nfc aso user group meeting wednesday, november 13, 2013 10:00 a.m. – 11:30 a.m., central time...
TRANSCRIPT
NFC ASO User Group MeetingWednesday, November 13, 2013
10:00 a.m. – 11:30 a.m., Central Time
Presented by
Information Technology Services Division (ITSD), Information Technology Security (ITS),Access Management Branch (AMB)
United States Department of AgricultureOffice of the Chief Financial Officer
National Finance Center
NFC ASO User Group MeetingAgenda
Welcome.........................................................Lisa Stafford
Webinar Guidelines....................................... Louis
Collins
News & Updates…...........................................AMB Team
Questions &
Comments..................................................All
November 13, 2013 2
NFC ASO User Group MeetingWebinar Guidelines
• Place your phone on ‘mute’
• Do not put your phones on ‘hold’
• Include your agency acronym with your name when signing in
• Send your name & agency, comments & questions via the Notes
tab during the webinar
• Email [email protected] for a copy of the presentation or
download it from the NFC Security Corner User Group Page (
https://www.nfc.usda.gov/Security/user_group.html)
November 13, 2013 3
NFC ASO User Group MeetingPerformance Metrics
November 13, 2013 4
Topics for Discussion
• Performance Metrics
• Access Updates
• AMB Team
• ASO Best Practices Example
• Project Updates
NFC ASO User Group MeetingPerformance Metrics
November 13, 2013 5
Processed Access Requests: October 2012 – September 2013
NFC ASO User Group MeetingPerformance Metrics
November 13, 2013 6
Processed Access Requests – External Agencies: Oct 2012 – Sept 2013
NFC ASO User Group MeetingPerformance Metrics
November 13, 2013 7
NFC ASO User Group MeetingPerformance Metrics
November 13, 2013 8
NFC ASO User Group MeetingReminders
• Accounts Deleted Due to Inactivity• Select CREATE ID… summary line option in Remedy Requester Console • Provide old UserID, SSN, access
• Request extensions to access for year-end expiration timely • Fiscal Year End• Calendar Year End
November 13, 2013 9
NFC ASO User Group MeetingAccess Updates
November 13, 2013 10
Access Requests(Estimated Turnaround Time in business days)
Access Request Type
95% Completed in Time Frame Shown
<=10 User IDs
11-30 User IDs
31-50 User IDs
>50User IDs
Simple 5 days 10 days 15 days Negotiated
Moderate 10 days 15 days 20 days Negotiated
Complex 15 days 20 days 25 days Negotiated
Simple Approximately 30 minutes to process per user ID Delete accountDRCi IMExpiration Date External RequestsFTPIASInsightITRSUser Name ChangeOne ApplicationPhone # Change
Moderate Approximately 2 hours to process per user ID
CUATEMPHR/NEIS (1 environment)FATA MITSMultiple ApplicationsProfiles (<4 ) SeparationsSecurity Specifications (Modify)
---------------------------------------------------------------------------------------
Complex Approximately 8 hours to process per user ID
>50 UserIDsInternal AccessASO AccessBatch ACIDsDB2 GrantsCross AuthorizationCross Svc Agencies CTMSEMPHR/NEIS (>1 environment)FESIMultiple EnvironmentsMultiple POIsOrg RealignmentsProfiles (>=4)Security Specifications (New)Security System MaintenanceStarted Tasks Stored Procedures
NFC ASO User Group MeetingAMB Team*
November 13, 2013 11
ACCESS TEAM
Bobby Borja Nija Enclarde Donald (Don) McCorvey
Louis Collins Curtis Ford Genevieve (Jennee) Sanderaka Jennee Marquez
Chatoya Nettles Connor
Chester (Chet) Golembiewski
Carolyn Sibley
Phong Dang Regina Heisser Susan Traill
Aqeel El-Amin Diana Maldonado James Varnado
REPORTING TEAM
Evangeline Duncan Gregory (Greg) Fulmer Wilbert (Wil) Thibodeaux
*AMB Staff should NEVER be contacted to establish a ticket. They should be contacted directly ONLY for an existing ticket.
NFC ASO User Group Meeting ASO Best Practices
November 13, 2013 12
From: ASO NameSent: Wednesday, April 17, 2013 1:42 PMTo: User Name
Subject: NFC Mainframe Account StatusSensitivity: Confidential Hello, You are receiving this email since you have not logged into the NFC Mainframe for the time period indicated below: User Id: XX1580Last Login Date: 3/14/2013 Number of Days since Last Activity: 35 In order to login to the Reporting Center, ITRS and other NFC systems (such as TUMS), your NFC Mainframe ID has to be active. If you still require access to any NFC systems or if access is no longer required, please let us know by sending an email to [email protected]. Please include the systems you currently access. Please be mindful that access to FFIS was terminated as of December 12, 2012 for MRP users. Thanks in advance for your time and assistance.
