B. Records Management OST-OFFICE OF THE CHIEF INFORMATION OFFICER 1. Introduction The Office of Trust Records was established in 1999 to develop and implement a program for the economical and efficient management of trust records, consistent with the 1994 Act, the Federal Records Act and other statutes and implementing regulations. The OTR records management program has been developed and implemented, and continues to evolve, to ensure that necessary Indian records are maintained, records retention schedules are consistent with retention needs, and records are safeguarded throughout their life-cycles. Accomplishments and Completions American Indian Records Repository During this reporting period, approximately 560 boxes of inactive Indian records were moved to the Annex in Lenexa, KS, from OTR's facilities in Albuquerque, NM. Boxes that are collected and need to be indexed are sent to the Annex for indexing prior to being placed in AIRR. Approximately 119,570 indexed boxes are located in the AIRR as of the end of this reporting period. OTR has historically reported the numbe, r of boxes transferred to AIRR for storage. However, NARA uses cubic feet as the measure for records stored. Thus far, NARA reports that they are currently storing 126,437 cubic feet of indexed records at AIRR. OTR will begin including NARA's measure as well in future reports. Records Indexing Project Indexing of approximately 120,110 boxes has been completed as of the end of this reporting period. The number of completed boxes (indexed and quality reviewed) differs from the number of boxes stored at AIR because not all completed boxes are sent to AIRR from the Annex before the end of the reporting period. Priority for the indexing of boxes of Indian records continued to be given to those boxes of records potentially responsive to tribal trust litigation, and included boxes required by OHTA for litigation discovery requests. Approximately 4,550 boxes of inactive records were moved from BIA/OST field locations to the Lenexa Annex for indexing during this reporting period. Once indexed, these boxes will be stored in the AIRR. During the past reporting period, the electronic data base containing the index of records was identified by Interior as a separate system of records. As a result, an assessment of the system was required to determine if the system met the conditions of the Privacy Act. During the indexing of records, some information is entered into the electronic data base that may contain personal identifiers (such as a name and account number). Therefore, the electronic Box Index Search System has been classified as a Privacy Act system of records by Interior. The Privacy 34 RECORDS MANAGEMENT

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 14 of 32

STATUS REPORT TO THE COURT NUMBER TWENTY-TWO August 1, 2005 Records Management

Act notice has been prepared and is being circulated within Interior for surname and signature. It is anticipated that a Federal Register notice soliciting public comments will be published during the next reporting period. Training OTR provided records management training for 199 BIA and 17 OST identified records contacts during this reporting period. Equipment Purchases The existing contract, to supply fireproof filing equipment, was modified during the reporting period to increase the contract amount. It is anticipated that pending requests for equipment will be filled during the next reporting period. Current Status Safeguarding Records The 283 boxes of inactive records that were or may have been damaged or contaminated by mold, mildew, mouse droppings or other adverse elements were shipped to NARA for remediation on June 30, 2005. Two additional boxes were identified during final shipments of the collection as requiring remediation. The two boxes were assessed in June by Carino Conservation and were also sent to NARA for remediation bringing the total number of such boxes to 285. The actual box count for purposes of shipment was 284 as two map groups were consolidated as one box in order to ship. Record Keeping Requirements During the reporting period, written comments on the proposed language for management of fiduciary trust records were received and considered from approximately 60 tribal leaders, staff and consultants. The proposed language was modified in light of comments received. The final language will be used in negotiations for FY2006 annual funding agreements with compacted and contracted Tribes. The final negotiation guidance is anticipated to be published in the Federal Register during the next reporting period. Site Assessments OTR conducted three records management site assessments of BIA and OST programs located at the Southwest Regional Office and Concho Agency and at the Navajo Regional OST field office during the reporting period. During this reporting period, OTR completed and distributed site assessment reports to BIA programs located at: Southern Pueblos Agency, Jicarilla Agency, Concho Agency, Mescalero Agency, Eastern Oklahoma Regional Office, Southwest Regional Office and Ute Mountain Ute 35

