1 / 21

Two-Factor Authentication for Secure Access to FSA Systems

Learn about the implementation of Two-Factor Authentication (TFA) for all authorized users accessing Federal Student Aid systems, ensuring secure access via the internet. Discover the project scope, phases, and deployment status.

ethelk
Download Presentation

Two-Factor Authentication for Secure Access to FSA Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Two Factor Authentication Steven Burke U.S. Department of Education 2012 Software Developers Webinar #3

  2. Agenda • Project Overview • Postsecondary School Federal Financial Aid Eco-System • Project Scope • Project Phases and Deployment Status • TFA Attestation Lifecycle • TFA Attestation/Confirmation Process • Registration Scenarios • Frequently Asked Questions • Additional Resources

  3. Project Overview In 2010 an estimated 90,000 accounts were identified accessing FSA systems without a second factor authentication. FSA hosts at least 80 million records - all currently unprotected in accordance with industry best practices and Office of Management and Budget (OMB) mandate M-07-16. The U.S. Department of Education is implementing a security protocol through which all authorized users will be required to enter two forms of “authentication” to access Federal Student Aid systems via the Internet. This process is referred to as Two Factor Authentication (TFA).

  4. Postsecondary School Federal Financial Aid Eco-System • 6,400 unique institutions of higher education • Over 3,000 financial partners • Over 90K privileged accounts • Over 70M unique identities • Over 320M loans • Over 96M grants • Supporting students in 35 countries • $1T loan book • Over 13M students • Over 30M aid awards • Over $120B injected into the eco-system each year • FSA • Staff: ~1,300 • Contractors: ~ 10,000 • Services • Aid Apps • Grants • Loan Origination • Loan Servicing • Debt Collection • Compliance

  5. Two Factor Authentication Scope • Provide safe and secure access to FSA network services • Primary systems impacted across the enterprise • NSLDS, CPS, COD, AIMS, PM, FMS, and SAIG • This project encompasses approximately 90K users • FSA employees, Dept. of ED employees • Partners • Postsecondary School Destination Point Administrators (DPA) • Guaranty Agencies • Servicers, PCAs, NFPs • Call Centers, Developers, Contractors, and Sub-Contractors • TFA project is focused on privileged users • A privileged user is anyone who can see more than just their own personal data

  6. What is Two Factor Authentication? • Something that you know is the First Factor: User ID and Password • Something that you have is the Second Factor:Token with a One Time Password • The One Time Password (OTP) will be generated by a small electronic device, known as the TFA Token, that is in the physical possession of the user • To generate the OTP, a user will press the “power” button on the front of the token • A different OTP will be generated each time the button is pressed • Alternative Methods of obtaining OTP without TFA Token: A) Answer three Challenge Questions online B) Have the OTP sent to your Smart Phone

  7. TFA Project Phases Phase 1 To ensure the successful deployment of two factor tokens for FSA – Citrix users; 1,300 completed 5/1/2011 Phase 2 To ensure the successful deployment of two factor tokens for Department of Education Staff and FSA Contractors; approximately 5,200 users and FSA Contractors completed 10/28/2011 Phase 3 International users, Foreign Schools (FS) and Domestic Schools, when logging into FSA systems across 35 countries; completed12/31/2011 Domestic users, to ensure the successful deployment of two factor tokens for users when logging into FSA systems; 88,600 users by 12/31/2012Phase 4 Guaranty Agencies, TIVAS, Third Party Servicers, Not-for-Profits, Payment Collection Agencies (PCA), and VPN users connecting through Virtual Data Center (VDC)

  8. TFA Deployment Status • Total TFA Tokens Deployed: 48,280 in the USA and 35 Countries • Tokens Deployed to Phase III & IV for Partners: 41,698 • Partner tokens registered: 23,357 • Percent Registered: 56% • System Update: 90% Complete • NSLDS moved behind AIMS, completed on 12/18/2011 • COD TFA enabled on 1/28/2012 • SAIG Enrollment TFA enabled 2/12/2012 • EDconnect TFA enabled 3/4/2012

  9. TFA Attestation Lifecycle

  10. TFA -Token Deployment Forecast As of 8/17/2012

  11. For each school, the Primary Destination Point Administrator (PDPA)and the COD Security Administrator need to work together to ensure all users have been identified and receive tokens Step 1: Confirmation/Attestation Confirm/Attest to the individuals (unique users) at your school who are authorized users of one or more of the identified Federal Student Aid systems. This confirmation will only be used to determine the TOTAL NUMBER of tokens you will receive Identify any Third Party Servicer(s) supporting your school Confirm the physical street address to which tokens should be shipped, and provide a telephone number where we can contact you     NOTE: We cannot ship to PO Boxes Attestation/Confirmation Process