NFC ASO User Group MeetingProject Updates
November 13, 2013 13
• Security Access Forms
• Role Based Security
• Scheduling Software
• Email Inactive Accounts
• Provide email address on access forms
•Electronic Forms Entry
NFC ASO User Group MeetingNFC Security Access Forms
• Advantages• Simplify requesting access changes• Reduce errors• Reduce processing time• Improve quality
• Available November 18, 2013 on NFC web site• AD-3100-x
• ASO Designation Form (AD-3100-A)• Reporting Center Security Access Form (AD-3100-R)• Payroll/Personnel System Security Access Form (AD-3100-P)• EmpowHR Security Access Form (AD-3100-E) (TBD)
• Insight Security Access Form (AD-3042)• One form per user (can attach user list)• Common fields• Can’t save data• Save ticket number (for audit purposes, research)• Foundation for electronic forms entry• Can still use agency forms
November 13, 2013 14
NFC ASO User Group MeetingNFC Security Access Forms
November 13, 2013 15
NFC ASO User Group MeetingNFC Security Access Forms
November 13, 2013 16
NFC ASO User Group MeetingNFC Security Access Forms
November 13, 2013 17
Reporting Center Request for Security Access Form, cont.
NFC ASO User Group MeetingNFC Security Access Forms
November 13, 2013 18
NFC ASO User Group MeetingNFC Security Access Forms
November 13, 2013 19
Payroll Personnel Request for Security Access, cont.
NFC ASO User Group MeetingRole Based Security
November 13, 2013 20
Benefits
Faster access administration Better documentation of access Easier audits Less complicated Fewer access errors Less time for access review Allows managers to know users’ access at-a-glance Speeds up the security administration process Fewer roles to maintain
Sample Roles by Functionality
Staffing PersonnelOffice Management Help Desk Labor Relations Accounting Payroll SupervisorsPayroll Specialist Payroll AssistantsProcessing Supervisors Processing Specialist Processing Assistants Agency Security Officers – DEPT, DIV, ZONE Level Connect Direct T & A – Timekeeper/Transmitter T & A - Admin, Timekeeper/Transmitter FESI Transmitter
NFC ASO User Group MeetingRole Based Security
November 13, 2013 21
APPLICATIONS A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
------------------------------------------------------------------------
CULPRIT | |X|X|X|X|X|X|X|X|X|X|X| |X|X|X|X|X|X|X|X| |X|X|X| |
------------------------------------------------------------------------
TINQ | | | | |X| | | |X| | | | | |X|X| | | | |X| | |X| | |
------------------------------------------------------------------------
RFQS |X|X| |X|X| | |X| | | |X| | |X| |X|X|X| |X| | |X| | |
------------------------------------------------------------------------
TMGT |X|X| |X| |X|X|X|X|X| |X| | |X|X|X|X| |X|X| | |X| | |
------------------------------------------------------------------------
IRIS/N | | | | | | | | | | | | | | | | | | | | | | |X| |X| |
------------------------------------------------------------------------
IRIS/S |X|X|X|X|X|X|X|X|X|X|X|X| |X|X|X|X|X|X|X|X|X| |X| | |
------------------------------------------------------------------------
PINQ/N | | | | | | | | | | | | | | | | | | | | | | |X| |X| |
------------------------------------------------------------------------
PINQ/S |X|X|X|X|X|X|X|X|X|X|X|X| |X|X|X|X|X|X|X|X|X| |X| | |
------------------------------------------------------------------------
PMSO |X|X|X|X|X| |X|X|X|X| |X| |X|X|X|X| |X| |X| |X|X| | |
------------------------------------------------------------------------
UCFE |X|X|X|X| | |X|X|X|X| |X| |X|X| |X| |X| |X|X| |X| | |
NFC ASO User Group MeetingRole Based Security
November 13, 2013 22
Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z APPLICATIONS A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ------------------------------------------------------------------------CULPRIT | |X| | | | | | | |X| | | | | |X| | | | |X| | | | | |------------------------------------------------------------------------TINQ | |X| | | | | | | |X| | | | | | | | | | | | | | | | |------------------------------------------------------------------------RFQS | |X| | | | | | | |X| | | | | | | | | |X|X| | | | | |------------------------------------------------------------------------TMGT | |X| | | | | | | |X| | | | | |X| | | |X|X| | | |X| |------------------------------------------------------------------------IRIS/N | | | | | | | | | | | | | | | |X| | | | | | | | |X| |------------------------------------------------------------------------IRIS/S | |X| | | | | | | |X| | | | | | | | | |X|X| | | | | |------------------------------------------------------------------------PINQ/N | | | | | | | | | | | | | | | |X| | | | | | | | |X| |------------------------------------------------------------------------PINQ/S | |X| | | | | | | |X| | | | | | | | | |X|X| | | | | |------------------------------------------------------------------------
NFC ASO User Group MeetingRole Based Security
November 13, 2013 23
Agency Identify roles
Look at work from “Business” point of viewGroup similar “business functions” into a role, e.g., Secretary, Timekeeper, Transmitter, Supervisor, etc.
