ASO News and Initiatives | National Finance Center
Skip to Main Content

United States Department of Agriculture

National Finance Center

Additional Links
About
Contact Us
Subscribe

News and Initiatives

ASO SECURITY TRAINING MODULE CHANGES
In light of the ever growing Cyber Security attacks, NFC is strengthen our security posture in every way to be proactive to threats. In doing so, education and training is a critical factor to proactively handle matters. Therefore, NFC is requiring all appointed Agency Security Officers (ASOs) to complete an annual mandatory Agency Security Officer Basic Refresher Training course.

Courses offered monthly through Acuity scheduling are as follows:

Training Method:

  1. Training will be interactive and hands-on.
  2. Training will be focused and limited to one platform
  3. Mainframe will be independently discussed.
  4. Web Application will be discussed separately such as SecureAll (SALL)
  5. Introduction of new topics
  6. Service Now replacement for Remedy
  7. Removal of Access from Terminated/Separated Employees (RATE)
  8. Role base Security Access Process and Procedure
  9. Training will have prerequisites:
    1. ASO must have an active status
    2. ASO must have an active account on SNOW, Mainframe (MVS) and SecureAll (SALL)
    3. Each course will be a prerequisite to the other to ensure an end-to-end understanding of the business process.

Completion Certificates with digital signature capability.

New modules to be effective August 1, 2017.

New Security Initiatives

Role Base Access Strategy

NFC is currently implementing agencies into role-based security. Agencies will be contacted individually to begin the process. In the meantime, ASOs should familiarize themselves with their current profiles and the access assigned to those profiles.

The restructured schedule is based upon the following strategy:

View the Agency Role Based Schedule

Role Base Checklist:

  1. Set up agency functional working group meeting.
  2. Review Role Base Security Access Frequently Asked Questions with Functional Managers/Agency RBA Team.
  3. Review existing agency accesses to all applications.
  4. Identify obsolete application, processes or access privileges.
  5. During the work group sessions, do the following:
    • Identify required NFC applications and processes
    • Identify application capability required within each application (Use AD-3100-P form)
    • Identify scope of authority, such as level of data required (ORG, POI, Contact Points, etc.)
  6. Create an Excel document that outlines the agency business roles.
  7. Create an Excel document that outlines the agency user names, agency user IDs and associated business roles.
  8. Identify agency personnel that will validate each role. Recommendation: Select experienced personnel that can maximize validating the business role using production work. There should be a minimum of two business role validators/testers per business role.
  9. Verify appropriate security clearance are held by users possessing sensitive data within the applications.
  10. Create an RBA library of business roles to be referenced for the implementation.

ASO Enhanced Training Modules

NFC is requiring all appointed Agency Security Officers (ASOs) to complete an annual mandatory Agency Security Officer Basic Refresher Training course.

The courses offered monthly through Acuity scheduling are as follows:

Use the scheduling link on the individual course pages to schedule the agency security officers trainings and meetings.

Access Form

NFC has developed standardized security access forms to submit requests for access. Use of these forms will reduce the number of errors submitted by ASOs and provide a clear guideline for correctly providing all required information. Please find these forms on the ASO Forms page.

FAQs

NFC has developed a list of frequently asked questions for our Agency Security Officers. If you don’t see the answer you are looking for and you would like to ask a question, email us at NFC.ASO@nfc.usda.gov.

Last Updated / Reviewed: July 09, 2018