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 15 of 32

STATUS REPORT TO THE COURT NUMBER TWENTY-TWO August 1, 2005 Records Management

Agency. Site assessments reports were also completed and sent to the Principal Deputy Special Trustee for OST programs located at: Southwest Regional Office, Navajo Regional Office, and Concho Agency. In May 2005, the responsibility for conducting site assessments of trust records management for BIA and OST was transferred to OTRA. This office is now responsible for conducting trust site assessments and issuing site assessment reports. Appropriate OTR personnel were transferred along with the transfer of function. Beginning with this report, OTRA will include a report on the status of site assessments in its section of the Status Report to the Court. Records Retention Schedules Following receipt of BIA approval, OTR sent the following electronic systems records schedules to the Archivist of the United States for approval: Anadarko Real Estate Module (REM); Indian Forestry Database (InfoDat); Continuous Forest Inventory (CFI); and Geographic Information System (GIS). OTR is awaiting approval of the schedules; however, NARA has pending to OTR a request for additional technical analysis related to the GIS schedule. Records Evaluation As previously reported, 31 boxes set aside for evaluation remain at OTR in Albuquerque pursuant to a litigation hold. Once the boxes aa-e released, OST expects to verify whether any potential records in these boxes are also filed at the OST SWRO. OST expects to conduct this verification when SOL informs OST that the boxes can be returned to OST. Delays and Obstacles Lack of Interact access continues to hinder OTR's ability to provide remote access to the record index database for authorized users of the records. If Internet access were available, authorized researchers could conduct their searches from their respective work sites and only visit AIRR when necessary to inspect specific boxes. Assurance Statement I concur with the content of the information contained in the Records Management section of the Status Report to the Court Number Twenty-Two. The information provided in this section is accurate to the best of my knowledge. Date: July 19, 2005 Name: Signature on File Ethel J. Abeita Director, Office of Trust Records Office of the Special Trustee for American Indians

36

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 16 of 32

STATUS REPORT TO THE COURT NUMBER TWENTY-TWO August 1, 2005 3. Introduction Interior has a continuing responsibility to provide adequate staffing, supervision and training for trust fund management and accounting activities. Fiduciary trust training is essential to the success of Interior's trust reform efforts and forms an integral part of all training for Interior employees who are involved in the management of Indian trust assets. Accomplishments and Completions Cannon Financial Institute personnel presented the Accounting, Guardianship, Fiduciary Behavior and Asset Management specialty courses to 125 OST, BIA, and tribal personnel. These four courses are part of the previously reported certification program. Additional sessions of these courses are expected to be presented during the next reporting period. During this reporting period, OST training staff conducted 10 sessions to provide training in TFAS, CSS, StrataVision and the historical query database to 240 OST, BIA and contractor staff. Additional training for TFAS, CSS, StrataVision, Historical Query, TAAMS, ProTrac and Lockbox training was provided to the Concho and Anadarko agencies' staff. OST and BIA staff presented the three-day course, Trust Fundamentals, to 34 OST, BIA and tribal staff. This course includes such topics as the history and policy of Indian trust, current trust reform activities, job roles and responsibilities, and organization and working relationships. This course is expected to be presented again during the next reporting period. Current Status Construction continues on the NIPTC in Albuquerque and is expected to be completed by the end of CY2005. Delays and Obstacles The lack of Internet access inhibits electronic communication with other governmental agencies and contractors, hinders the research of training tools and potential contractors, and restricts OST's ability to access online training programs. Indian Fiduciary Trust Training, Program INDIAN FIDUCIARY TRUST TRAINING PROGRAM

43

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 17 of 32

STATUS REPORT TO THE COURT NUMBER TWENTY-TWO August 1, 2005 Assurance Statement I concur with the content of the information contained in the Indian Fiduciary Trust Training Program section of the Status Report to the Court Number Twenty-Two. The information provided in this section is accurate to the best of my knowledge. Date: July 19, 2005 Name: Signature on File Dianne M. Moran Director, Trust Training Office of the Special Trustee for American Indians Indian Fiduciary Trust Training Program

