Upload
georgia-cannon
View
213
Download
0
Tags:
Embed Size (px)
Citation preview
Wednesday, May 20, 201510:00 a.m. – 11:30 a.m., Central Time
Presented by
Information Technology Services Division (ITSD), Information Technology Security (ITS),Access Management Branch (AMB)
United States Department of AgricultureOffice of the Chief Financial Officer
National Finance Center
NFC User Group Meeting
NFC ASO User Group MeetingAgenda
• Welcome
• Webinar Guidelines
• News & Updates– Review of February User Group Meeting
– Expansion of Inactivity Process to Web Apps
– Access
– Training
– Insight
– Role Based Security
– AD-3100-P Access Form Changes
– Remedy Requester Console
– Notices
– Contact Info
• Questions & Comments
May 20, 2015 2
NFC ASO User Group MeetingWebinar Guidelines
• Place your phone on ‘mute’
• Do not put your phones on ‘hold’
• Include your agency acronym with your name when signing in
• Send your name & agency, comments & questions via the Notes tab during the
webinar
• Email [email protected] for a copy of the presentation or download it from
the NFC Security Corner User Group Page (
https://www.nfc.usda.gov/Security/user_group.html) Limit background noise, side conversations, etc. when asking questions
Remember: Your participation is critical to our success!
May 20, 2015 3
May 20, 2015 4
• Notes posted on Security Corner
• Over 80 attendees
• Received comments on access forms
• Changes incorporated
• Updated AD-3100-P access form posted on Security Corner
• Several questions addressed and documented in Notes
NFC ASO User Group MeetingFebruary 18, 2015 ASO User Group Meeting
May 20, 2015 5
• Apps affected• SALL, DPRW, FUND, FSDE, ITRS, OFEE, PADS, RPCT• Must log into each application to remain active
• When users are deleted from the SALL web apps, the process does not delete the entire user account -- just the attached applications from the userID
• If user has at least one application active or locked, the entire inactive account won’t be deleted until the 720 days has passed
• If the user is not assigned to any application, the entire entry regarding the user will be deleted after 120 days.
– Don’t want to keep blank account for 720 days
– 120 days should give user enough time to assign application to account
• History information is available
NFC ASO User Group MeetingExpansion of Inactivity Process to Web Apps
May 20, 2015 6
• Expedites• Requested because previous request cancelled due to missing info • Please make sure all information is provided on initial submission • Will review things to consider in later slide
• Reporting Center Access• If Reporting Center only, please indicate this in Special Instructions• Will be placed in a special TSS DEPT• Prevent deleting of mainframe account • Insight Access Audit to remove global access
• Changes should go to your Client Management Liaison• Servicing Agreements• POCs
• Security Corner• Subscribing to Security does not provide ASO private communications• Public updates to ASO subscriber list not allowed• Subscribe link gives notification of Security Corner content changes only
NFC ASO User Group MeetingAccess
May 20, 2015 7
NFC ASO User Group MeetingTraining
• Use your official government email address when registering
• Acuity is not 508 compliant
• NFC is looking into an alternative solution that is 508 compliant
• Users who use the keyboard as their main input device are unable to interact (e.g., selecting a date from the calendar)
• No associated labels with input elements, which helps define context for screen readers
• May have to go to internal scheduling of training and user group meetings• ASO would email [email protected] • AMB would input ASO information into Acuity• Once NFC gets a compliant solution, ASOs could go back to registering
themselves
May 20, 2015 8
NFC ASO User Group MeetingInsight
• Insight recently modified to increase max number of org codes from 10 to 20• Password Reset
• Insight does not prompt to change password at first login• Change it by logging in and clicking on 5. Password Reset under Dashboard
tab
May 20, 2015 9
• Documents posted on Security Corner
• https://www.nfc.usda.gov/Security/Role_Based_Access.html
• IRS in process, NIST up next
• RBA Guide
• What is Role Based Access?
• Implementation Process
– Phase 1 – Kickoff
– Phase 2 – Define Agency Security Access Requirements
– Phase 3 – Build the Roles and Establish Validation User IDs
– Phase 4 - Validate Security Access Requirements
– Phase 5 – Cutover
– Phase 6 – Post Implementation
NFC ASO User Group MeetingRole Based Security
May 20, 2015 10
• ASO Responsibilities
• Appendices– Security Requirements Matrix (Blank)
– Task Schedule Example
– Agency Role Matrix Example
– Agency Role Matrix (Blank)
– Organization Security Structure Example
– User Report Example
• Use Role Based Access summary line after you are implemented
• Implementation Strategy– Other agencies who meet criteria for Phase I should email
NFC ASO User Group MeetingRole Based Security
May 20, 2015 11
NFC ASO User Group MeetingAD-3100-P Access Form Changes
Section 1:Removed Name Change boxAdded reference to ‘federal’ in SSN boxLengthened email box
Section 2:Consolidated action boxes for Users & ProfilesAdded references to roles
May 20, 2015 12
NFC ASO User Group MeetingAD-3100-P Access Form Changes
• Added applications• Added ability to change each application• Removed some unnecessary applications and options• Removed Remarks box
May 20, 2015 13
NFC ASO User Group MeetingAD-3100-P Access Form Changes
May 20, 2015 14
NFC ASO User Group MeetingAD-3100-P Access Form Changes
May 20, 2015 15
NFC ASO User Group MeetingAD-3100-P Access Form Changes
Prevent Cancellation of Forms• Are you authorized to have the requested access?
• Did you use the correct Summary Line?
• Did you include UserID, Name, Applications, Profiles/Roles?
• Did you provide access level, org, POI, etc.?
• Did you provide Sensitive/Non-Sensitive, Update/Read, etc.?
• Did you provide OON, Contact Points, etc.?
• If a new federal user, did you provide the SSN?
• If a contractor, did you provide expiration date?
• If SSNs provided, did you encrypt the form?
• Did you provide a password for your agency?
• Did you respond to AMB requests for information within 3 days?
May 20, 2015 16
• Use Correct Summary Line
• Use Create summary line for New Hires Only, or to re-establish a deleted account
• Use forms to submit requests to prevent your request from being cancelled
• Do not add access changes to Work Info after the request is resolved
• Do not request access to all applications
• Description of apps can be found at https://www.nfc.usda.gov/About_NFC/products.html
• For Help: Click on ‘Contact Us’, then NFC Contact Center logo, then select specific area
NFC ASO User Group MeetingRemedy Requester Console
May 20, 2015 17
NFC ASO User Group MeetingRemedy Requester Console
May 20, 2015 18
NFC ASO User Group MeetingNotices
Goal: Increase communication via notices
Source: GovDelivery Status Report
NFC ASO User Group MeetingContact Information
Access & Report Requests via Remedy Requester Consolehttps://servicecenter.nfc.usda.gov/arsys/home
Trouble Tickets (Operations & Security Center)[email protected] or (800) 767-9641
Contact AMB (Request Training, Notifications)[email protected]
Security Cornerhttps://www.nfc.usda.gov/Security/Security_home.html
Ivan JacksonAssociate Director, ITSD, [email protected]
Gail Alonzo-ShortsActing Chief, ITSD, ITS, [email protected]
Remedy Requester Console TrainingLouis Collins, AMB [email protected]
James Varnado, AMB [email protected]
Evangeline Duncan, AMB [email protected]
ASO Basic TrainingJennee Marquez, AMB [email protected]
ASO Intermediate Training Susan Traill, AMB [email protected]
May 20, 2015 19
NFC ASO User Group Meeting
Questions? Comments?
May 20, 2015 20