DPAS SCR: 01798

• SCR Number
  01798
• Title
  DPAS Account lock ability for Annual User Audit
• DPAS Module
  Enterprise
• Reporting Organization
  Leidos
• State
  New
• History
  Submitted: 18 August 2022
• Description
  Description:

  For accounts that are suspended due to non-compliance of the Annual User Audit, we do not have a way to lock these accounts from being reset until is appropriate. When user accounts are suspended (active box unchecked) because the IO group has not provided a response for the Annual User Audit, there is nothing preventing Help Desk support from being able to reset the account unknowingly. I am proposing a lock feature or new status ability be given to assist Security Officers with audit compliance. The Help Desk should retain their currently ability to reset accounts; however, we also need a method that allows for Sec Officers to lock particular accounts that can only be unlocked by a Sec Officer.

   

  Recommended:

  Provide ability to lock certain user accts from being reset until IO completes Annual User Audit. Potentially a new status or lock feature that only Security officers could update those particular accounts back to active status when appropriate.

   

  Mission Critical:

  This functionality supports audit readiness.

   

  Benefits:

  The solution supports audit readiness and user review compliance so that users do not get access to their account before they should.

   

  Users:

  This change would impact internal support staff.