U S Department of Agriculture e Government

U. S. Department of Agriculture e. Government Program e. Authentication Employee Rollout Agency Employee Registration Leads Meeting #1 June 9, 2004

U. S. Department of Agriculture e. Government Program e. Authentication Service Employee Credentialing Overview The USDA e. Authentication service is expanding its capabilities to include all USDA employees: q 49, 000 USDA employees are already using the USDA e. Authentication service. q The remaining USDA employees will use a self-service registration process to create USDA e. Authentication service credentials (user IDs and passwords. ) q The employee credentialing process will be implemented and available for use by June 30, and all current employees should have credentials by October. q After all employees are registered, all agencies, including the Service Center Agencies supported by ICAMS, will use this new employee credentialing process for new employees. q Service Center agency employees with active USDA e. Authentication service credentials should continue to use them rather than registering again. 2

U. S. Department of Agriculture e. Government Program e. Authentication Service Employee Credentialing Overview q The “knowledge-based” process follows all NIST guidelines; the employee enters information that is matched against employee payroll data at the National Finance Center (NFC. ) q Agency Heads with support from their CIOs and EGWG team members have been requested to: ü Determine rollout time line ü Coordinate registration in their Agency q Agency Heads have chosen an Agency Employee Registration Lead to coordinate employee registration in your agency. q A “Primary” Registration Lead must be designated from each agency which submitted multiple Leads to receive reports and notifications from the system. 3

U. S. Department of Agriculture e. Government Program e. Authentication Service Employee Credentialing Plan The USDA e. Authentication service employee credentialing process will be completed along the following schedule: 21 -May 28 -May Intro: to CIO’s 4 -Jun 11 -Jun 18 -Jun 25 -Jun 30 -Jun Post June 30 Agency (x) Credentials(x) Agency Employees (x) Credentials Agency Employees Credentials Employees Agency Heads Select Leads Agency Implementation Plans Agency Leads Prepare for Rollout Drafts & Templates to Agency Leads System Agency (x) Credentials(x) Agency Employees (x) Credentials Agency Employees Credentials Employees Goes Guidance: To HR Officers Live Automated Progress Rpts Train e. Authentication Help Desk Status Meeting For CIOs Status Meetings For Agency Leads Status Meeting For CIOs Comments? Please address them to ounangst@itc. nrcs. usda. gov with ‘Employee Registration’ in the subject line. 4 Status Meetings For Agency Leads

U. S. Department of Agriculture e. Government Program e. Authentication Service Employee Credentialing Concepts q q q The Agency Leads will complete an Employee Registration Rollout Plan by June 18 th – please coordinate with any applications that plan to use the new credentials, including your Agency Ag. Learn Lead. Registration Rollout Plan Agency Name: Agency Lead Person: Number of Agency Employees: Approx. Number of Locations or Offices Each Agency Lead will coordinate registration details for all agency employees, including communications based on templates provided by the e. Authentication team. Proposed Rollout Date(s): (show estimated start and completion dates) Employees being registered will require little training other than a job aid (a template will be delivered to Agency Leads. ) Additional Comments/Concepts: 5 Web Based Applications Expected to be Used By Agency Employees: (ID employee-facing web applications expected by the end of FY 05)

U. S. Department of Agriculture e. Government Program e. Authentication Service Employee Credentialing Concepts q The USDA e. Authentication service employee self-registration Web-site will be used to compare self-entered employee information against NFC information. q If the information entered by the employee does not match the NFC data, the information will be sent to the USDA e. Authentication help desk team and the Agency Registration Lead who will contact the employee and assist with an alternative registration process. 6

U. S. Department of Agriculture e. Government Program Agency Lead – Roles and Responsibilities q The Agency Registration Lead will coordinate with application owners who plan to use the new credentials to protect their applications, including Ag. Learn. These application owners will contribute to the timing and communication of the Employee Registration Rollout plan. q The Agency Registration Lead will complete an Employee Registration Rollout Plan by June 18 th. q The Agency Registration Lead will be responsible for tailoring the draft templates received from the e. Authentication team including agency-specific guidance for “username format suggestions”. q The Agency Registration Lead is requested to join e. Authentication preparatory teleconferences. q The Agency Registration Lead will receive notifications of any registration failures and may assist employees in working with their HR personnel to ensure accurate personnel data. q Reporting will be created to ensure Agency Leads know the status of the agency employee credentialing process. 7

U. S. Department of Agriculture e. Government Program Employee – Roles and Responsibilities q Each agency will send instructions to their employees according to the Agency Rollout plan and based on the e. Authentication templates. q Each employee will collect personally identifiable information from the Earnings and Leave Statement and Personnel Action Form q Each employee will visit the USDA e. Authentication service employee credentialing Web-site to self-register for a USDA e. Authentication service Level 2 credential (user. ID and password). q If the employee information can be verified, the employee is issued a Level 2 credential. q If the online registration fails, the employee will be contacted by the USDA e. Authentication service Help Desk team for assistance with registration. q Each employee is responsible for keeping their HR data up to date through normal channels. 8

