- Provide both a primary and two backup Agency Security Officers, to ensure that security functions can continue if the primary Agency Security Officer is unavailable.
- Inform NFC of ASO personnel or contact information changes.
Agency Security Officers
- Serve as the liaison between Agency users and NFC Access Management Branch.
- Provide security awareness briefing to all employees upon receipt of an NFC user ID.
- Ensure that access is being requested in compliance with the Agency’s security policy (e.g., Update access.)
- Submit properly completed requests for security access via ServiceNow (ServiceNow Login (eAuth) / ServiceNow Login (non-eAuth)), listing user ID(s) and all required resources, level of access (Read or Update) needed, scope of access (org structure or POI) needed, and ensuring PII data is encrypted.
- Protect PII data by encrypting security access request e-mail attachments and providing the password to NFC via telephone only.
- Immediately suspend user accounts who have separated.
- Notify NFC of changes in access authority or employment status (separation or extended leave).
- Request and/or review security access reports to ensure that only currently employed, authorized users have access to Agency resources.
- Refrain from requesting security access changes for your own user ID.
- Provide proper justification for expedited security access requests.
- Use your access to provide only assigned, authorized functions.
- Call the NFC Operations and Security Center (OSC) to report access problems. OSC can be reached at 1-800-767-9641, or via email at firstname.lastname@example.org. Include the user's exact error message, user ID and user name.
- Attend ASO training as needed.
- Attend quarterly ASO User Group meetings as needed.
- Remind Agency users whose accounts are about to expire to log on.
- Remove password suspends for their users.
- Review and act upon security notifications from GovDelivery.
- Use the SecureAll (SALL) application to reset user passwords for DPRW, FUND, FSDE, ITRS, OFEE, and Reporting Center.
- Review security access reports on the NFC Reporting Center to ensure that access for separated employees is removed.
- Use authorized forms (AD-3100 series provided by NFC or agency-authorized) to submit access requests.
- Reset passwords for users on the Mainframe via the ASO panels.
Last Updated / Reviewed: March 28, 2019