federal student aid technical architecture initiatives l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Federal Student Aid Technical Architecture Initiatives PowerPoint Presentation
Download Presentation
Federal Student Aid Technical Architecture Initiatives

Loading in 2 Seconds...

play fullscreen
1 / 50

Federal Student Aid Technical Architecture Initiatives - PowerPoint PPT Presentation


  • 269 Views
  • Uploaded on

Session T-03 Federal Student Aid Technical Architecture Initiatives James McMahon Ganesh Reddy U.S. Department of Education Person Record Management System and PIN Re-engineering James McMahon NSLDS DMCS DLCS DLSS COD Gathering and Using Person Data Aid Awareness and Application

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Federal Student Aid Technical Architecture Initiatives


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
federal student aid technical architecture initiatives

Session T-03

Federal Student Aid Technical Architecture Initiatives

James McMahon

Ganesh Reddy

U.S. Department of Education

gathering and using person data

NSLDS

DMCS

DLCS

DLSS

COD

Gathering and Using Person Data

Aid Awareness and Application

Aid Delivery

Servicing/

Consolidation

  • Create or
  • Update
  • (DL, FFEL and
  • Perkins)
  • Create Or Update
  • Create or
  • Update

CPS

  • Create or
  • Update

PIN

why person data management
Why Person Data Management?
  • No single version of the “truth” for a customer account
  • Disparate systems developed with duplicative and conflicting information about applicants and recipients
  • Different system keys for identifying individuals
  • Use of the SSN in authentication and customer identification
why person data management cont d
Why Person Data Management? (cont’d)
  • Difficulty in developing single picture of customer data
  • Comingling of authentication and demographic functions
  • Lack of integration with enterprise security architecture
  • No flexibility in interfacing with authenticated and unauthenticated users
what will person data management do
What will Person Data Management do?
  • Deploy a new paradigm for person data management via a shared service at the enterprise level that all business applications can use
    • Improve data quality for person data throughout the Student Aid Lifecycle
    • Enable increased tracking and reporting capabilities for program integrity and program oversight
    • Enable the Integrated Student View, Single Sign-On, and additional streamlining initiatives
    • Provide infrastructure to allow for elimination of use of SSN as key identifier in Federal Student Aid systems
what is the person data management program
What is the Person Data Management Program?
  • Person Data Management (PDM) is primarily comprised of two major projects:
    • The Person Record Management Service (PRMS)
    • A re-engineering of the current PIN solution
what is prms
What is PRMS?
  • PRMS will be the master record for Federal Student Aid of an applicant or recipient’s demographic information
  • PRMS will be an enterprise shared service using a publish and subscribe model following Service-Oriented Architecture principles
  • Legacy applications will transition to use of the PRMS in a phased manner
what is prms cont d
What is PRMS? (cont’d)
  • Will provide an enterprise account number (FAN = FSA Account Number) for persons:
    • Creates a unique identifier as the enterprise identifier
    • Protects the person’s identity
    • Passes the new identifier to other systems
    • Allows people interacting with Federal Student Aid systems to not use personal identifying information to access detailed information
  • Helps in resolving data quality issues
  • Maintains history of person data
  • Acts as the master source/location of person data where it is maintained and shared with other internal systems
conceptual diagram of prms
Conceptual Diagram of PRMS

Conceptual Depiction

10

what is pin re engineering
What is PIN Re-engineering?
  • A re-engineered PIN solution will:
  • Separate person demographic and authentication information and the functions associated
  • Introduce an enterprise approach to use of user ID and password
  • Strengthen the authentication credential (PIN)
  • Integrate the authentication function with Federal Student Aid ’s enterprise security architecture solution
pdm solution s conceptual architecture

PDM Solution(s) Conceptual Architecture

The PDM solution includes two databases: Person Data Hub and the Person Directory:

  • Person Data Hub
  • will be the new master data management solution for person data for identity (e.g., SSN, name, DOB) and demographic data (e.g., address, email address)
  • Person Directory
  • will store a copy of authentication information.
slide15
Tactical Improvements to IT Security

Virtual Keyboard, Two Factor Authentication,

Active Confirmation and

FAA Access to CPS Online

Ganesh Reddy

tactical improvements to it security
Tactical Improvements to IT Security

Quick fixes and high impact improvements that can be implemented in a short timeframe to enhance the IT security

  • Virtual Keyboard
    • Implement technologies appropriate for Federal Student Aid that evade potential "key logging"
  • Two-Factor Authentication (T-FA)
    • Implement Two-Factor Authentication solution for privileged users to access National Student Loan Data System (NSLDS) from internet
  • Active Confirmation
    • Assess current state of access controls for partners and deploy an “active confirmation” process
  • FAA Access to CPS Online Login
    • Enhance current state of access to limit use of Personal Identifying Information (PII)
keylogging virtual keyboard
Keylogging – Virtual Keyboard

Keylogging (Keystroke logging) is a method of capturing and recording user keystrokes. Some of the common technologies used to evade keylogging include:

  • Anti-spyware
  • Monitoring what programs are running
  • Firewall
  • Network Monitors
  • Automatic form filler programs
  • Alternative keyboard layouts
  • One-time passwords
  • Smartcards
  • Virtual keyboards

Virtual keyboards are provided on the application login page and do not require end users acquire additional software

federal student aid virtual keyboard features
Federal Student Aid Virtual Keyboard Features

Virtual keyboards are provided on the Security Architecture (SA) login page and do not require end users acquire additional software. Some of the features of Federal Student Aid Virtual Keyboard include:

  • Highly effective in evading “Key Logging”
  • Widely used by many financial institutions
  • Least expensive technology to deploy (even for 50 million users)
  • Does not require any new hardware or software on client machines
  • Does not require any changes to the applications
  • Available to all applications that use SA
  • Works in conjunction with the existing keyboard
  • Usage is optional but can be made mandatory based on security policy
  • Keys can entered by mouse click or by leaving mouse on the key for 2 seconds
  • Virtual keyboard randomly shifts on the screen
  • Supports multiple keyboard layouts (US and Dvork)
t fa implementation objectives
T-FA Implementation Objectives

Federal Student Aid is implementing Two-Factor Authentication (T-FA) for privileged users to access Federal Student Aid systems from the internet to enhance the security of its information systems

what is two factor authentication
What is Two-Factor Authentication?