44

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 18 of 32

Exhibit 23

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 19 of 32

Status Report to the Court Number Twenty-Six
For the Period April 1, 2006 through June 30, 2006

July 27, 2006

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 20 of 32

STATUS REPORT TO THE COURT NUMBER TWENTY-SIX July 27, 2006 TABLE OF CONTENTS Table of Contents

INTRODUCTION ............................................................................................................. A. INFORMATION TECHNOLOGY ................................................................................. B. C. CADASTRAL SURVEY .................................................................................................. MINERALS MANAGEMENT SERVICE ...................................................................

1 2 9 12 14 18 20 22 22 25 25 27 30 32 34 35 35 38 38 42 42 44 46 48

D. OFFICE OF HISTORICAL TRUST ACCOUNTING ............................................... II. OFFICE OF THE SPECIAL TRUSTEE FOR AMERICAN INDIANS ...................

A. TRUST REVIEW AND AUDIT ........................................... ......................................... B. 1. C. 1. 2. 3. 4. 5. OST-OFFICE OF THE CHIEF INFORMATION OFFICER ................................... RECORDS MANAGEMENT .................................................................................... TRUST ACCOUNTABILITY ....................................................................................... TRUST BUSINESS PROCESS MODELING .......................................................... TRUST DATA QUALITY AND INTEGRITY ........................................................ INDIAN FIDUCIARY TRUST TRAINING PROGRAM ...................................... RISK MANAGEMENT .............................................................................................. REGULATIONS, POLICIES AND PROCEDURES ..............................................

D. FIELD OPERATIONS ................................................................................................... 1. E. 1. III. APPRAISAL ................................................................................................................. TRUST SERVICES ......................................................................................................... CURRENT ACCOUNTING ACTIVITIES ............................................................. BUREAU OF INDIAN AFFAIRS .................................................................................

A. TRUST REGULATIONS, POLICIES AND PROCEDURES ................................... B. C. FRACTIONATION ........................................................................................................ PROBATE ........................................................................................................................

ACRONYMS AND ABBREVIATIONS ....................................................................................

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 21 of 32

STATUS REPORT TO THE COURT NUMBER TWENTY-SIX July 27, 2006 A. Introduction This section describes the status of Interior IT systems, particularly the systems that house or provide access to IITD or provide various computing capabilities, including functions critical to the proper administration of the individual Indian trust responsibilities within Interior. In addition, this section describes various efforts being made to improve IITD security within Interior, pursuant to OMB Circular A-130 Appendix III, and the status of Internet connectivity. Accomplishments and Completions Computer Security: Interior continued to make progress in enhancing IT security by planning and conducting exercises for contingencies, addressing privacy issues and implementing corrective actions for weaknesses tracked through the POA&M process. The most noteworthy accomplishments, completions and challenges during the reporting period are described below. ESN: · Reconfigured DNS services from individual bureau servers to a single Interior-wide server. This enhances the security posture of the Department by reducing the number of external-facing systems that must be managed and secured. Prevention and Monitoring: · Interior has determined that the process for external vulnerability scanning needs refining and has initiated process review and improvement. Expected changes will further enhance the integrity of the external scanning results. · There were no successful security incidents detected during this reporting period that resulted in the compromise of trust systems or data. INFORMATION TECHNOLOGY Information Technology

MMS · MMS completed a thorough investigation of the incident involving the MRM Internet Portal that was previously reported to the Court on August 25, 2005, and in the Status Report to the Court Number Twenty-Three. MMS has taken appropriate remediation actions based on a risk analysis and has informed the Interior CIO of its intent to make the MRM Internet Portal operational. Policies and Guidance · The Interior CIO issued "Data Standardization Procedures (OCIO DIRECTIVE 2006011)" to the assistant secretaries and heads of bureaus and offices on April 18, 2006. Generally, the standardization of data enables seamless sharing of data and allows for easier translation and reconciliation of data, thus reducing costs involved in converting data to an acceptable form before use.