Define access needed to perform “business function” Identify access levels
POIs, contact points, org structure, SAC, etc. Consider:
Role access vs. employee access Role may contain more access to allow backup coverageSeparation of dutiesNeed-to-knowCompensating ControlsRisk, sensitivity, clearanceNo “access creep”Only what’s needed
Contact AMB after roles are defined
NFC AMB Build new userid with access from role
requirements Set Validation Period
Specific dates “New” userid used for “production”
work Have “old” userid for fall-back (just
in case) Report problems
Implementation Steps
November 13, 2013 24
Example of Role Based Access as of 11/12/13 X: ISPCS/AMB_REQ ROLES for Agency XXXX
#
ROLEs(Functionality)
PROFILE / ROLE Designator
APPLICATIONS Level of
Access
User’s/REVISION HISTORY ( Date & Description of security access change and the Initials of the Administrator, and REMEDY Inc number
1 Workers Compensation PXXA0000/ ROLE A XX -Agency
IRIS/S, PINQ/S Ex: TRFD TRAATRAB
Users:BFxxx, BFxxx 09/30/13 Initial req comp by xitgms # 234567 11/10/13 granted TRAB/TRAA accessCompleted by xitgms # 123456
2 Processing Supervisor and Specialists PXXB0000/ ROLE BXX -Agency
FOCUS, ABCO, IRIS/S, PINQ/S, PMSO/U, RFQS, TMGT, UCFE/S, RETM/U/F, CULPRIT, SPPS/INPUT/APPROVAL, WEB EPIC/Per/Pay, VPS(PRINTING), ** NFC REPORTING CENTER - FINANCIAL REPORTS - STATEMENT OF EARNINGS & LEAVE AND W2 WAGE & TAX STATEMENT ‘Sensitive and Detail’
TRFD Users:BFxxx, BFxxx 09/30/13 Initial req comp by xitgms # 234567
3 Processing Assistants PXXC0000/ ROLE CXX -Agency
FOCUS, ABCO, IRIS/S, PINQ/S, PMSO/U, RFQS, TMGT, UCFE/S, RETM/U/F, CULPRIT, SPPS/U, WEB EPIC, VPS(PRINTING),** NFC REPORTING CENTER - FINANCIAL REPORTS - STATEMENT OF EARNINGS & LEAVE AND W2 WAGE & TAX STATEMENT ‘Sensitive and Detail’
TRFD Users:BFxxx, BFxxx 09/30/13 Initial req comp by xitgms # 234567
4 Benefits Supervisors and Specialists PXXD0000/ ROLE DXX -Agency
ABCO, IRIS/S, PINQ/S, PMSO/U, RFQS, TMGT, UCFE/S, RETM/U/F, CULPRIT, SPPS/INPUT/APPROVAL, WEB EPIC, VPS(PRINTING)** NFC REPORTING CENTER: FINANCIAL REPORTS - STATEMENT OF EARNINGS & LEAVE AND WORKFORCE REPORTS - LEAVE BALANCES AND ROSTER OF EMPLOYEES ‘Sensitive and Detail’
TRFD Users:BFxxx, BFxxx 09/30/13 Initial req comp by xitgms # 234567
5 Benefits Assistants PXXE0000/ ROLE E XX -Agency
ABCO, IRIS/S, PINQ/S, PMSO/U, RFQS, TMGT, UCFE/S, RETM/U/F, CULPRIT, SPPS/UPDATE, WEB EPIC, VPS(PRINTING),** NFC REPORTING CENTER: FINANCIAL REPORTS - STATEMENT OF EARNINGS & LEAVE AND WORKFORCE REPORTS - LEAVE BALANCES AND ROSTER OF EMPLOYEES ‘Sensitive and Detail’
TRFD Users:BFxxx, BFxxx 09/30/13 Initial req comp by xitgms # 234567
NFC ASO User Group MeetingRole Based Security
NFC ASO User Group Meeting2013 ASO Training Dates
ASO Basic Training (1st Wednesdays)
Dec 4, Jan 2*, Feb 5
Remedy Requester Console Training (2nd Wednesdays)
Nov 13, Dec 11, Jan 8
ASO Reports Training (3rd Wednesdays)
Nov 20, Dec 18, Jan 15
ASO Intermediate Training (4th Wednesdays)
Nov 27, Dec 26*, Jan 22
Sign up at [email protected]
1:00 p.m. – 3:00 p.m., Central Time
*If Wednesday falls on a holiday, class will be moved to following Thursday
November 13, 2013 25
NFC ASO User Group MeetingContact Information
Access & Report Requests via Remedy Requester Consolehttps://servicecenter.nfc.usda.gov/arsys/home
Trouble Tickets (Operations & Security Center)[email protected] or (800) 767-9641
Contact AMB (Request Training, Notifications)[email protected]
Security Cornerhttps://www.nfc.usda.gov/Security/Security_home.html
Ivan JacksonAssociate Director, ITSD, [email protected]
Lisa StaffordChief, ITSD, ITS, [email protected]
Remedy Requester Console TrainingLouis Collins, AMB [email protected] Varnado, AMB [email protected]
ASO Basic TrainingJennee Sander, AMB [email protected]
Reports TrainingEvangeline Duncan, AMB [email protected]
ASO Intermediate Training Susan Traill, AMB [email protected]
November 13, 2013 26
NFC ASO User Group Meeting
Questions? Comments?
November 13, 2013 27