Message Validation, Processing, and Provisioning System (MV - PowerPoint Presentation

Slide1

Message Validation, Processing, and Provisioning System (MVPS) Access and Secure Access Management Services (SAMS)Security Training for Jurisdictions User Needs SAMS User ID

Center for Surveillance, Epidemiology, and Laboratory Services

Division of Health Informatics and SurveillanceSlide2

AgendaOverview Jurisdiction MVPS Dashboard Access - User does not have SAMS User IDMaintenance of User Accounts

Overview of Adding New User to MVPS DashboardAppendix2Slide3

Overview

Center for Surveillance, Epidemiology, and Laboratory Services

Division of Health Informatics and Surveillance

OverviewSlide4

Overview The goal of the Message Validation, Processing and Provisioning System (MVPS) is to validate and process nationally notifiable messages sent by jurisdictions and provisioning those data to the CDC Programs in an automated process.

Jurisdictions and CDC programs will have access to transactional message data through the MVPS Dashboard.Jurisdiction user access to the dashboard will be managed by the CDC Secure Access Management System (SAMS).4Note: In order for a jurisdiction user to access the MVPS Dashboard they must go through two levels of security

SAMS for

authenticatio

n – you are who you say you are

MVPS for

authorizatio

n - what you are allowed to view/manage/report on within the Dashboard Slide5

Key Terms

5Slide6

MVPS Jurisdiction User Roles6

Adds authorized jurisdiction users to MVPS Adds and/or edits jurisdiction user role and access to conditions Accesses data for one or more conditions through the MVPS Dashboard*Jurisdiction Data Manager Jurisdiction User

Accesses data for one or more conditions through the MVPS Dashboard

*

An alternate jurisdiction data manager should also be designated. Jurisdictions should consider who in their organization would best fit this role(s): an IT-focused resource such as the surveillance system manager; a surveillance lead who provides a science leadership role, or another resource who can meet jurisdiction needs. The jurisdiction data manager, in most cases, will be the person who

implements

the activities listed above; not necessarily the person who authorizes it. The authorization process will be determined by each jurisdiction. Slide7

Jurisdiction MVPS Dashboard Access-User needs to obtain a SAMS UserID-This section is for jurisdiction users who do not have an Active SAMS Level 2 (or higher) UserID.

If jurisdiction users are not sure whether they have Active SAMS Level 2 access, they can request their status by sending an e-mail to the MVPS Support Manager via EDX@cdc.gov.

Center for Surveillance, Epidemiology, and Laboratory Services

Division of Health Informatics and Surveillance

Jurisdiction MVPS Dashboard Access

-User needs to obtain a SAMS UserID-Slide8

MVPS SAMS Registration Process OverviewAll external users must complete the SAMS registration process to gain access to MVPS.

8) MVPS Support Manager approves applicant in SAMS(SAMS status = Active) 7) User submits required ID proofing documents and signed SAMS Verification form1) New jurisdiction user is identified

2) Jurisdiction

data manager

submits new user information

by e-mail t

o EDX@cdc.gov.

3) MVPS Support Manager enters new user information into SAMS

(SAMS status = Candidate)

6) SAMS

e-mails

user

their SAMS UserID

and proofing requirements to user

5) User completes SAMS registration information and submits to SAMS

(SAMS status = Applicant)

4) SAMS invites user, via

e-mail

, to complete registration

SAMS registration complete

8Slide9

9) MVPS Support Manager notifies jurisdiction data manager to grant access to user

12) User logs into MVPS via SAMS Portal 11) User receives e-mail with link to SAMS/MVPS 10) Jurisdiction data manager enters the user (role and condition) in MVPS by using SAMS User ID

(MVPS Status: Active)

9

Security Access to MVPS Dashboard Overview

All external users must complete the SAMS registration process to gain access to MVPS.

SAMS registration complete

Security Access to MVPS Dashboard Overview Slide10

10

SAMS Registration Process The invitation e-mail will come from sams-no-reply@cdc.gov with a subject of “U.S. Centers for Disease Control: SAMS Partner Portal-Invitation to Register.” This personalized invitation contains one-time use access credentials.

