Embed Size (px)
Citation preview
Message Validation, Processing, and Provisioning System (MVPS) Access and
Secure Access Management Services (SAMS)Security Training for Jurisdictions
User Needs SAMS User ID
Center for Surveillance, Epidemiology, and Laboratory ServicesDivision of Health Informatics and Surveillance
Agenda
Overview Jurisdiction MVPS Dashboard Access - User does not have
SAMS User ID Maintenance of User Accounts Overview of Adding New User to MVPS Dashboard Appendix
2
Overview
Center for Surveillance, Epidemiology, and Laboratory ServicesDivision of Health Informatics and Surveillance
Overview
Overview
The goal of the Message Validation, Processing and Provisioning System (MVPS) is to validate and process nationally notifiable messages sent by jurisdictions and provisioning those data to the CDC Programs in an automated process.
Jurisdictions and CDC programs will have access to transactional message data through the MVPS Dashboard.
Jurisdiction user access to the dashboard will be managed by the CDC Secure Access Management System (SAMS).
4
Note: In order for a jurisdiction user to access the MVPS Dashboard they must go through two levels of security SAMS for authentication – you are who you say you are MVPS for authorization - what you are allowed to view/manage/report on within the
Dashboard
Key Terms
• CDC system used to validate and authenticate users for access to CDC systems, including the MVPS Dashboard
Security Access Management Services (SAMS)
• Person authorized by CDC to conduct identity proofing activities related to SAMS
• Authorized persons limited to badged CDC staff or notary public
Designated Proofing Agent (DPA)
• Person responsible for adding users to MVPS and initiating access to SAMSMVPS Support Manager
• Person designated by the jurisdiction• Responsible for adding jurisdiction users to MVPS Jurisdiction Data Manager
5
MVPS Jurisdiction User Roles
6
Adds authorized jurisdiction users to MVPS Adds and/or edits jurisdiction user role and
access to conditions Accesses data for one or more conditions
through the MVPS Dashboard
*Jurisdiction Data Manager Jurisdiction User Accesses data for one or more conditions
through the MVPS Dashboard
* An alternate jurisdiction data manager should also be designated. Jurisdictions should consider who in their organization would best fit this role(s): an IT-focused resource such as the surveillance system manager; a surveillance lead who provides a science leadership role, or another resource who can meet jurisdiction needs. The jurisdiction data manager, in most cases, will be the person who implements the activities listed above; not necessarily the person who authorizes it. The authorization process will be determined by each jurisdiction.
Jurisdiction MVPS Dashboard Access-User needs to obtain a SAMS UserID-
This section is for jurisdiction users who do not have an Active SAMS Level 2 (or higher) UserID. If jurisdiction users are not sure whether they have Active SAMS Level 2 access, they can request
their status by sending an e-mail to the MVPS Support Manager via [email protected].
Center for Surveillance, Epidemiology, and Laboratory ServicesDivision of Health Informatics and Surveillance
Jurisdiction MVPS Dashboard Access-User needs to obtain a SAMS UserID-
MVPS SAMS Registration Process OverviewAll external users must complete the SAMS registration process to gain access to MVPS.
8) MVPS Support Manager approves applicant in SAMS(SAMS status = Active)
7) User submits required ID proofing documents and signed SAMS Verification form
1) New jurisdiction user is identified
2) Jurisdiction data manager submits new user information by e-mail to [email protected].
3) MVPS Support Manager enters new user information into SAMS (SAMS status = Candidate)
6) SAMS e-mails user their SAMS UserID and proofing requirements to user
5) User completes SAMS registration information and submits to SAMS(SAMS status = Applicant)
4) SAMS invites user, via e-mail, to complete registration
SAMS registrati
on complete
8
9) MVPS Support Manager notifies jurisdiction data manager to grant access to user
12) User logs into MVPS via SAMS Portal
11) User receives e-mail with link to SAMS/MVPS
10) Jurisdiction data manager enters the user (role and condition) in MVPS by using SAMS User ID (MVPS Status: Active)
9
Security Access to MVPS Dashboard Overview All external users must complete the SAMS registration process to gain access to MVPS.
