Wednesday, May 20, 201510:00 a.m. – 11:30 a.m., Central Time

Presented by

Information Technology Services Division (ITSD), Information Technology Security (ITS),Access Management Branch (AMB)

United States Department of AgricultureOffice of the Chief Financial Officer

National Finance Center

NFC User Group Meeting

NFC ASO User Group MeetingAgenda

• Welcome

• Webinar Guidelines

• News & Updates– Review of February User Group Meeting

– Expansion of Inactivity Process to Web Apps

– Access

– Training

– Insight

– Role Based Security

– AD-3100-P Access Form Changes

– Remedy Requester Console

– Notices

– Contact Info

• Questions & Comments

May 20, 2015 2

NFC ASO User Group MeetingWebinar Guidelines

• Place your phone on ‘mute’

• Do not put your phones on ‘hold’

• Include your agency acronym with your name when signing in

• Send your name & agency, comments & questions via the Notes tab during the

webinar

• Email NFC.ASO@nfc.usda.gov for a copy of the presentation or download it from

the NFC Security Corner User Group Page (

https://www.nfc.usda.gov/Security/user_group.html) Limit background noise, side conversations, etc. when asking questions

Remember: Your participation is critical to our success!

May 20, 2015 3

May 20, 2015 4

• Notes posted on Security Corner

• Over 80 attendees

• Received comments on access forms

• Changes incorporated

• Updated AD-3100-P access form posted on Security Corner

• Several questions addressed and documented in Notes

NFC ASO User Group MeetingFebruary 18, 2015 ASO User Group Meeting

May 20, 2015 5

• Apps affected• SALL, DPRW, FUND, FSDE, ITRS, OFEE, PADS, RPCT• Must log into each application to remain active

• When users are deleted from the SALL web apps, the process does not delete the entire user account -- just the attached applications from the userID

• If user has at least one application active or locked, the entire inactive account won’t be deleted until the 720 days has passed

• If the user is not assigned to any application, the entire entry regarding the user will be deleted after 120 days.

– Don’t want to keep blank account for 720 days

– 120 days should give user enough time to assign application to account

• History information is available

NFC ASO User Group MeetingExpansion of Inactivity Process to Web Apps

May 20, 2015 6

• Expedites• Requested because previous request cancelled due to missing info • Please make sure all information is provided on initial submission • Will review things to consider in later slide

• Reporting Center Access• If Reporting Center only, please indicate this in Special Instructions• Will be placed in a special TSS DEPT• Prevent deleting of mainframe account • Insight Access Audit to remove global access

• Changes should go to your Client Management Liaison• Servicing Agreements• POCs

• Security Corner• Subscribing to Security does not provide ASO private communications• Public updates to ASO subscriber list not allowed• Subscribe link gives notification of Security Corner content changes only

NFC ASO User Group MeetingAccess

May 20, 2015 7

NFC ASO User Group MeetingTraining

• Use your official government email address when registering

• Acuity is not 508 compliant

• NFC is looking into an alternative solution that is 508 compliant

• Users who use the keyboard as their main input device are unable to interact (e.g., selecting a date from the calendar)

• No associated labels with input elements, which helps define context for screen readers

• May have to go to internal scheduling of training and user group meetings• ASO would email nfc.aso@usda.gov • AMB would input ASO information into Acuity• Once NFC gets a compliant solution, ASOs could go back to registering

themselves

May 20, 2015 8

NFC ASO User Group MeetingInsight

• Insight recently modified to increase max number of org codes from 10 to 20• Password Reset

• Insight does not prompt to change password at first login• Change it by logging in and clicking on 5. Password Reset under Dashboard

tab

May 20, 2015 9

• Documents posted on Security Corner

• https://www.nfc.usda.gov/Security/Role_Based_Access.html

• IRS in process, NIST up next

• RBA Guide

• What is Role Based Access?

