1 / 49

The National Finance Center Agency Security Officer User Group Meeting February 18, 2009

United States Department of Agriculture Office of the Chief Financial Officer National Finance Center. The National Finance Center Agency Security Officer User Group Meeting February 18, 2009. ASO User Group Meeting. Debbie Byrne– Program Manager Over Staff Offices debbie.byrne@usda.gov

olin
Download Presentation

The National Finance Center Agency Security Officer User Group Meeting February 18, 2009

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. United States Department of Agriculture Office of the Chief Financial Officer National Finance Center The National Finance CenterAgency Security OfficerUser Group Meeting February 18, 2009

  2. ASO User Group Meeting • Debbie Byrne– Program Manager Over Staff Offices • debbie.byrne@usda.gov • (504) 426-0220 • Michael Zeringue – Chief ISSO • mike.zeringue@usda.gov • (504) 426-0408 • Lisa Stafford– ISPCS Staff • lisa.stafford@usda.gov • (504) 426-0440

  3. ASO User Group Meeting Agenda • Secure All (SALL) • Status • IAM – Identity Access Manager • Overview • Status • Role Based Security • Overview • Getting Started Now • Upcoming ASO Training • Questions

  4. ASO User Group Meeting • SALL • Security application which enables • ASO to manage user’s password • View, report, and download user access information Status • Undergoing C & A Process Implementation Date • Reporting Center Targeted for first of April 2009 Access • Access must be requested • Requests already submitted to NFC will be processed

  5. ASO User Group Meeting SALL Future Applications • FSDE-- Financial Statement Data Exchange • TUMS-- TELE/UTVN Maintenance Web Application • IBIL-- Internet Billing • FUND-- Office of the Chief Financial Officer Fund • OFEE--OCFO Fee Review • ITRS--Intradepartmental Trans Reconcilation

  6. ASO User Group Meeting SALL QUESTIONS

  7. ASO User Group Meeting IAM Identity Access Manager

  8. ASO User Group Meeting IAM – Identity Access Manager • Overview • Tool for ASO to manage access to users within their scope • Automated granting of access for defined roles. • Status • Product is Installed • Implementing within NFC • Migrate to Agencies in 2010 or 2011

  9. ASO User Group Meeting

  10. ASO User Group Meeting

  11. ASO User Group Meeting IAM – Identity Access Manager Demonstration of IAM Implemented at NFC

  12. ASO User Group Meeting

  13. ASO User Group Meeting

  14. ASO User Group Meeting

  15. ASO User Group Meeting

  16. ASO User Group Meeting

  17. ASO User Group Meeting

  18. ASO User Group Meeting

  19. ASO User Group Meeting

  20. ASO User Group Meeting

  21. ASO User Group Meeting

  22. ASO User Group Meeting

  23. ASO User Group Meeting

  24. ASO User Group Meeting

  25. ASO User Group Meeting

  26. ASO User Group Meeting

  27. ASO User Group Meeting

  28. ASO User Group Meeting

  29. ASO User Group Meeting

  30. ASO User Group Meeting

  31. ASO User Group Meeting

  32. ASO User Group Meeting IAM QUESTIONS

  33. ASO User Group Meeting Role Based Access

  34. ASO User Group Meeting • Objectives • What is role based security? • What are the benefits of role based security? • What steps are required to convert to role based security? • What processes will change?

  35. ASO User Group Meeting • What is Role Based Security? • Look at work from “Business” point of view • Group similar “business functions” into a role, e.g., Secretary, Timekeeper, Transmitter, Supervisor, etc. • Define the access needed to perform “business functions”

  36. ASO User Group Meeting What is Role Based Security? NFC’s Progress • Currently 90% of NFC employees have been converted • Privileged Users converted first • Software Developers next • Human Resources next • All other organizations

  37. ASO User Group Meeting • Benefits • Faster access administration • Better documentation of access • Easier audits • Less complicated • Fewer access errors • Less time for access review • Allows managers to know users’ access at-a-glance • Speeds up the security administration process • Positions agency for implementation into IAM

  38. ASO User Group Meeting Steps to Implement • Contact NFC Security Office to request assistance for role based conversion • Define roles and responsibilities • POCs (ASOs), managers, role owners, validators, etc. • Varies by agency • Identify business functions • Assign role name for each function • Identify access required for each role. Consider: • Role access vs. employee access • Role may contain more to allow backup coverage • Separation of duties • Need-to-know • Compensating Controls • Risk, sensitivity, clearance

  39. ASO User Group Meeting • Steps to Implement • Develop implementation schedule with NFC • Build new userid with access from role requirements • No “access creep” • Only what’s needed • Validation Period • Specific dates • “New” userid used for “production” work • Have “old” userid for fall-back (just in case) • Report problems to special mailbox, e.g., nfc.rbanfc@usda.gov (not OSC or Security Office)