2

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 22 of 32

STATUS REPORT TO THE COURT NUMBER TWENTY-SIX July 27, 2006 Information Technology

·

The Interior CIO issued memorandum "Departmental Web Standards Handbook" to the Deputy Secretary, Associate Deputy Secretary, assistant secretaries, heads of bureaus and offices, and bureau chief information officers on May 1, 2006. This memorandum transmitted the first version of the Departmental Web Standards Handbook, which provides guidance for the development and management of webrelated initiatives. The Interior CIO issued "Controlled Logical Access Policy (OCIO DIRECTIVE 2006-015)" to the heads of bureaus and offices, and bureau chief information officers on June 1, 2006. This directive transmitted Interior's policy on the factors to be considered to determine the appropriate authentication methods for information systems. These factors include the information system's security categorization and residual risks. The Interior CIO issued "Office of Management and Budget (OMB) Requirements for Safeguarding Personally Identifiable Information (OCIO DIRECTIVE 2006016)" to the Deputy Secretary, assistant secretaries, deputy assistant secretaries, Associate Deputy Secretary, heads of bureaus and offices, and bureau chief information officers on June 15, 2006. This directive transmitted guidance to review policies and procedures involved in safeguarding Personally Identifiable Information (PII) as required in OMB's memorandum M-06-15. The Secretary of the Interior issued "Important Notice on Safeguarding Personally Identifiable Information" to all employees on June 20, 2006. This notice reminded all employees of their responsibility in safeguarding PII entrusted to them. It also emphasized what information is considered PII, the consequences of mismanagement of that information and the policy and procedures for reporting violations. BLM issued the following Instruction Memoranda (IM): · IM 2006-133 was issued on April 17, 2006, and establishes current fiscal year policies for IT security controls for computers used on incident support activities. · IM 2006-137 was issued on April 20, 2006, and sets policies requiring regular updates of security patches for laptop and notebook computers. · IM 2006-140 was issued on April 25, 2006, and implements the departmental POA&M standard. · IM 2006-154 was issued on May 11, 2006, and establishes procedural requirements for requesting background investigations for BLM employees and contractors.

·

·

·

·

3

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 23 of 32

STATUS REPORT TO THE COURT NUMBER TWENTY-SIX July 27, 2006 Information Technology

Training and Awareness · Interior participated in a nation-wide Federal Continuity of Operations Program exercise. This exercise tested existing IT disaster and recovery plans, including notification of key personnel, relocation of primary processing to backup sites and return to normal operations following the event. This exercise evaluates plans for continued operation in the event of local, regional or nation-wide events, and enables planners to identify potential weaknesses or deficiencies in the plans. Plans of Action and Milestones: · Interior has reduced weaknesses, tracked by POA&M, an average of 9.4 percent for each of the last two quarters. Interior remediated and closed out 272 weaknesses during this reporting period. Interior continues to address the remaining 1,098 open weaknesses. A-130 Certification and Accreditation: · NBC has completed an independent security assessment of its IT environment to determine the current status of their information security program and establish a target for improvement for any weaknesses. Remediation plans have been developed for identified weaknesses and are being tracked through the POA&M process. · Land Ownership Tracking System (LOTS) was erroneously referred to as a BIA system in the last Status Report to the Court. LOTS is operated by an Indian Tribe to track land ownership and is not an Interior trust system. It is expected that the functionality of LOTS will be incorporated into TAAMS once TAAMS is made available to tribes. OHANet was issued a new accreditation on June 30, 2006 after undergoing recertification and accreditation due to significant changes in access and security controls.

