eAuthentication Employee Rollout

1
\
U.S. Department of Agriculture eGovernment Program

• eAuthentication Employee Rollout
• Agency Employee Registration Leads Meeting 1

2
eAuthentication Service Employee Credentialing
Overview
The USDA eAuthentication service is expanding its
capabilities to include all USDA employees

• 49,000 USDA employees are already using the USDA
  eAuthentication service.
• The remaining USDA employees will use a
  self-service registration process to create USDA
  eAuthentication service credentials (user IDs and
  passwords.)
• The employee credentialing process will be
  implemented and available for use by June 30, and
  all current employees should have credentials by
  October.
• After all employees are registered, all agencies,
  including the Service Center Agencies supported
  by ICAMS, will use this new employee
  credentialing process for new employees.
• Service Center agency employees with active USDA
  eAuthentication service credentials should
  continue to use them rather than registering
  again.

3
eAuthentication Service Employee Credentialing
Overview

• The knowledge-based process follows all NIST
  guidelines the employee enters information that
  is matched against employee payroll data at the
  National Finance Center (NFC.)
• Agency Heads with support from their CIOs and
  EGWG team members have been requested to
• Determine rollout time line
• Coordinate registration in their Agency
• Agency Heads have chosen an Agency Employee
  Registration Lead to coordinate employee
  registration in your agency.
• A Primary Registration Lead must be designated
  from each agency which submitted multiple Leads
  to receive reports and notifications from the
  system.

4
eAuthentication Service Employee Credentialing
Plan

• The USDA eAuthentication service employee
  credentialing process will be completed along the
  following schedule

Post June 30
30
-
Jun
25
-
Jun
18
-
Jun
11
-
Jun
4
-
Jun
28
-
May
21
-
May
Post June 30
30
-
Jun
25
-
Jun
18
-
Jun
11
-
Jun
4
-
Jun
28
-
May
21
-
May
Agency (x)
Intro
Agency Heads Select Leads
Credentials
Agency (x)
to CIOs
Employees
Credentials
Agency (x)
Employees
Credentials
Employees
Agency
Agency Leads Prepare for Rollout
Implementation
Plans
Agency (x)
Credentials
Agency (x)
Employees
Credentials
Agency (x)
Drafts
System
Employees
Credentials
Templates to
Employees
Agency Leads
Goes
Guidance
Live
To HR Officers
Train
eAuthentication
Help Desk
Status Meetings For Agency Leads
Status Meetings For Agency Leads
Status Meetings For Agency Leads
Status Meeting For CIOs
Status Meeting For CIOs
Status Meeting For CIOs
Comments? Please address them to
ounangst_at_itc.nrcs.usda.gov with Employee
Registration in the subject line.
5
eAuthentication Service Employee Credentialing
Concepts

• The Agency Leads will complete an Employee
  Registration Rollout Plan by June 18th please
  coordinate with any applications that plan to use
  the new credentials, including your Agency
  AgLearn Lead.
• Each Agency Lead will coordinate registration
  detailsfor all agency employees, including
  communications based on templates provided by the
  eAuthentication team.
• Employees being registered will require little
  trainingother than a job aid (a template will be
  delivered to Agency Leads.)

Registration Rollout Plan Agency Name Agency
Lead PersonNumber of Agency Employees
Approx. Number of Locations or OfficesProposed
Rollout Date(s)(show estimated start and
completion dates)Web Based Applications
Expected to be Used By Agency Employees(ID
employee-facing web applications expected by the
end of FY05)Additional Comments/Concepts
6
eAuthentication Service Employee Credentialing
Concepts

• The USDA eAuthentication service employee
  self-registration Web-site will be used to
  compare self-entered employee information against
  NFC information.
• If the information entered by the employee does
  not match the NFC data, the information will be
  sent to the USDA eAuthentication help desk team
  and the Agency Registration Lead who will contact
  the employee and assist with an alternative
  registration process.

7
Agency Lead Roles and Responsibilities

• The Agency Registration Lead will coordinate with
  application owners who plan to use the new
  credentials to protect their applications,
  including AgLearn. These application owners will
  contribute to the timing and communication of the
  Employee Registration Rollout plan.
• The Agency Registration Lead will complete an
  Employee Registration Rollout Plan by June 18th.
• The Agency Registration Lead will be responsible
  for tailoring the draft templates received from
  the eAuthentication team including
  agency-specific guidance for username format
  suggestions.
• The Agency Registration Lead is requested to join
  eAuthentication preparatory teleconferences.
• The Agency Registration Lead will receive
  notifications of any registration failures and
  may assist employees in working with their HR
  personnel to ensure accurate personnel data.
• Reporting will be created to ensure Agency Leads
  know the status of the agency employee
  credentialing process.