  40. ASO User Group Meeting • Steps to Implement • ASOs coordinate problem reporting • 1. User Name • 2. Userid (Role Based) • 3. Error Message • 4. Date of Error • 5. Role Name • Cutover • Go / No Go • Delete “old” userid • Rename “new” userid • Monitor for one week

  41. ASO User Group Meeting Security Access Request Process Changes • Same process, but roles as well as userids are referenced • User gets access to role, not application • User can have only one role (per userid) • Role gets access to applications • Agency Security Officer (ASO) submits request via e-mail (clear text, encrypted, or password protected document), secure fax, USPS • NFC verifies request • NFC issues tracking number

  42. ASO User Group Meeting Defining a Role - Applications CULPRIT CADI FEDSINQ PINQ/S TRAI SPPS PINQ/N DB2FAAD WTWO RFQS MASC SETS IRIS PROP DB2EPIC PMSO RIFR DB2SPPS TINQ TMGT PERHIS ABCO UCFE FOCUS RETM DFIS/ARIS T&A TRAV DOTSE EARN & LEAVE

  43. ASO User Group Meeting Defining A Role • Consider what applications go together • 2nd and 3rd to last position of Profile Name • Multiple POIs per agency • Matrix combinations from A – ZZ • POI, Org, SAC, etc.

  44. ASO User Group Meeting APPLICATIONS A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ------------------------------------------------------------------------ CULPRIT | |X|X|X|X|X|X|X|X|X|X|X| |X|X|X|X|X|X|X|X| |X|X|X| | ------------------------------------------------------------------------ TINQ | | | | |X| | | |X| | | | | |X|X| | | | |X| | |X| | | ------------------------------------------------------------------------ RFQS |X|X| |X|X| | |X| | | |X| | |X| |X|X|X| |X| | |X| | | ------------------------------------------------------------------------ TMGT |X|X| |X| |X|X|X|X|X| |X| | |X|X|X|X| |X|X| | |X| | | ------------------------------------------------------------------------ IRIS/N | | | | | | | | | | | | | | | | | | | | | | |X| |X| | ------------------------------------------------------------------------ IRIS/S |X|X|X|X|X|X|X|X|X|X|X|X| |X|X|X|X|X|X|X|X|X| |X| | | ------------------------------------------------------------------------ PINQ/N | | | | | | | | | | | | | | | | | | | | | | |X| |X| | ------------------------------------------------------------------------ PINQ/S |X|X|X|X|X|X|X|X|X|X|X|X| |X|X|X|X|X|X|X|X|X| |X| | | ------------------------------------------------------------------------ PMSO |X|X|X|X|X| |X|X|X|X| |X| |X|X|X|X| |X| |X| |X|X| | | ------------------------------------------------------------------------ UCFE |X|X|X|X| | |X|X|X|X| |X| |X|X| |X| |X| |X|X| |X| | |

  45. ASO User Group Meeting Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z APPLICATIONS A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ------------------------------------------------------------------------ CULPRIT | |X| | | | | | | |X| | | | | |X| | | | |X| | | | | | ------------------------------------------------------------------------ TINQ | |X| | | | | | | |X| | | | | | | | | | | | | | | | | ------------------------------------------------------------------------ RFQS | |X| | | | | | | |X| | | | | | | | | |X|X| | | | | | ------------------------------------------------------------------------ TMGT | |X| | | | | | | |X| | | | | |X| | | |X|X| | | |X| | ------------------------------------------------------------------------ IRIS/N | | | | | | | | | | | | | | | |X| | | | | | | | |X| | ------------------------------------------------------------------------ IRIS/S | |X| | | | | | | |X| | | | | | | | | |X|X| | | | | | ------------------------------------------------------------------------ PINQ/N | | | | | | | | | | | | | | | |X| | | | | | | | |X| | ------------------------------------------------------------------------ PINQ/S | |X| | | | | | | |X| | | | | | | | | |X|X| | | | | | ------------------------------------------------------------------------

  46. ASO User Group Meeting Department: Agency: Role Name: (Job Function) Role ID: (Short identifier)

  47. ASO User Group Meeting Role Based Access QUESTIONS

  48. ASO User Group Meeting Upcoming Agency Security Officer Training Dates • March 2, 2009 thru March 6, 2009 • June 22, 2009 thru June 26, 2009 • August 31, 2009 thru September 4, 2009 • December 7, 2009 thru December 11, 2009

  49. ASO User Group Meeting • Debbie Byrne– Program Manager Over Staff Offices • debbie.byrne@usda.gov • (504) 426-0220 • Michael Zeringue – Chief ISSO • mike.zeringue@usda.gov • (504) 426-0408 • Lisa Stafford– ISPCS Staff • lisa.stafford@usda.gov • (504) 426-0440

More Related