DPAS SCR: 00776

SCR Number

00776

Title

History Inquiries

DPAS Module

Enterprise

Reporting Organization

DFAS Columbus

State

Done

History

Submitted: 2/6/15

Description

Description
We need to generate history transaction reports for Account Management, users and system generated in-activations and deletes. These items must be reviewed by the Information System Security Manager. This will ensure we are in compliance with the DIACAP control ECTP-1 and NIST Publication 800-53 AC-6-Least privilege.

Recommended
Develop history reports to capture any account related transactions. On the PA side the following history reports are being used:

Deleted User History – This shows every user that has been deleted by Account Manager or the system when the account reached 45 days of inactivity. – The fields on this report are:

User Actbl UIC History could be replaced with User Region History. – This shows every user’s Actbl UIC access that was added, updated or deleted by Account Management or by the system when the account was deleted at 45 days of inactivity. – The fields on this report are:

Users History – The results for this inquiry are very large. We need filters to remove some of the unwanted results. – The fields on this report are:

Every normal login made by the user.
Every account created or updated by Account Management.
All normal user logins.
Every time a user changes Site-Id and Actbl UICs.
The system generated email sent at 15 days of inactivity.
The system generated emails sent to every user at 30 days of inactivity.
The system generated email sent at 45 days when the account is deleted.

User Property Custodian History – This shows every Account Management add, update and delete. When a user’s UIC is deleted by Account Management it shows every system delete transaction for each custodians being deleted from that user’s account. It also shows if a custodian is added, deleted or modified by any user on the application. This also is a very large inquiry and filters are needed to reduce the data results. – The fields on this inquiry are:

User Role History – This shows every role added, updated or deleted from the users account. This shows the system deleted the account at 45 days of inactivity. A 2nd email is sent cancelling the user. I’m not sure what the difference is between system deletes and system canceled but it includes both. – The fields on this inquiry are:

User Site History – This shows every normal login. This shows every time a user switches a Site-Id or Actbl UIC. This shows every site added, updated or deleted by DPAS Account Management. It shows when an account is cancelled and the email sent. – The fields on this inquiry are:

Users UIC History – This shows every UIC added, updated or deleted by DPAS Account Management. It also shows the systems deletes and the system cancellations. It also shows every UIC added or deleted by a user. – The fields on the inquiry are:

Mission Critical
Yes, it is required to pass the upcoming SSAE 16 audit in June.

Benefits
We will be able to provide the appropriate information for the audit.

Users
This SCR is to be incompliance of required controls so we can pass the SSAE 16 audit.

Completed - Release 3.0.01 - 02 June 2015