8
Employee Roles and Responsibilities

• Each agency will send instructions to their
  employees according to the Agency Rollout plan
  and based on the eAuthentication templates.
• Each employee will collect personally
  identifiable information from the Earnings and
  Leave Statement and Personnel Action Form
• Each employee will visit the USDA eAuthentication
  service employee credentialing Web-site to
  self-register for a USDA eAuthentication service
  Level 2 credential (userID and password).
• If the employee information can be verified, the
  employee is issued a Level 2 credential.
• If the online registration fails, the employee
  will be contacted by the USDA eAuthentication
  service Help Desk team for assistance with
  registration.
• Each employee is responsible for keeping their HR
  data up to date through normal channels.

9
HR Roles and Responsibilities

• HR personnel are responsible for keeping
  personnel data up to date through normal
  channels. This includes employee information as
  well as any changes to employee status (such as
  On Leave or Terminated.)
• Certain employee status changes (retirements,
  firings, etc) must be updated as they occur to
  have the change propagated across protected
  resources.
• Changes recorded at NFC will be processed each
  night into the USDA eAuthentication service.
• If immediate action is needed on an employee, the
  request can be sent by the agency HR directors to
  the USDA eAuthentication help desk for
  processing.
• No additional training is required.

10
USDA eAuthentication Employee Credentialing
Web-Site

• To view the demo screens, go to
  http//www.dev.emp.sc.egov.usda.gov/

• The USDA eAuthentication service employee
  self-registration pages were designed to follow
  the USDA Style Guide as well as Section 508
  Compliance.
• The employee credentialing process is approved by
  NIST and GSA as compliant with Government-wide
  data security standards.

11
Employee Credentialing Process Results

• The employee will enter their personal
  information at the USDA eAuthentication employee
  credentialing site and then the information will
  be compared against information from NFC

Employee fails registration process but can
provide required information via phone.
Employee accesses self-registration Web page.
Employee fails registration process and cannot
provide required information via phone.
12
eAuthentication Employee User IDs and Passwords
Upon successful completion, the employee will
create a User ID and password

• UserIDs can currently be anything the employee
  selects, but the agency may set suggested
  standards and publish those as part of the
  employee instructions.
• Password life will be 90 days.
• Passwords must be 9 - 12 characters long.
• Passwords must contain the following at least 1
  uppercase letter, at least 1 lowercase letter,
  and at least 1 non alphabetical character
  including numbers and the following special
  characters !     -              
    ,   ?  
• Passwords CANNOT contain the user's name first or
  last or user ID, dictionary words, spaces, tabs,
  or any other special characters not listed above.
• eAuthentication Level 2 passwords have been
  approved by NIST to qualify for Level 2
  credentials based on NIST standards.  In
  particular, the strength of the password and the
  associated controls (account lockout, password
  issuance, and password standards) meet NIST
  requirements of 16 bits of "password entropy." 

13
eAuthentication Employee Registration Leads
AMS Gino Yannotti APHIS Nancy Gaucher, Cheryl
Johnson ARS Jim Neal Civil Rights - Monique
Simmons, Queen Lavanaugh CNPP CSREES - Sally J.
Rockey Departmental Administration Michael
OConnor ERS - Sandy Suddendorf, Raj Pujara FAS
- Ted Goldammer, Kathy Ting FNS - Larry Blim,
Rick Hargreaves FS FSA - Ragh Singh, Jeff Kerby,
Steve Mikkelsen, Lynn Olphant FSIS - Peggy
Nunnery GIPSA David T. Will NAL - Melanie
Gardener
NASS - Sylvia Magbanua National Appeals
Division NRCS - Wanda Bryant, Cassandra Taylor,
Barb Pursley OBPA - Connie Rubin OCFO - Mike
Zeringue (NFC), Gail Rousseve OCIO Owen
Unangst Office of Chief Economist Milton
Erickson Office of Communications - Debbie
Fleshman, Wayne Moore, Lisa McFerson Office of
Congressional Relations Office of Executive
Secretariat Office of General Counsel Office of
Inspector General - Elenora Battle RD - Deborah
Johnson, Rose King, Tom Dicksen RMA Byron
Anderson, Sally Relyea, Alex Christensen
14
Next Steps

• Agency Rollout Plan due by June 18th.
• Agency Employee Registration Leads Meetings June
  23 July 14.

June 23 200 PM ETRm S-107 1-877-664-9764 269723
July 14 200 PM ETRm S-107 1-877-664-9764 269723

• Next Agency CIO Meetings June 16 and July 7.
  

June 16 200 PM ETRm S-107 1-877-664-9764 269723
July 7 200 PM ETRm S-107 1-877-664-9764 269723