·

IT Systems Architecture: · DOI upgraded the DEAR software to eliminate the need for each bureau to have separate databases that require periodic updates to the master database. This upgrade enables all modifications to bureau EA records to be made in real-time to the master DEAR database repository. · OCIO sponsored a two-day design review, attended by representatives from all bureaus and offices, to formulate plans for establishing one set of logical access controls in support of several proposed or forthcoming Department-wide IT systems (e.g., Enterprise Messaging System, Financial Business Management System, DLRM). The enterprisewide active directory would enable identification and authentication of authorized users to Interior's IT systems. The review team determined that the "best security practice" would be to segment, on a unique subnet, the systems that required higher security controls, regardless of whether they were trust or non-trust. This allows for increased security, greater control of user access and more rigorous monitoring of traffic between that subnet and the rest of the networks.

4

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 24 of 32

STATUS REPORT TO THE COURT NUMBER TWENTY-SIX July 27, 2006 · Information Technology

The MMS Council of Information Management Officials and senior IT staff convened for an IT summit. The purpose of the summit was to focus on how MMS could centralize IT functions to eliminate redundancies, achieve cost savings, and provide better service delivery to the programs. Among the initial priority areas of focus was IT security. A focus team was formed and charged with developing recommendations for reorganizing IT security in MMS.

E-Authentication and HSPD-12: · Interior met OMB's quarterly milestones for E-Authentication. These included reporting to OMB all existing and planned web-based systems that require electronic authentication and identifying the application that will provide the e-authentication service. Staffing: · Interior filled several key positions this reporting period, including a CISO, IT Enterprise Trust Architect and NBC CISO. Current Status A-130 Certification and Accreditation: · All trust systems that are currently in DEAR have full ATO status. · BIA's TAAMS is undergoing re-certification and re-accreditation and is expected to be completed during next reporting period.

ZANTAZ: · All tapes from bureaus and offices affected by ZStage issues documented in previous reports to the Court have been restored with the exception of the 268 blank BIA tapes. · A statement of work has been developed and forwarded to Interior's contracting office that seeks a forensic analysis of the 268 blank BIA tapes documented in the previous status report to the Court. The tape that was sent to ZANTAZ by BIA on March 31, 2006, as noted in the previous report to the Court, has been restored. The tape contained 154 mailboxes holding 41,894 unique messages. The three BIA ZStage irregularities noted in the previous report to the Court are awaiting a response from ZANTAZ. BLM discovered that messages had not been transmitted to ZANTAZ from May 8, 2006, through May 26, 2006, due to a corrupted configuration file. The problem was corrected and 25 backup tapes are ready to be shipped to ZANTAZ.

·

· ·

5

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 25 of 32

STATUS REPORT TO THE COURT NUMBER TWENTY-SIX July 27, 2006 · Information Technology

OSM suffered a ZANTAZ outage that resulted from a physical break in the connection line to ZANTAZ. All data was cached by the SENDMAIL buffer and re-sent upon repair of the line. No data was lost. NBC noted irregularities related to anti-virus software upgrades at BLM. NBC reported the issue to BLM, which is working with ZANTAZ to resolve it. It is unclear whether some messages between NBC Denver and BLM users reach the digital safe.

·

Reports: These reports were among those issued during this reporting period. · OMB issued "Safeguarding Personally Identifiable Information (M-06-15)," to the heads of departments and agencies on May 22, 2006. The memorandum responds to a growing concern about safeguarding PII, which had been spotlighted in the news with the theft of a VA laptop containing PII. It discusses the law and background in safeguarding PII and directs a review of all related policies and processes and requires corrective actions as appropriate. It also required that agency employees be reminded of their responsibilities to safeguard PII and of the penalties for violating the rules. OMB issued "Protection of Sensitive Agency Information (M-06-16)," to the heads of departments and agencies on June 23, 2006. The memorandum directs agencies to protect sensitive data on mobile devices and to ensure remote access connections involving sensitive data are properly secured within 45 days. This memorandum was issued due to a growing list of agencies where PII was potentially or actually compromised. It directs encryption of all data stored on mobile devices and requires twofactor authentication for remote access, time-out of connections after a period of inactivity and logging of all PII data accesses.

