National Finance Center

News and Initiatives

ASO SECURITY TRAINING MODULE CHANGES

In light of the ever growing Cyber Security attacks, NFC is strengthen our security posture in every way to be proactive to threats. In doing so, education and training is a critical factor to proactively handle matters. Therefore, NFC is requiring all appointed Agency Security Officers (ASOs) to complete an annual mandatory Agency Security Officer Basic Refresher Training course.

Courses offered monthly through Acuity scheduling are as follows:

• NFC Agency Security Officer Service Now
• NFC Agency Security Officer Basic Mainframe Training
• NFC Agency Security Officer SecureAll Training
• Use the Acuity link below to schedule the agency security officers trainings and meetings:
  https://usdanfc.acuityscheduling.com/schedule.php

Training Method:

1. Training will be interactive and hands-on.
2. Training will be focused and limited to one platform
3. Mainframe will be independently discussed.
4. Web Application will be discussed separately such as SecureAll (SALL)
5. Introduction of new topics
6. Service Now replacement for Remedy
7. Removal of Access from Terminated/Separated Employees (RATE)
8. Role base Security Access Process and Procedure
9. Training will have prerequisites:
   1. ASO must have an active status
   2. ASO must have an active account on SNOW, Mainframe (MVS) and SecureAll (SALL)
   3. Each course will be a prerequisite to the other to ensure an end-to-end understanding of the business process.

Completion Certificates with digital signature capability.

New modules to be effective August 1, 2017.

New Security Initiatives

Role Base Access Strategy

NFC is currently implementing agencies into role-based security. Agencies will be contacted individually to begin the process. In the meantime, ASOs should familiarize themselves with their current profiles and the access assigned to those profiles.

The restructured schedule is based upon the following strategy:

• NFC Customers have been categorized into three categories which is based upon the size of the department and sub-agencies.
• The three categories will be worked sequentially. It is still to be determined if multiple agencies can be simultaneously implemented. Therefore, when reviewing the schedule, the durations/dates are based upon worst case scenario.
• All sub-agencies within a department will be implemented during the identified implementation window.
• The ultimate goal is to complete a minimum of 3 agencies a year within a 5 year project duration.

View the Agency Role Based Schedule

Role Base Checklist:

1. Set up agency functional working group meeting.
2. Review Role Base Security Access Frequently Asked Questions with Functional Managers/Agency RBA Team.
3. Review existing agency accesses to all applications.
4. Identify obsolete application, processes or access privileges.
5. During the work group sessions, do the following:
   • Identify required NFC applications and processes
   • Identify application capability required within each application (Use AD-3100-P form)
   • Identify scope of authority, such as level of data required (ORG, POI, Contact Points, etc.)
6. Create an Excel document that outlines the agency business roles.
7. Create an Excel document that outlines the agency user names, agency user IDs and associated business roles.
8. Identify agency personnel that will validate each role. Recommendation: Select experienced personnel that can maximize validating the business role using production work. There should be a minimum of two business role validators/testers per business role.
9. Verify appropriate security clearance are held by users possessing sensitive data within the applications.
10. Create an RBA library of business roles to be referenced for the implementation.

ASO Enhanced Training Modules

NFC is requiring all appointed Agency Security Officers (ASOs) to complete an annual mandatory Agency Security Officer Basic Refresher Training course.

The courses offered monthly through Acuity scheduling are as follows:

• NFC Agency Security Officer Service Now (SNOW)
• NFC Agency Security Officer Basic Mainframe Training
• NFC Agency Security Officer SecureAll (SALL) Training

Use the scheduling link on the individual course pages to schedule the agency security officers trainings and meetings.

Access Form

NFC has developed standardized security access forms to submit requests for access. Use of these forms will reduce the number of errors submitted by ASOs and provide a clear guideline for correctly providing all required information. Please find these forms on the ASO Forms page.

FAQs

NFC has developed a list of frequently asked questions for our Agency Security Officers. If you don’t see the answer you are looking for and you would like to ask a question, email us at ocfoambescalation@usda.gov.