SAMS invitation

e-mail

will contain:

URL to the SAMS login page

SAMS User ID

Temporary password.

SAMS invites user, via

e-mail

, to complete registration

4

MVPS Support Manager enters new user information into SAMS

(SAMS status = Candidate)

3

Tip: To make sure you receive your

e-mail

from

SAMS,

confirm

that the

following

e-mail

address will not be blocked by your

e-mail

service’s spam filters: sams-no-reply@cdc.gov Slide11

Tips for registering with SAMSYou must respond to the invitation

e-mail within 30 calendar days.You will access SAMS online by using the link sent via the e-mail.You should be prepared to complete the full registration process in one sitting.

You will be asked to create a user profile,

a

password, and

security questions.

Once

your

information is entered, you will

be presented with a confirmation page showing the data

that you

entered.

After

confirming the information,

you

will submit the data and log out of the system.

User

completes SAMS registration information and submits to SAMS

(

SAMS status = Applicant

)

Please contact the SAMS Helpdesk with any issues regarding registration or passwords:

E-mail

: samshelp@cdc.gov

Local: 404-498-6065

Toll Free: 877-681-2901

5.1

Note: After

the user has completed the registration

process,

the SAMS account is locked and cannot be used for any purpose until status =

Active.

11

SAMS Registration ProcessSlide12

Creating a User ProfileYou will be asked for the following information: * First Name, Middle Name (optional), Last Name, Suffix (optional), Preferred Name (optional)

Phone, Alternate PhoneOrganizational Affiliation (name of business), Position / Role (work title)Organization Address (street, city, state, zip, and country)* Home Address (street, city, state, zip, and country)*The name entered into SAMS must match

the picture identification to be used in the proofing process. The address on one picture ID (usually the driver’s license)

must match

the home address entered into SAMS.

If the name or address

does

not match the applicant’s current

information, then additional identifying documentation must be provided.

User

completes SAMS registration information and submits to SAMS (SAMS status = Applicant)

5.2

12

SAMS Registration ProcessSlide13

Creating a SAMS passwordPassword must contain at least 8

characters.Password must contain a combination of three of the following: numbers, upper/lower case letters, or special characters. User must complete five security questions.Managing your SAMS password:

Passwords must be changed every 60

days.

If the password expires, the user is prompted to change it upon the next

login.

Users are not allowed to reuse any of their last

10 passwords.

To change your password, access the SAMS portal and select Change

Password.

If you forget your password, click on the

“Forgot”

link on the SAMS login page and answer

three

security questions.

User

completes SAMS registration information and submits to SAMS

(

SAMS status = Applicant)

5.3

13

SAMS Registration ProcessSlide14

14

SAMS Registration ProcessSAMS e-mails user personalized request packet and proofing requirements

6.1

E-mail subject line will be:

U.S. Centers for Disease Control: SAMS Partner Portal – Identify Verification Request Slide15

Identity Proofing ProcessApplicant completes/prints the Identity Verification Request Form provided in the SAMS e-mail.

Applicant takes the printed form, along with appropriate government-issued photo identification (see table to the right), to the DPA along with any needed supporting documentation. The DPA confirms that the photo ID and supporting documentation, if needed, are valid. The applicant signs the request form in the presence of the proofing agent. The DPA selects the ID type, records its number, signs the verification request

form, and returns

the form to

the applicant.

SAMS

e-mails

user

SAMS UserID and proofing requirements

Acceptable Photo Identification

Types

Additional

Information

Driver’s license

issued

by a state or outlying possession of the

United States.

ID Card issued by a state or outlying possession of the United States.

U.S.

Passport

Passports and military IDs typically do not include the person’s home address. If using these

identifications, the applicant must also submit additional supporting documentation to the proofing authority

such as a u

tility bill or voter registration card.

U.S. Passport Card

U.S. Military ID Card

U.S. Permanent Resident Card

U.S. Employment Authorization Card

Note: If the applicant’s current name is not the same as displayed on the photo

ID,

then documentation such as

a marriage

certificate or

change-of-name

documentation will be required.