·

Delays and Obstacles Like other federal agencies, Interior must address many challenges regarding the integration, performance, funding, security, and data integrity of IT systems. Interior initiated or completed steps to address some of the challenges reported in this and previous reporting periods. However, delays and obstacles listed below impede progress in achieving Interior's IT management goals. Litigation · Employee fears about becoming personally implicated in the Cobell litigation continue to undermine communication and decision-making, slow the deployment of enterprise-wide systems, and are contributing factors to low employee morale. These fears have recently been reinforced by plaintiffs' latest Court filing seeking contempt against Interior officials.

6

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 26 of 32

STATUS REPORT TO THE COURT NUMBER TWENTY-SIX July 27, 2006 · Information Technology

On June 2, 2006, Interior filed with the Court a notice of its intent to bring ALIS and the Indian component of AFMSS on-line. In response to plaintiffs' threats of contempt, BLM decided to keep these two systems off-line for the time being. Although BLM is manually processing all Indian-related Applications for Permits to Drill and related applications, lack of access to automated solutions continues to slow the leasing process, thereby negatively impacting the flow of revenue to Indian trust beneficiaries.

Staffing · Interior is experiencing high staff and management turnover in critical IT positions, particularly IT security. Recruitment challenges to attract qualified candidates continue, particularly in light of litigation impacts. · Interior's Deputy CISO, NBC's CIO, BIA's CIO, and BLM's Deputy CIO and BIA's C&A Program Manager positions were vacant at the end of this reporting period.

Funding and Resources · Planning for replacement of aging systems is significantly impacted due to problems with deploying enterprise-wide applications. Without connectivity between the disconnected and online bureaus and offices, new systems would require two instances (one for the online network and one for the off-line network). · As previously reported, the DLRM system is expected to provide a long-term solution for the legacy functionality of the CGI leasing software module, formerly a part of the TAAMS project. This project is currently on hold due to resource constraints (e.g. project funding). Savings are generated by retiring obsolete systems and reducing duplication of retained data. These savings are critical to enhancing and developing new trust systems with more robust security and operational capabilities. As previously reported, MRM expected to dispose of 30,000 legacy backup tapes that contain data redundant to data in the new MRMSS. Due to objections by tribal litigants, MRM has continued postponement of disposal of these tapes pending resolution of objections.

·

Denied Internet Access · Several Interior bureaus and offices (BIA, OHA, OST and SOL) have not been permitted by the Court to have Internet access since December 5, 2001. Lack of Internet access impedes work processes and the ability to communicate effectively, both internally and externally. For example: · OMB's e-Government initiative requires agencies to web-enable as many of their applications as possible. Without internet access, Interior cannot comply with this and other OMB initiatives, like consolidation of agencies' network infrastructures. Implementation of true enterprise-wide applications is difficult. Plans and funding call for only a single instance of an application to service all bureaus and offices.

·

7

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 27 of 32

STATUS REPORT TO THE COURT NUMBER TWENTY-SIX July 27, 2006 Information Technology

Many of these applications rely upon the internet to service external as well as internal customers. Providing access to the disconnected bureaus and offices would eliminate duplicate systems, networks, and data. Duplicate systems require a significant increase in resources to manually transfer data between the two systems. · Coordination and dissemination of new policies and training is delayed due to the need to deliver material physically. Even after receipt, considerable re-work is required to tailor web-based training programs to run locally. A recent example is the FY 2006 Annual Federal Information System Security Awareness Training. This course is normally completed on-line through DOI LEARN, but must also be duplicated in stand-alone CD-ROM and paper forms for the off-line bureaus. Ensuring Continuity of Operations and Continuity of Government through the implementation of contingency plans requires rapid notification of an event. The lack of Internet access degrades Interior's capabilities to notify all of its bureaus and offices in a timely and efficient manner. Additionally, without remote access, disconnected bureaus and offices will be unable to provide services to their customers in the event of extended contingency periods that may result from pandemics or major natural events.