• Implementation Process

– Phase 1 – Kickoff

– Phase 2 – Define Agency Security Access Requirements

– Phase 3 – Build the Roles and Establish Validation User IDs

– Phase 4 - Validate Security Access Requirements

– Phase 5 – Cutover

– Phase 6 – Post Implementation

NFC ASO User Group MeetingRole Based Security

May 20, 2015 10

• ASO Responsibilities

• Appendices– Security Requirements Matrix (Blank)

– Task Schedule Example

– Agency Role Matrix Example

– Agency Role Matrix (Blank)

– Organization Security Structure Example

– User Report Example

• Use Role Based Access summary line after you are implemented

• Implementation Strategy– Other agencies who meet criteria for Phase I should email

nfc.rba@usda.gov

NFC ASO User Group MeetingRole Based Security

May 20, 2015 11

NFC ASO User Group MeetingAD-3100-P Access Form Changes

Section 1:Removed Name Change boxAdded reference to ‘federal’ in SSN boxLengthened email box

Section 2:Consolidated action boxes for Users & ProfilesAdded references to roles

May 20, 2015 12

NFC ASO User Group MeetingAD-3100-P Access Form Changes

• Added applications• Added ability to change each application• Removed some unnecessary applications and options• Removed Remarks box

May 20, 2015 13

NFC ASO User Group MeetingAD-3100-P Access Form Changes

May 20, 2015 14

NFC ASO User Group MeetingAD-3100-P Access Form Changes

May 20, 2015 15

NFC ASO User Group MeetingAD-3100-P Access Form Changes

Prevent Cancellation of Forms• Are you authorized to have the requested access?

• Did you use the correct Summary Line?

• Did you include UserID, Name, Applications, Profiles/Roles?

• Did you provide access level, org, POI, etc.?

• Did you provide Sensitive/Non-Sensitive, Update/Read, etc.?

• Did you provide OON, Contact Points, etc.?

• If a new federal user, did you provide the SSN?

• If a contractor, did you provide expiration date?

• If SSNs provided, did you encrypt the form?

• Did you provide a password for your agency?

• Did you respond to AMB requests for information within 3 days?

May 20, 2015 16

• Use Correct Summary Line

• Use Create summary line for New Hires Only, or to re-establish a deleted account

• Use forms to submit requests to prevent your request from being cancelled

• Do not add access changes to Work Info after the request is resolved

• Do not request access to all applications

• Description of apps can be found at https://www.nfc.usda.gov/About_NFC/products.html

• For Help: Click on ‘Contact Us’, then NFC Contact Center logo, then select specific area

NFC ASO User Group MeetingRemedy Requester Console

May 20, 2015 17

NFC ASO User Group MeetingRemedy Requester Console

May 20, 2015 18

NFC ASO User Group MeetingNotices

Goal: Increase communication via notices

Source: GovDelivery Status Report

NFC ASO User Group MeetingContact Information

Access & Report Requests via Remedy Requester Consolehttps://servicecenter.nfc.usda.gov/arsys/home

Trouble Tickets (Operations & Security Center)OSC.Etix@nfc.usda.gov or (800) 767-9641

Contact AMB (Request Training, Notifications)NFC.ASO@nfc.usda.gov

Security Cornerhttps://www.nfc.usda.gov/Security/Security_home.html

Ivan JacksonAssociate Director, ITSD, ITSIvan.Jackson@nfc.usda.gov

Gail Alonzo-ShortsActing Chief, ITSD, ITS, AMBGail.Alonzo-Shorts@nfc.usda.gov

Remedy Requester Console TrainingLouis Collins, AMB StaffLouis.Collins@nfc.usda.gov

James Varnado, AMB StaffJames.Varnado@nfc.usda.gov

Evangeline Duncan, AMB StaffEvangeline.Duncan@nfc.usda.gov

ASO Basic TrainingJennee Marquez, AMB StaffGenevieve.Marquez@nfc.usda.gov

ASO Intermediate Training Susan Traill, AMB StaffSusan.Traill@nfc.usda.gov

May 20, 2015 19

NFC ASO User Group Meeting

Questions? Comments?

May 20, 2015 20