SAMS registrati
on complete
Security Access to MVPS Dashboard Overview
10
SAMS Registration Process The invitation e-mail will come from [email protected]
with a subject of “U.S. Centers for Disease Control: SAMS Partner Portal-Invitation to Register.” This personalized invitation contains one-time use access credentials.
SAMS invitation e-mail will contain:
• URL to the SAMS login page
• SAMS User ID
• Temporary password.
SAMS invites user, via e-mail, to complete
registration
4
MVPS Support Manager enters new user
information into SAMS(SAMS status = Candidate)
3
Tip: To make sure you receive your e-mail from SAMS, confirm that the following e-mail address will not be blocked by your e-mail service’s spam filters: [email protected]
Tips for registering with SAMS You must respond to the invitation e-mail within 30 calendar days. You will access SAMS online by using the link sent via the e-mail. You should be prepared to complete the full registration process in
one sitting. You will be asked to create a user profile, a password, and security
questions. Once your information is entered, you will be presented with a
confirmation page showing the data that you entered. After confirming the information, you will submit the data and log out
of the system.
User completes SAMS registration information and
submits to SAMS (SAMS status = Applicant)
Please contact the SAMS Helpdesk with any issues regarding registration or passwords:
E-mail: [email protected]: 404-498-6065
Toll Free: 877-681-2901
5.1
Note: After the user has completed the registration process, the SAMS account is locked and cannot be used for any purpose until status = Active.
11
SAMS Registration Process
Creating a User ProfileYou will be asked for the following information: * First Name, Middle Name (optional), Last Name, Suffix
(optional), Preferred Name (optional) Phone, Alternate Phone Organizational Affiliation (name of business), Position / Role
(work title) Organization Address (street, city, state, zip, and country) * Home Address (street, city, state, zip, and country)
*The name entered into SAMS must match the picture identification to be used in the proofing process. The address on one picture ID (usually the driver’s license) must match the home address entered into SAMS.
If the name or address does not match the applicant’s current information, then additional identifying documentation must be provided.
User completes SAMS registration information
and submits to SAMS (SAMS status = Applicant)
5.2
12
SAMS Registration Process
Creating a SAMS password Password must contain at least 8 characters. Password must contain a combination of three of the
following: numbers, upper/lower case letters, or special characters.
User must complete five security questions.
Managing your SAMS password: Passwords must be changed every 60 days. If the password expires, the user is prompted to change it upon the next login. Users are not allowed to reuse any of their last 10 passwords. To change your password, access the SAMS portal and select Change Password. If you forget your password, click on the “Forgot” link on the SAMS login page and answer three
security questions.
User completes SAMS registration information and
submits to SAMS (SAMS status = Applicant)
5.3
13
SAMS Registration Process
14
SAMS Registration Process
SAMS e-mails user personalized request packet and proofing requirements
6.1
E-mail subject line will be: U.S. Centers for Disease Control: SAMS Partner Portal – Identify Verification Request
Identity Proofing Process1) Applicant completes/prints the Identity
Verification Request Form provided in the SAMS e-mail.
2) Applicant takes the printed form, along with appropriate government-issued photo identification (see table to the right), to the DPA along with any needed supporting documentation.
3) The DPA confirms that the photo ID and supporting documentation, if needed, are valid.
4) The applicant signs the request form in the presence of the proofing agent.
5) The DPA selects the ID type, records its number, signs the verification request form, and returns the form to the applicant.
SAMS e-mails user SAMS UserID and proofing requirements
Acceptable Photo Identification Types
Additional Information
Driver’s license issued by a state or outlying possession of the United States.ID Card issued by a state or outlying possession of the United States.U.S. Passport Passports and military IDs
typically do not include the person’s home address. If using these identifications, the applicant must also submit additional supporting documentation to the proofing authority such as a utility bill or voter registration card.
U.S. Passport Card
U.S. Military ID Card
U.S. Permanent Resident Card
U.S. Employment Authorization Card
Note: If the applicant’s current name is not the same as displayed on the photo ID, then documentation such as a marriage certificate or change-of-name documentation will be required.