6.2

15

SAMS Registration ProcessSlide16

Submitting Proofed DocumentsOnce the identity proofing process has been completed, the applicant must forward the following documents to the

Centralized Proofing Authority at CDC:completed/signed registration document legible photocopies of the documents used for identity proofing. The applicant can either fax or mail their documents to CDC; however, faxing significantly reduces the time frame

for approval

.

User submits required ID proofing documents and signed SAMS Verification form

7

877-681-2899 (toll-free) or

404-498-6065

Centers for Disease

Control and Prevention

Attn: Proofing Authority

1600 Clifton Road N.E.

Mailstop K-94

Atlanta, GA 30333

Please contact the SAMS Helpdesk with any issues regarding registration or passwords:

E-mail

: samshelp@cdc.gov; or telephone local: 404-498-6065; toll free: 877-681-2901

MVPS Support Manager approves

user

in SAMS

(SAMS status = Active)

8

SAMS Accessibility

The MVPS Support Manager will go into SAMS to approve the account

setup

. This will allow the user to log into SAMS and access MVPS.

16

SAMS Registration ProcessSlide17

Adding A User to MVPS

External users can be added by one of the following managers:

MVPS Support Manager

MVPS User Support Manager

Jurisdiction Data Manager.

The

jurisdiction data manager

will be the primary manager to add jurisdiction users.

MVPS

Support Manager

notifies Jurisdiction Data Manager

to grant

MVPS access

to

user

Jurisdiction Data Manager

enters the user (role and condition) in MVPS

by using

SAMS User ID

(MVPS Status:

Active)

10

User receives e-mail

with link to SAMS/MVPS

11

17

Access to MVPS after SAMS Registration

9

Access to MVPS after SAMS Registration Slide18

Jurisdiction user logs into MVPS via SAMS Portal

12(1) User accesses the SAMS portal:Users must open their Internet browser and type https://sams.cdc.gov.

(2) User logs onto SAMS portal by using username and password

(3) User clicks on the MVPS link

Link to MVPS will appear

under

My Applications

on

the SAMS landing page.

Username =

e-mail address

18

Access to MVPS after SAMS Registration

Access to MVPS after SAMS Registration Slide19

Maintaining User Accounts

Center for Surveillance, Epidemiology, and Laboratory Services

Division of Health Informatics and Surveillance

Maintaining User AccountsSlide20

SAMS user accounts must be regularly maintained to keep access to the MVPS DashboardUsers must maintain their

SAMS account to keep it active by:Creating a new SAMS password at a minimum of every 60 days (Users are not allowed to reuse any of their last ten passwords.) Updating any changes to contact information since initial registrationAccessing the account at least once per 365 days to keep it active (Note: If a user has not logged in within the last 335 days, the system sends the user a reminder that the account will expire in 30 days.)Note: Users can update their passwords by accessing the SAMS portal and selecting “Change Password.” The system will prompt users with expired passwords to change their password at login.

20Slide21

MVPS accounts must be deactivated in a timely mannerDeactivating Users

Jurisdiction Data Manager Changes the user’s role within MVPS to prevent access to data.Contacts the MVPS Support Manager to request deactivation of a jurisdiction user’s SAMS/MVPS account. MVPS Support Manager Reviews and approves the deactivation request.

Deactivates the user in MVPS

Deactivates the user’s MVPS link in SAMS

21

Note: Deactivation communication must take place within 24 hours of a change in the user’s status

Slide22

Overview of Adding New Jurisdiction User to the MVPS Dashboard

The following slides are representative of the MVPS Dashboard functionality and provide an overview of the process.

The Jurisdiction Data Manager will have security access to add jurisdiction users to MVPS.

The jurisdiction data manager role can only be added only by the MVPS Support Manager.

Center for Surveillance, Epidemiology, and Laboratory Services

Division of Health Informatics and Surveillance

Overview of Adding New Jurisdiction User to the MVPS DashboardSlide23

Overview of Adding New Jurisdiction User – Step 1 of 4

The Add New User screen will display. Type the SAMS UserID in the ID box and the user’s name will appear. Note: All jurisdiction users must have an

active SAMS UserID

to be granted access to MVPS Dashboard.

Welcome, Marty Jones

To add a jurisdiction

user,

the

jurisdiction data manager

will access the User Management tab within the

dashboard and click on Add New.

