270 likes | 560 Views
United States Department of Agriculture Office of the Chief Financial Officer National Finance Center. NFC ASO User Group Meeting Wednesday, November 13, 2013 10:00 a.m. – 11:30 a.m., Central Time Presented by Information Technology Services Division (ITSD),
E N D
United States Department of Agriculture Office of the Chief Financial Officer National Finance Center NFC ASO User Group Meeting Wednesday, November 13, 2013 10:00 a.m. – 11:30 a.m., Central Time Presented by Information Technology Services Division (ITSD), Information Technology Security (ITS), Access Management Branch (AMB)
NFC ASO User Group MeetingAgenda Welcome.........................................................Lisa Stafford Webinar Guidelines.......................................Louis Collins News & Updates…...........................................AMB Team Questions & Comments..................................................All November 13, 2013
NFC ASO User Group MeetingWebinar Guidelines • Place your phone on ‘mute’ • Do not put your phones on ‘hold’ • Include your agency acronym with your name when signing in • Send your name & agency, comments & questions via the Notes tab during the webinar • Email NFC.ASO@nfc.usda.gov for a copy of the presentation or download it from the NFC Security Corner User Group Page (https://www.nfc.usda.gov/Security/user_group.html) November 13, 2013
NFC ASO User Group Meeting Performance Metrics • Topics for Discussion • Performance Metrics • Access Updates • AMB Team • ASO Best Practices Example • Project Updates November 13, 2013
NFC ASO User Group Meeting Performance Metrics Processed Access Requests: October 2012 – September 2013 November 13, 2013
NFC ASO User Group Meeting Performance Metrics Processed Access Requests – External Agencies: Oct 2012 – Sept 2013 November 13, 2013
NFC ASO User Group Meeting Performance Metrics November 13, 2013
NFC ASO User Group Meeting Performance Metrics November 13, 2013
NFC ASO User Group Meeting Reminders • Accounts Deleted Due to Inactivity • Select CREATE ID… summary line option in Remedy Requester Console • Provide old UserID, SSN, access • Request extensions to access for year-end expiration timely • Fiscal Year End • Calendar Year End November 13, 2013
NFC ASO User Group Meeting Access Updates Moderate Approximately 2 hours to process per user ID CUAT EMPHR/NEIS (1 environment) FATA MITS Multiple Applications Profiles (<4 ) Separations Security Specifications (Modify) --------------------------------------------------------------------------------------- Complex Approximately 8 hours to process per user ID >50 UserIDs Internal Access ASO Access Batch ACIDs DB2 Grants Cross Authorization Cross Svc Agencies CTMS EMPHR/NEIS (>1 environment) FESI Multiple Environments Multiple POIs Org Realignments Profiles (>=4) Security Specifications (New) Security System Maintenance Started Tasks Stored Procedures Simple Approximately 30 minutes to process per user ID Delete account DRCi IM Expiration Date External Requests FTP IAS Insight ITRS User Name Change One Application Phone # Change November 13, 2013
NFC ASO User Group Meeting AMB Team* November 13, 2013
NFC ASO User Group MeetingASO Best Practices From:ASO NameSent: Wednesday, April 17, 2013 1:42 PMTo:User NameSubject: NFC Mainframe Account StatusSensitivity: Confidential Hello, You are receiving this email since you have not logged into the NFC Mainframe for the time period indicated below: User Id: XX1580 Last Login Date: 3/14/2013 Number of Days since Last Activity: 35 In order to login to the Reporting Center, ITRS and other NFC systems (such as TUMS), your NFC Mainframe ID has to be active. If you still require access to any NFC systems or if access is no longer required, please let us know by sending an email to mailbox@agency.gov. Please include the systems you currently access. Please be mindful that access to FFIS was terminated as of December 12, 2012 for MRP users. Thanks in advance for your time and assistance. November 13, 2013
NFC ASO User Group Meeting Project Updates • Security Access Forms • Role Based Security • Scheduling Software • Email Inactive Accounts • Provide email address on access forms • Electronic Forms Entry November 13, 2013
NFC ASO User Group Meeting NFC Security Access Forms • Advantages • Simplify requesting access changes • Reduce errors • Reduce processing time • Improve quality • Available November 18, 2013 on NFC web site • AD-3100-x • ASO Designation Form (AD-3100-A) • Reporting Center Security Access Form (AD-3100-R) • Payroll/Personnel System Security Access Form (AD-3100-P) • EmpowHR Security Access Form (AD-3100-E) (TBD) • Insight Security Access Form (AD-3042) • One form per user (can attach user list) • Common fields • Can’t save data • Save ticket number (for audit purposes, research) • Foundation for electronic forms entry • Can still use agency forms November 13, 2013
NFC ASO User Group Meeting NFC Security Access Forms November 13, 2013
NFC ASO User Group Meeting NFC Security Access Forms November 13, 2013
NFC ASO User Group Meeting NFC Security Access Forms Reporting Center Request for Security Access Form, cont. November 13, 2013
NFC ASO User Group Meeting NFC Security Access Forms November 13, 2013