6.2
15
SAMS Registration Process
Submitting Proofed DocumentsOnce the identity proofing process has been completed, the applicant must forward the following documents to the Centralized Proofing Authority at CDC: completed/signed registration document legible photocopies of the documents used for identity proofing.
The applicant can either fax or mail their documents to CDC; however, faxing significantly reduces the time frame for approval.
User submits required ID proofing documents and signed SAMS Verification
form
7
877-681-2899 (toll-free) or 404-498-6065
Centers for Disease Control and PreventionAttn: Proofing Authority1600 Clifton Road N.E.Mailstop K-94Atlanta, GA 30333
Please contact the SAMS Helpdesk with any issues regarding registration or passwords: E-mail: [email protected]; or telephone local: 404-498-6065; toll free: 877-681-2901
MVPS Support Manager approves user in SAMS(SAMS status = Active)
8 SAMS AccessibilityThe MVPS Support Manager will go into SAMS to approve the account setup. This will allow the user to log into SAMS and access MVPS.
16
SAMS Registration Process
Adding A User to MVPSExternal users can be added by one of the following managers: MVPS Support Manager MVPS User Support Manager Jurisdiction Data Manager.
The jurisdiction data manager will be the primary manager to add jurisdiction users.
MVPS Support Manager notifies Jurisdiction Data Manager to grant MVPS access to user
Jurisdiction Data Manager enters the user (role and condition) in MVPS by using SAMS User ID (MVPS Status: Active)
10
User receives e-mail with link to SAMS/MVPS
11
17
Access to MVPS after SAMS Registration
9
Access to MVPS after SAMS Registration
Jurisdiction user logs into MVPS via SAMS Portal
12
(1) User accesses the SAMS portal:
Users must open their Internet browser and type https://sams.cdc.gov.
(2) User logs onto SAMS portal by using username and password (3) User clicks on the MVPS link
Link to MVPS will appear under My Applications on the SAMS landing page.
Username = e-mail address
18
Access to MVPS after SAMS Registration Access to MVPS after SAMS Registration
Maintaining User Accounts
Center for Surveillance, Epidemiology, and Laboratory ServicesDivision of Health Informatics and Surveillance
Maintaining User Accounts
SAMS user accounts must be regularly maintained to keep access to the MVPS Dashboard
Users must maintain their SAMS account to keep it active by:
Creating a new SAMS password at a minimum of every 60 days (Users are not allowed to reuse any of their last ten passwords.)
Updating any changes to contact information since initial registration
Accessing the account at least once per 365 days to keep it active (Note: If a user has not logged in within the last 335 days, the system sends the user a reminder that the account will expire in 30 days.)
Note: Users can update their passwords by accessing the SAMS portal and selecting “Change Password.” The system will prompt users with expired passwords to change their password at login.
20
MVPS accounts must be deactivated in a timely manner
Deactivating Users Jurisdiction Data Manager
o Changes the user’s role within MVPS to prevent access to data.
o Contacts the MVPS Support Manager to request deactivation of a jurisdiction user’s SAMS/MVPS account.
MVPS Support Manager o Reviews and approves the deactivation request.
o Deactivates the user in MVPS
o Deactivates the user’s MVPS link in SAMS
21
Note:
Deactivation
communication
must take place
within 24 hours of
a change in the
user’s status
Overview of Adding New Jurisdiction User to the MVPS Dashboard
The following slides are representative of the MVPS Dashboard functionality and provide an overview of the process.
The Jurisdiction Data Manager will have security access to add jurisdiction users to MVPS. The jurisdiction data manager role can only be added only by the MVPS Support Manager.
Center for Surveillance, Epidemiology, and Laboratory ServicesDivision of Health Informatics and Surveillance
Overview of Adding New Jurisdiction User to the MVPS Dashboard
Overview of Adding New Jurisdiction User – Step 1 of 4
The Add New User screen will display. Type the SAMS UserID in the ID box and the user’s name will appear. Note: All jurisdiction users must have an active SAMS UserID to be granted access to MVPS Dashboard.