·

·

The concerns over potential future Court-ordered Internet shutdowns or other Courtordered disruptions create uncertainty over how to proceed with enterprise initiatives and security improvements. Contingency planning for either external or internal disconnections (and all potential permutations) takes resources from planned and daily activities.

Assurance Statement I concur with the content of the information contained in the Information Technology section of the Status Report to the Court Number Twenty-Six. The information provided in this section is accurate to the best of my knowledge. Date: July 24, 2006 Name: Signature on File W. Hord Tipton Interior Chief Information Officer

8

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 28 of 32

STATUS REPORT TO THE COURT NUMBER TWENTY-SIX July 27, 2006 B. Records Management OST-OFFICE OF THE CHIEF INFORMATION OFFICER 1. Introduction The Office of Trust Records was established in I999 to develop and implement a program for the economical and efficient management of mist records, consistent with the 1994 Act, the Federal Records Act and other statutes and implementing regulations. The OTR records management program has been developed and implemented, and continues to evolve, to ensure that necessary Indian records are maintained, records retention schedules are consistent with retention needs, and records are safeguarded throughout their life-cycles. Accomplishments and Completions American Indian Records Repository Approximately 142,261 indexed boxes are located in the AIRR as of the end of this reporting period. Thus far, NARA reports that it is currently storing 146,312 cubic feet of indexed inactive records at AIRR. Some boxes are larger than one cubic foot (e.g., map boxes). Records Indexing Project Indexing of approximately 143,080 boxes has been completed as of the end of this reporting period. The number of completed boxes (indexed and quality reviewed) differs from the number of boxes stored at AIRR because not all completed boxes were sent to AIRR from the Annex before the end of the reporting period. Approximately 9,235 boxes of inactive records were moved from BIA/OST field locations to the Lenexa Annex for indexing during this reporting period. Once indexed, these boxes will be stored in the AIRR. Training OTR provided records management training fbr 105 BIA and OST identified records contacts and 31 tribal employees during this reporting period. Equipment Purchases 221 pieces of fireproof filing equipment were delivered to BIA, OST and tribal offices during this reporting period. RECORDS MANAGEMENT

22

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 29 of 32

STATUS REPORT TO THE COURT NUMBER TWENTY-SIX July 27, 2006 Current Status Safeguarding Records As reported, 283 boxes of inactive records that were or may have been damaged or contaminated by mold, mildew, mouse droppings or other adverse elements were shipped to NARA for remediation in June 2005. NARA completed remediation of the original boxes in April 2006 except for those materials in six boxes that were beyond NARA's capabifities to repair. The materials NARA could not repair consisted of one box that has about 25% of its contents covered with a tar-like substance; one entire box that had mold and the files are stuck together; and one box of green bar printouts from 1989 oil and gas royalty disbursements that have holes in the printout caused by insects. Three boxes have extensive water damage and the contents are stuck together and NARA recommended the contents should not be separated or further damage will result. OTR contracted with a paper conservationist to review the damaged materials to determine if further remedial action can or should be taken with the boxes that NARA could not repair. The conservator's opinion is that much of the information can be salvaged by either physical stabilization or recovery of the information through reproduction techniques. OTR plans to contract for conservator services in the next reporting period. Records Retention Schedules The BIA Geographic Information System records schedule was resubmitted to NARA during this reporting period. NARA had requested additional information for its review of the schedule. Records Management Policies and Procedures As reported previously, OTR received a request from the OST Regional Fiduciary Trust Administrator for the Northwest and Alaska Regions to conduct an investigation into possible unauthorized destruction of federal records or non-records material stored at the OST field office in Portland. In addition, as reported in the OTR Monthly Activity Report for April 2006, a notebook containing microfiche was determined to be missing from the same office. OST's investigation, which included OTR and OTRA, was concluded subsequent to the current reporting period. OST determined that the documents and microfiche disposed of or lost were non-records. As reported in the OTR Monthly Activity Report for June 2006, OTR was informed by OTRA that the BIA Crow Agency, Forestry Department, was vandalized on or about June 7, 2006. A laptop and USB memory drive are missing. The laptop contains duplicate information regarding forest plot reports which include tree heights, diameter, number of trees per plot, regeneration information, fuels data, canopy cover, pictures of plots with general east/west directions, and road-to-center plot. It also contains information on the last 30 years of forest inventories (completed in 10-year increments). There is no ownership data on the laptop or memory drive. The incident, and the loss, was reported to BIA Law Enforcement Service. , Records Management