NFC ASO User Group Meeting NFC Security Access Forms Payroll Personnel Request for Security Access, cont. November 13, 2013
NFC ASO User Group Meeting Role Based Security • Benefits • Faster access administration • Better documentation of access • Easier audits • Less complicated • Fewer access errors • Less time for access review • Allows managers to know users’ access at-a-glance • Speeds up the security administration process • Fewer roles to maintain • Sample Roles by Functionality • Staffing • Personnel • Office Management • Help Desk • Labor Relations • Accounting • Payroll Supervisors • Payroll Specialist • Payroll Assistants • Processing Supervisors • Processing Specialist • Processing Assistants • Agency Security Officers – DEPT, DIV, ZONE Level • Connect Direct • T & A – Timekeeper/Transmitter • T & A - Admin, Timekeeper/Transmitter • FESI Transmitter November 13, 2013
NFC ASO User Group Meeting Role Based Security APPLICATIONS A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ------------------------------------------------------------------------ CULPRIT | |X|X|X|X|X|X|X|X|X|X|X| |X|X|X|X|X|X|X|X| |X|X|X| | ------------------------------------------------------------------------ TINQ | | | | |X| | | |X| | | | | |X|X| | | | |X| | |X| | | ------------------------------------------------------------------------ RFQS |X|X| |X|X| | |X| | | |X| | |X| |X|X|X| |X| | |X| | | ------------------------------------------------------------------------ TMGT |X|X| |X| |X|X|X|X|X| |X| | |X|X|X|X| |X|X| | |X| | | ------------------------------------------------------------------------ IRIS/N | | | | | | | | | | | | | | | | | | | | | | |X| |X| | ------------------------------------------------------------------------ IRIS/S |X|X|X|X|X|X|X|X|X|X|X|X| |X|X|X|X|X|X|X|X|X| |X| | | ------------------------------------------------------------------------ PINQ/N | | | | | | | | | | | | | | | | | | | | | | |X| |X| | ------------------------------------------------------------------------ PINQ/S |X|X|X|X|X|X|X|X|X|X|X|X| |X|X|X|X|X|X|X|X|X| |X| | | ------------------------------------------------------------------------ PMSO |X|X|X|X|X| |X|X|X|X| |X| |X|X|X|X| |X| |X| |X|X| | | ------------------------------------------------------------------------ UCFE |X|X|X|X| | |X|X|X|X| |X| |X|X| |X| |X| |X|X| |X| | | November 13, 2013
NFC ASO User Group Meeting Role Based Security Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z Z APPLICATIONS A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ------------------------------------------------------------------------ CULPRIT | |X| | | | | | | |X| | | | | |X| | | | |X| | | | | | ------------------------------------------------------------------------ TINQ | |X| | | | | | | |X| | | | | | | | | | | | | | | | | ------------------------------------------------------------------------ RFQS | |X| | | | | | | |X| | | | | | | | | |X|X| | | | | | ------------------------------------------------------------------------ TMGT | |X| | | | | | | |X| | | | | |X| | | |X|X| | | |X| | ------------------------------------------------------------------------ IRIS/N | | | | | | | | | | | | | | | |X| | | | | | | | |X| | ------------------------------------------------------------------------ IRIS/S | |X| | | | | | | |X| | | | | | | | | |X|X| | | | | | ------------------------------------------------------------------------ PINQ/N | | | | | | | | | | | | | | | |X| | | | | | | | |X| | ------------------------------------------------------------------------ PINQ/S | |X| | | | | | | |X| | | | | | | | | |X|X| | | | | | ------------------------------------------------------------------------ November 13, 2013
NFC ASO User Group Meeting Role Based Security Implementation Steps • Agency • Identify roles • Look at work from “Business” point of view • Group similar “business functions” into a role, e.g., Secretary, Timekeeper, Transmitter, Supervisor, etc. • Define access needed to perform “business function” • Identify access levels • POIs, contact points, org structure, SAC, etc. • Consider: • Role access vs. employee access • Role may contain more access to allow backup coverage • Separation of duties • Need-to-know • Compensating Controls • Risk, sensitivity, clearance • No “access creep” • Only what’s needed • Contact AMB after roles are defined • NFC AMB • Build new userid with access from role requirements • Set Validation Period • Specific dates • “New” userid used for “production” work • Have “old” userid for fall-back (just in case) • Report problems November 13, 2013
NFC ASO User Group Meeting Role Based Security November 13, 2013
NFC ASO User Group Meeting2013 ASO Training Dates ASO Basic Training (1st Wednesdays) Dec 4, Jan 2*, Feb 5 Remedy Requester Console Training (2nd Wednesdays) Nov 13, Dec 11, Jan 8 ASO Reports Training (3rd Wednesdays) Nov 20, Dec 18, Jan 15 ASO Intermediate Training (4th Wednesdays) Nov 27, Dec 26*, Jan 22 Sign up at NFC.ASO@nfc.usda.gov 1:00 p.m. – 3:00 p.m., Central Time *If Wednesday falls on a holiday, class will be moved to following Thursday November 13, 2013
NFC ASO User Group MeetingContact Information November 13, 2013
NFC ASO User Group Meeting Questions? Comments? November 13, 2013