Welcome, Marty JonesTo add a jurisdiction user, the jurisdiction data manager will access the User Management tab within the dashboard and click on Add New.
Welcome, Marty Jones
23
Choosing Yes for this option will allow the user to see message content within the MVPS Dashboard.
Click SAVE when all data have been entered.
The user’s first name, last name, and e-mail default from SAMS.
Jurisdiction data manager selects the user’s jurisdiction.
Note: Due to security within MVPS, the Assigned Jurisdiction drop down will display only the jurisdiction assigned to the Jurisdiction Data Manager.
24
Overview of Adding New Jurisdiction User – Step 2 of 4
The jurisdiction data manager will click the Assign checkbox for each condition the user can access in the MVPS Dashboard.
After the appropriate jurisdiction is assigned, a listing of conditions will display.
After reviewing all user information, the jurisdiction data manager should click SAVE.
25
Overview of Adding New Jurisdiction User – Step 3 of 4 Overview of Adding New Jurisdiction User – Step 3 of 4
MVPS will provide verification that user was added.
Patty Smith’s account was successfully edited.
Continue editing Patty Smith
26
Overview of Adding New Jurisdiction User – Step 4 of 4 Overview of Adding New Jurisdiction User – Step 4 of 4
Appendix
Center for Surveillance, Epidemiology, and Laboratory Services
Division of Health Informatics and Surveillance
Appendix
SAMS Quick Facts and Helpful Tips
• No Sharing – Your invitation is customized just for you and is only usable for a single registration.
• Invitations Expire! – Your invitation is good for only 30 days.
• SPAM, SPAM, SPAM – If you’re expecting a SAMS invitation and it hasn’t arrived, check to make sure it didn’t get trapped by your anti-SPAM filter.
• Replacement Invitations – If your invitation is lost or expired, contact your jurisdiction data manager to request a replacement. Or, you can also contact the SAMS Help Desk at [email protected].
• Tech Troubles – To access the SAMS portal, your browser must be configured to use TLS 1.0 encryption. If your computer is not configured for TLS, or if you are unsure, please contact your local IT system administrator.
• Help! – If you have questions or difficulties along the way, please contact the SAMS Help Desk.
28
Frequently Asked Questions about SAMS/MVPS Security Question Response1. What is SAMS? SAMS stands for Secure Access Management Services. It is CDC’s
enterprise identity management and access control system for externally facing sensitive or non-public applications.
2. What is the difference between SAMS and MVPS security? SAMS authenticates that you are who you say you are; MVPS security authorizes you to use MVPS functionality based upon the role you are assigned.
3. I have SAMS access for another CDC system. Do I need to go through the registration process again for MVPS?
MVPS requires a Level 2 SAMS security access. If the system you are currently accessing via SAMS is a Level 2 or higher security level, then you do not need to go through the SAMS registration process again.
4. I don’t know what level of security I currently have with SAMS. How do I find out?
Contact the SAMS Helpdesk at [email protected].
5. I have taken a job at another jurisdiction doing this type of work. Does that affect my SAMS/MVPS security access?
A user’s security in SAMS and MVPS is based upon their jurisdiction. When an active user in SAMS/MVPS changes jurisdictions, he or she must go through the security access process again.
6. I can’t see conditions that I need to view within the MVPS Dashboard. What should I do?
The jurisdiction data manager assigns roles and conditions to each user when he or she is initially granted access to the MVPS Dashboard. Submit a request to your jurisdiction data manager to be able to view the new conditions.
7. I have a new position with my jurisdiction and do not need access to MVPS any longer, but I still need to keep my SAMS access for other CDC applications. Who do I notify?
The jurisdiction data manager must notify the MVPS Support Manager any time a jurisdiction user needs to be de-activated. A user may retain SAMS registration status, if applicable, but will no longer have access to the MVPS link on the SAMS landing page.
8. I got married and want to change my name in SAMS and MVPS. What should I do?
Users can update some of their SAMS account information by clicking the Modify My Identity Data link. User ID/e-mail addresses cannot be changed by using this link. If you need assistance, contact the SAMS Helpdesk at [email protected].
29