Two-Factor Authentication (T-FA) uses two pieces of information and processes (two different methods) to authenticate a person's identity for security purposes.

Authentication factors are generally classified into three categories:

  • Something the user has
    • ID card, security token, software token, phone, or cell phone
  • Something the user knows
    • password, pass phrase, or personal identification number
  • Something the user is
    • fingerprint or retinal pattern, voice recognition, or another biometric identifier

Two-Factor Authentication requires the use of solutions from two of the three categories of factors.

t fa technologies
T-FA Technologies

Some of the common technologies used as the second factor authentication in concert with User ID and Password include:

  • Hardware Tokens - generate a constantly changing one-time password to enable authentication.
  • Software Tokens on PCs - enable authentication with computer as second factor authenticator.
  • Software Tokens on Mobile Devices - allow authentication from smart phones and PDAs.
  • Smart Cards - enable authentication as well as of physical access.
  • USB Tokens - enable authentication without the need to key in a token code (can be plugged into a standard USB port).
  • Biometric Devices - enable authentication according to the physical characteristics of a user (fingerprint and retina scans).
federal student aid t fa features
Federal Student Aid T-FA Features

Two-Factor Authentication solution features:

  • Reliable, scalable, available, and meets sub-second performance standards
  • Compatible and interoperable with Federal Student Aid Standards
  • Integrates seamlessly with existing Federal Student Aid architectures
  • Supports web applications and does not require client-side software
  • Compliant with NIST, FIPS and other federal T-FA standards
  • Has ongoing operations and maintenance product support
  • Based on mature technology with a broad installed market base
what is active confirmation
What is Active Confirmation?
  • Active confirmation is the process of a Designated Point Administrator (DPA) reviewing users' access privileges on a establish time schedule and confirming these users' privileges. This will help ensure an updated and secure environment for system accessibility.
  • The Federal Student Aid DPAs will be required to review their list of users who access Federal Student Aid systems and confirm that each individual continues to be a valid user. This will be done on a periodic basis.
active confirmation process
“Active Confirmation” Process

The DPA Roster

  • Placed in all “Primary” TG Number mailboxes
  • Provided a list of employees that currently possess TG numbers
  • Requires validation or deletion of TG Numbers assigned to your organization in the SAIG Enrollment Web site

The FAA Roster

  • Placed in mailboxes of Primary TG Numbers of organizations
  • Provided a list of employees at your organization who are currently enrolled for access to FAA Access to CPS Online services
  • Requires validation or deletion of FAA Users assigned to your organization in the SAIG Enrollment Web site
faa access to cps online login
FAA Access to CPS Online Login

Enhance current state of access to limit use of Personal Identifying Information (PII)

  • New FAA Access to CPS Online Login
  • First Time Registration
  • Self Service Password Reset
  • Implementation Schedule
current fsa web enroll site login
Current FSA Web Enroll Site Login

Currently: Enter SSN and DOB on the login page to access the Student Aid Internet WebEnroll Site

current faa access to cps online login
Current FAA Access to CPS Online Login

Currently:

Enter SSN, first 2 letters of last name, DOB, and PIN on the FAA Access to CPS Online login page to access the application

new faa access to cps online login
New FAA Access to CPS Online Login

FAA Access to CPS Online Registration link can be accessed from the FAA Access Login page

fsa sa registration confirm identity
FSA SA Registration – Confirm Identity

Confirm your identity by entering the FSA provided Unique Identifier

sa registration e mail address
SA Registration - E-mail Address

Confirm or update your current Email address

Your name retrieved from SAIG Participation Management System cannot be updated

sa registration select a password
SA Registration - Select a Password

Select a password and choose any three Challenge Response Questions and provide answers

These questions will be used to reset your password

sa registration confirm role
SA Registration – Confirm Role

Confirm the Role retrieved from SAIG Participation Management enrollment system

sa registration confirmation
SA Registration - Confirmation

Confirm the registration information

sa registration acknowledgement
SA Registration - Acknowledgement

System confirms successful Registration

You will receive your User ID in the email

forgot password
Forgot Password

If you forget your password, the “Forgot Password” link can be used to reset your password. This link is located on the Login Page.

forgot password43
Forgot Password

Provide your User ID to retrieve your challenge questions

answer challenge question
Answer Challenge Question

You will be prompted to answer one of the Challenge Response Questions to confirm your identity

enter new password
Enter New Password

Provide a new password - this will replace your old password

new password confirmation
New Password Confirmation

Your password has been changed

faa access to cps online login47
FAA Access to CPS Online Login

fafsa.ed.gov/FOTWWebApp/faa/faa.jsp

Enter User ID and password on the FAA Access to CPS Online Login page

to access the application

password policies
Password Policies
  • Password Policy
    • Expires every 90 days
    • Complex alpha-numeric passwords
    • Answer challenge questions to reset password
  • Password Lockout
    • 3 unsuccessful login attempts
    • Can still use “Forgot Password” application
    • Login disabled for 30 minutes
contact information
Contact Information

We appreciate your feedback and comments. We can be reached at:

  • james.mcmahon@ed.gov
  • ganesh.reddy@ed.gov