23

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 30 of 32

STATUS REPORT TO THE COURT NUMBER TWENTY-SIX July 27, 2006 Delays and Obstacles Lack of Internet access continues to hinder OTR's ability to provide remote access to the record index database for authorized users of the records. If Internet access were available, authorized researchers could conduct their searches from their respective work sites and only visit AIRR when necessary to inspect specific boxes or request documents from specific boxes. Assurance Statement I concur with the content of the information contained in the Records Management section of the Status Report to the Court Number Twenty-Six. The information provided in this section is accurate to the best of my knowledge. Date: July 19, 2006 Name: Signature on File Ethel J. Abeita Director, Office of Trust Records Office of the Special Trustee for American Indians Records Management

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 31 of 32

STATUS REPORT TO THE COURT NUMBER TWENTY-SIX July 27, 2006 3. Introduction Interior has a continuing responsibility to provide adequate staffing, supervision and training for trust fund management and accounting activities. Fiduciary trust training is essential to the success of Interior's trust reform efforts and forms an integral part of all training for Interior employees who are involved in the management of Indian trust assets. Accomplishments and Completions During this reporting period, Cannon Financial Institute awarded the Certified Indian Fiduciary Trust Specialist designation to ten OST personnel. Dedication ceremonies for the NIPTC were held on Thursday, April 27, 2006. Current Status OST offered one session of the course, Fiduciary Overview Program, presented by Cannon Financial Institute, with 29 OST, BIA and tribal personnel attending during this reporting period. A total of 822 people have attended this course since March 2003. This course compares and contrasts the federal Indian trust administered through Interior with private sector trusts administered through banks and other financial institutions. During this reporting period, Cannon Financial Institute personnel presented five of the specialty courses to 95 OST, BIA and tribal personnel. The specialty courses, Risk Management, Probate, Trust Accounting, Asset Management, Fiduciary Behavior and Guardianships are part of the Certified Indian Fiduciary Trust Specialist certification program as described in previous reports. During this reporting period, OST training staff conducted 12 training sessions in TFAS, CSS, StrataVision and the historical query database for 149 OST, BIA and contractor staff. OST and BIA staff presented the three-day course, Trust Fundamentals, to 34 OST, BIA and tribal staff. This course includes such topics as the history and policy of Indian trust, current trust reform activities, job roles and responsibilities, and organization and working relationships. Delays and Obstacles The lack of Internet access inhibits electronic communication with other governmental agencies and contractors, hinders the research of training tools and potential contractors, and restricts OST's ability to access online training programs. Indian Fidueial~y Trust Trainin~ Program INDIAN FIDUCIARY TRUST TRAINING PROGRAM

3O

Case 1:06-cv-00945-FMA

Document 19-7

Filed 06/21/2007

Page 32 of 32

STATUS REPORT TO THE COURT NUMBER TWENTY-SIX July, 27, 2006 Assurance Statement I concur with the content of the information contained in the Indian Fiduciary Trust Training Program section of the Status Report to the Court Number Twenty-Six. The information provided in this section is accurate to the best of my knowledge. Date: July 14, 2006 Name: Signature on File Dianne M. Moran Director, Trust Training Office of the Special Trustee for American Indians Indian Fiduciar~ Trust Trainin~ Program

31