Welcome, Marty Jones

23Slide24

Choosing Yes for this option will allow the user to see message content within the

MVPS Dashboard. Click SAVE when all data have been entered. The user’s first name, last name, and e-mail default from SAMS.

Jurisdiction data manager selects the user’s jurisdiction

.

Note: Due to security within

MVPS,

the Assigned Jurisdiction

drop down will display only the jurisdiction assigned to the Jurisdiction Data Manager.

24

Overview of Adding New Jurisdiction User

–

Step

2

of 4 Slide25

The jurisdiction data manager will click the

Assign checkbox for each condition the user can access in the MVPS Dashboard. After the appropriate jurisdiction is assigned, a listing of conditions will display.

After reviewing all user information, the jurisdiction data manager should click SAVE.

25

Overview of Adding New Jurisdiction User – Step 3 of 4

Overview of Adding New Jurisdiction User – Step 3 of 4 Slide26

MVPS will provide verification that user was added.

Patty Smith’s account was successfully edited. Continue editing Patty Smith

26

Overview of Adding New Jurisdiction User – Step 4 of 4

Overview of Adding New Jurisdiction User – Step 4 of 4 Slide27

Appendix

Center for Surveillance, Epidemiology, and Laboratory Services

Division of Health Informatics and Surveillance

AppendixSlide28

SAMS Quick Facts and Helpful TipsNo Sharing – Your invitation is customized just for you and is only usable for a single registration.

Invitations Expire! – Your invitation is good for only 30 days.SPAM, SPAM, SPAM – If you’re expecting a SAMS invitation and it hasn’t arrived, check to make sure it didn’t get trapped by your anti-SPAM filter.Replacement Invitations – If your invitation is lost or expired, contact your jurisdiction data manager to request a replacement. Or, you can also contact the SAMS Help Desk at samshelp@cdc.gov. Tech Troubles – To access the SAMS portal, your browser must be configured to use TLS 1.0 encryption. If your computer is not configured for TLS, or if you are unsure, please contact your local IT system administrator.Help! – If you have questions or difficulties along the way, please contact the SAMS Help Desk.

28Slide29

Frequently Asked Questions about SAMS/MVPS Security Question Response

What is SAMS?SAMS stands for Secure Access Management Services. It is CDC’s enterprise identity management and access control system for externally facing sensitive or non-public applications. What is the difference between SAMS and MVPS security?SAMS authenticates that you are who you say you are; MVPS security authorizes you to use MVPS functionality based upon the role you are assigned. I have SAMS access for another CDC system. Do I need to go through the registration process again for MVPS?

MVPS requires

a Level 2 SAMS security access. If the system you are currently accessing via SAMS is a Level 2 or higher security level, then you do not need to go through the SAMS registration process again.

I

don’t know what level of security I currently have with SAMS. How do I find out?

Contact the SAMS Helpdesk at samshelp@cdc.gov.

I have taken a job at another jurisdiction doing this type

of work. Does that affect my SAMS/MVPS security access?

A user’s security in SAMS and MVPS is based upon their jurisdiction. Wh

en

an active user in SAMS/MVPS changes jurisdictions, he or she must go through the security access process again.

I

can’t see conditions that I need to view within the MVPS Dashboard. What should I do?

The jurisdiction data manager assigns roles

and conditions to each user when he or she is initially granted access to the MVPS Dashboard. Submit a request to your jurisdiction data manager to be able to view the new conditions.

I have

a new position with my jurisdiction and do not need access to MVPS any longer, but I still need to keep my SAMS access for other CDC applications. Who do I notify?

The jurisdiction data manager must notify the MVPS Support Manager any time a jurisdiction user needs to be de-activated. A user may retain SAMS registration status, if applicable, but will no longer have access to the MVPS link on the SAMS landing page.

I got

married and want to change my name in SAMS and MVPS. What should I do?

Users

can update some of their SAMS account information by clicking the

Modify My Identity Data

link. User ID/e-mail addresses cannot be changed by using this link. If you need assistance, contact the SAMS Helpdesk at samshelp@cdc.gov.

29