U. S. Department of Agriculture e. Government Program HR – Roles and Responsibilities q HR personnel are responsible for keeping personnel data up to date through normal channels. This includes employee information as well as any changes to employee status (such as “On Leave” or “Terminated. ”) q Certain employee status changes (retirements, firings, etc) must be updated as they occur to have the change propagated across protected resources. q Changes recorded at NFC will be processed each night into the USDA e. Authentication service. q If immediate action is needed on an employee, the request can be sent by the agency HR directors to the USDA e. Authentication help desk for processing. q No additional training is required. 9

U. S. Department of Agriculture e. Government Program USDA e. Authentication Employee Credentialing Web-Site To view the demo screens, go to http: //www. dev. emp. sc. egov. usda. gov/ q The USDA e. Authentication service employee selfregistration pages were designed to follow the USDA Style Guide as well as Section 508 Compliance. q The employee credentialing process is approved by NIST and GSA as compliant with Government-wide data security standards. 10

U. S. Department of Agriculture e. Government Program Employee Credentialing Process Results The employee will enter their personal information at the USDA e. Authentication employee credentialing site and then the information will be compared against information from NFC… Employee successfully completes selfregistration process. Employee accesses selfregistration Web page. Employee issued e. Authentication credential with Level 2 assurance. Employee fails registration process but can provide required information via phone. e. Authenticatio n Help Desk contacts user to assist. Employee fails registration process and cannot provide required information via phone. Employee issued e. Authentication credential with Level 2 assurance. Registration is denied; employee must contact HR personnel to update record. Agency Registration Lead is notified. 11

U. S. Department of Agriculture e. Government Program e. Authentication Employee User IDs and Passwords Upon successful completion, the employee will create a User ID and password… q User. IDs can currently be anything the employee selects, but the agency may set suggested standards and publish those as part of the employee instructions. q Password life will be 90 days. q Passwords must be 9 - 12 characters long. q Passwords must contain the following at least 1 uppercase letter, at least 1 lowercase letter, and at least 1 non alphabetical character including numbers and the following special characters: ! # - $ % * = + : ; , ? ~ q Passwords CANNOT contain the user's name first or last or user ID, dictionary words, spaces, tabs, or any other special characters not listed above. q e. Authentication Level 2 passwords have been approved by NIST to qualify for Level 2 credentials based on NIST standards. In particular, the strength of the password and the associated controls (account lockout, password issuance, and password standards) meet NIST requirements of 16 bits of "password entropy. " 12

U. S. Department of Agriculture e. Government Program e. Authentication Employee Registration Leads AMS – Gino Yannotti APHIS – Nancy Gaucher, Cheryl Johnson ARS – Jim Neal Civil Rights - Monique Simmons, Queen Lavanaugh CNPP CSREES - Sally J. Rockey Departmental Administration – Michael O’Connor ERS - Sandy Suddendorf, Raj Pujara FAS - Ted Goldammer, Kathy Ting FNS - Larry Blim, Rick Hargreaves FS FSA - Ragh Singh, Jeff Kerby, Steve Mikkelsen, Lynn Olphant FSIS - Peggy Nunnery GIPSA – David T. Will NAL - Melanie Gardener NASS - Sylvia Magbanua National Appeals Division NRCS - Wanda Bryant, Cassandra Taylor, Barb Pursley OBPA - Connie Rubin OCFO - Mike Zeringue (NFC), Gail Rousseve OCIO – Owen Unangst Office of Chief Economist – Milton Erickson Office of Communications - Debbie Fleshman, Wayne Moore, Lisa Mc. Ferson Office of Congressional Relations Office of Executive Secretariat Office of General Counsel Office of Inspector General - Elenora Battle RD - Deborah Johnson, Rose King, Tom Dicksen RMA – Byron Anderson, Sally Relyea, Alex Christensen 13

U. S. Department of Agriculture e. Government Program Next Steps q Agency Rollout Plan due by June 18 th. q Agency Employee Registration Leads Meetings June 23 & July 14. June 23 2: 00 PM ET Rm S-107 1 -877 -664 -9764 269723# July 14 2: 00 PM ET Rm S-107 1 -877 -664 -9764 269723# q Next Agency CIO Meetings June 16 and July 7. June 16 2: 00 PM ET Rm S-107 1 -877 -664 -9764 269723# July 7 2: 00 PM ET Rm S-107 1 -877 -664 -9764 269723# 14