  12. Step 2: Federal Student Aid Ships Tokens to School The tokens will be sent to the attention of the PDPA via UPS Step 3: Token Receipt, Distribution, and Registration After the tokens are shipped, FSA will send an e-mail with more information about token distribution and registration The tokens are to be registered within 7 days of receipt Attestation/Confirmation Process

  13. Attestation/Confirmation Process • To expedite the attestation/confirmation process: • Click “reply” to respond to the attestation email message • (Please do not change the subject line.) • Example Subject Line: • GR6 - AR - University Of Central Arkansas - 00109200 - Attestation Required • Complete the TFA Attestation form embedded in the attestation email

  14. Attestation/Confirmation Process

  15. How do I register my token? • Once you receive your token you must register it once for the systems behind PM (NSLDS, CPS and SAIG/EDconnect) and once for each COD account. • Each FSA System website will be slightly different when logging in and registering your token • Next Steps: • Click on the following link: • https://fafsa.ed.gov/FOTWWebApp/faa/faa.jsp • Then click on the Register/Maintain tokenURL on the top right hand side of the screen.

  16. TFA Registration Scenarios TFA Registration Scenario 1 John has access to NSLDS, CPS and SAIG. He will need to register his token only once. Participation Management (PM) COD NSLDS, CPS FFA, SAIG John Doe FSA user ID: John.Doe.FSA Token S/N: AVT 886123456 N/A TFA Registration Scenario 2 John has access to NSLDS, CPS and SAIG and has (1) COD user ID. He will need to register his token (2) times. Participation Management (PM) COD NSLDS, CPS FFA, SAIG John Doe COD user ID: JDOE01Token S/N: AVT 886123456 John Doe FSA user ID: John.Doe.FSA Token S/N: AVT 886123456

  17. TFA Registration Scenarios TFA Registration Scenario 3 John has access to NSLDS, CPS and SAIG and has (3) COD user IDs. He will need to register his token (4) times. Participation Management (PM) COD NSLDS, CPS FFA, SAIG John Doe COD user ID: JDOE01 COD user ID: JDOE02 COD user ID: JDOE03 Token S/N: AVT 886123456 John Doe FSA user ID: John.Doe.FSA Token S/N: AVT 886123456 TFA Registration Scenario 4 John has access to COD and has (1) COD user ID. He will need to register his token only once. Participation Management (PM) COD NSLDS, CPS FFA, SAIG John Doe COD user ID: JDOE01Token S/N: AVT 886123456 N/A

  18. TFA Registration Scenarios TFA Registration Scenario 5 John has access to COD and has (3) COD user IDs. He will need to register his token (3) times. Participation Management (PM) COD NSLDS, CPS FFA, SAIG John Doe COD user ID: JDOE01 COD user ID: JDOE02 COD user ID: JDOE03 Token S/N: AVT 886123456 N/A

  19. Will I be locked out of FSA systems if I don’t have a token? Once your school has been TFA enabled (locked) a token will be required to access FSA systems I received more tokens than I have authorized users. What do I do with the extra tokens? Each token shipment will include at least one (1) extra TFA token, for use as a replacement for a lost or broken token, or for issue to a new authorized user I need more tokens. How do I get them? For additional tokens please send an e-mail to [TFA_Communications@ed.gov] We can only send tokens to the Primary DPA Do I need to provide tokens to my Third Party Servicer? No, however please indicate the name and point of contact if you have engaged a Third Party Servicer TFA Frequently Asked Questions

  20. SupportContacts Two Factor Authentication Questions: For general questions about TFA E-mail: TFA_Communications@ed.gov Central Processing System – Financial Aid Administrators (CPS-FAA) Student Aid Internet Gateway (SAIG) Phone: 1-800-330-5947 / TTY 1-800-511-5806 E-mail: CPSSAIG@ed.gov Website: FAA Access CPS Online (https://faaaccess.ed.gov/FOTWWebApp/faa/faa.jsp) National Student Loan Data System (NSLDS) Phone: 1-800-999-8219 E-mail:nslds@ed.gov Common Origination and Disbursement (COD) Phone: COD School Relations Center 1-800-474-7268(for Grants) Phone: COD Direct Loans 1-800-848-0978 E-mail: CODSupport@acs-inc.com  Employee Enterprise Business Collaboration (EEBC) Support Hours: Monday-Friday, 8 AM – 5 PM Phone: 1-866-441-6633 E-mail:eebcservicerequest@ed.gov eCampus-Based (eCB) Support Hours: Monday-Friday, 8 AM – 8 PM Phone: 1-877-801-7168 E-mail: cbfob@ed.gov E-mail: secarch@ed.gov Website: The eCampus-Based System (https://cbfisap.ed.gov/ecb/CBSWebApp/welcome.jsp)

  21. Contact Information We appreciate your feedback and comments. Please contact: Leslie A. Willoughby Phone: (202) 377- 3896 Email Leslie.Willoughby@ed.gov

More Related