View
214
Download
1
Category
Tags:
Preview:
Citation preview
Wednesday, February 18, 201510:00 a.m. – 11:30 a.m., Central Time
Presented by
Information Technology Services Division (ITSD), Information Technology Security (ITS),Access Management Branch (AMB)
United States Department of AgricultureOffice of the Chief Financial Officer
National Finance Center
NFC User Group Meeting
NFC ASO User Group MeetingAgenda
• Welcome
• Webinar Guidelines
• News & Updates
– Secretary of Agriculture’s Signature Process Improvement Initiative
– Expansion of Inactivity Process to Web Apps
– Email Address Update
– Role Based Security
– Miscellaneous
• Questions & Comments
February 18, 2015 2
NFC ASO User Group MeetingWebinar Guidelines
• Place your phone on ‘mute’
• Do not put your phones on ‘hold’
• Include your agency acronym with your name when signing in
• Send your name & agency, comments & questions via the Notes tab during the
webinar
• Email NFC.ASO@nfc.usda.gov for a copy of the presentation or download it from
the NFC Security Corner User Group Page (
https://www.nfc.usda.gov/Security/user_group.html) Limit background noise, side conversations, etc. when asking questions
Remember: Your participation is critical to our success!
February 18, 2015 3
February 18, 2015 4
• Processing times continue to improve• Oct 2012 - Averaged 20.5 days to process requests• Dec 2014 - Averaged 3.5 days to process requests (83% reduction)• Jan 2015 - Averaged 2.69 days to process requests
• Looking ahead• Continuous monitoring and improvements• Feedback is important• Compliance with policy will keep us on track
NFC ASO User Group MeetingSecretary of Agriculture’s
Signature Process Improvement Initiative
February 18, 2015 5
• Notices delivered• Jan 7, Jan 26, Feb 3
• Deletions • Began Feb 9• Suspended pending solution to infrequently used apps
• Apps affected• SALL, DPRW, FUND, FSDE, ITRS, OFEE, PADS, RPTC, HIPS• Must log into each application to remain active
• Emails • 30 day warning, 60 day disable, 120 day delete• Identifies application in subject line and greeting• Identifies action taken• Identifies user name• Still missing user email addresses
NFC ASO User Group MeetingExpansion of Inactivity Process to Web Apps
February 18, 2015 6
Number Accounts Deleted: 14,391
Percent Never Used: 62.88%
Percent Logged in but Deleted: 37.12%
Average Number of Days Since Last Logon: 1,068
SAC User Totals:1 SAC Code – 2,5352 SAC Codes – 8,4103 SAC Codes – 3,446
NFC ASO User Group MeetingExpansion of Inactivity Process to Web
Apps
February 18, 2015 7
NFC ASO User Group MeetingExpansion of Inactivity Process to Web
Apps
February 18, 2015 8
NFC ASO User Group MeetingExpansion of Inactivity Process to Web
Apps
February 18, 2015 9
ASO Comments
Leslie Perkins – AMS: OFEE Biennial Review of Charges for Things of Value web application. This is a biennial (every 2 year) reporting requirement. Why would ANYONE be required to log into the system every 6 months to maintain access?
Linda Price – RD: OFEE Warning: User Account Deleted. Considering I only use this 1 time per year, that would probably be why it was more than 120 days…There has never been this requirement in the past and a warning is normal protocol before deleting a user on most systems.
NFC ASO User Group MeetingExpansion of Inactivity Process to Web
Apps
February 18, 2015 10
• Possible Exclusions• Infrequently used Apps
• DPRW• OFEE
• Users on extended leave• On the mainframe, we can put users in a special dept (EXTLV) that
will keep them from being deleted in the inactive accounts process if they’re going to be on extended leave. It would be great if we could do something similar with the Web Apps. A flag maybe?
• Removal of ASUSPENDs• Must log in immediately after access given to prevent being deleted
• NIST 800-53: AC-02 (3) Account Management • The information system automatically disables inactive accounts after
[Assignment: organization-defined time period].
NFC ASO User Group MeetingExpansion of Inactivity Process to Web
Apps
February 18, 2015 11
• Notice went out November 20, 2014
• Currently loading email addresses for all users
• ASOs provide email addresses via access forms
• ASOs provide email addresses via spreadsheet
• AMB extract email addresses from Insight
• Completed ASOs, APHIS, other agencies
• Admins instructed to give one warning after missing address, then cancel
future forms
NFC ASO User Group MeetingEmail Address Update
February 18, 2015 12
• First Up: IRS & NIST
• Will post user guide
• Implementation Strategy / Process
• Use Security Requirements Matrix (SRM) to document access for roles
• Phased Approach
• ASO Responsibilities
• Forms
• Schedules
• Sample forms / SRMs
NFC ASO User Group MeetingRole Based Security
February 18, 2015 13
• Training• All Training / User Group meetings have been placed on the web site • Can now register for multiple sessions at one time• New Training for Distributed Security Administrators (DSAs)• Register online at https://www.nfc.usda.gov/Security/Security_Training.html • 1:00 p.m. – 3:00 p.m., Central Time
• If Wednesday falls on a holiday, class will be moved to following Thursday• ASO Basic Training (1st Wednesdays)• Remedy Requester Console Training (2nd Wednesdays)• ASO Intermediate Training (4th Wednesdays)
• Remedy Requester Console• New Paycheck8 Summary Line
NFC ASO User Group MeetingMiscellaneous
February 18, 2015 14
• Form AD-3100-A Changes1. Modify the form to change all references to 'Agency' to 'Agency/Tribal
Organization' 2. Add Block numbers3. Lengthen the two Email address fields4. Add Mailing Address (2 lines for Address; City, State, ZIP fields) 5. Add Note at bottom of form associated with Security Officer Type field:
‘Tribal Organizations use Division and Department only’) 6. Add an ACTION REQUIRED block with options for ADD, MODIFY &
DELLETE 7. Add SPECIAL INSTRUCTIONS block 8. Increase size of PHONE field
• More changes coming for AD-3100-P & AD-3100-R
NFC ASO User Group MeetingMiscellaneous
February 18, 2015 15
• Remedy Requester Console• New Paycheck8 Summary Line in Remedy Requester Console
• Contractor Report Available• Issue Resolved
• Security Incidents• Using the IDs of others after they retired• Changing passwords of IDs to allow others to use them
NFC ASO User Group MeetingMiscellaneous
NFC ASO User Group MeetingContact Information
Access & Report Requests via Remedy Requester Consolehttps://servicecenter.nfc.usda.gov/arsys/home
Trouble Tickets (Operations & Security Center)OSC.Etix@nfc.usda.gov or (800) 767-9641
Contact AMB (Request Training, Notifications)NFC.ASO@nfc.usda.gov
Security Cornerhttps://www.nfc.usda.gov/Security/Security_home.html
Ivan JacksonAssociate Director, ITSD, ITSIvan.Jackson@nfc.usda.gov
Lisa StaffordChief, ITSD, ITS, AMBLisa.Stafford@nfc.usda.gov
Remedy Requester Console TrainingLouis Collins, AMB StaffLouis.Collins@nfc.usda.gov
James Varnado, AMB StaffJames.Varnado@nfc.usda.gov
Evangeline Duncan, AMB StaffEvangeline.Duncan@nfc.usda.gov
ASO Basic TrainingJennee Marquez, AMB StaffGenevieve.Marquez@nfc.usda.gov
ASO Intermediate Training Susan Traill, AMB StaffSusan.Traill@nfc.usda.gov
February 18, 2015 16
NFC ASO User Group Meeting
Questions? Comments?
February 18, 2015 17
Recommended