SEC-02 Pre Built Reports - Security

As part of this specification, NCFS Agency User Security Report will be developed with the ability to execute on demand, by Agency/Business Unit, Department Name or by User ID. The user should be able to select one parameter, or multiple parameters, or ALL parameters at report generation time. The user should also be able to select one Username or multiple Usernames or ALL Usernames at report generation time.

Report data flow:

• NCFS Security will create/enter all State of North Carolina Usernames, their Job Role access as well as their Data access for the NCFS.
• NCFS Security team will grant access for Agency Security Administrators so they may execute the report quarterly for Security Reviews by Managers.
• NCFS Security team may also generate this NCFS User Security report on demand for Security Reviews.
• Managers will submit Security Change requests as needed after reviewing report.

As part of this specification, FBR AAC Incidents by Business Unit. Detail Report will be developed with the ability to execute by Business Unit, Control Name, or by User ID. The user should be able to select one parameter, or multiple parameters, or ALL parameters at report generation time. The user should also be able to select one Username or multiple Usernames or ALL Usernames at report generation time. This report should also include detailed information on user access conflicts so that the NCFS Security team can resolve any role level SODs that may need to be remediated.

Report data flow:

• NCFS Security team will create/enter all State of North Carolina Usernames, their Job Role access as well as their Data access for the NCFS.
• NCFS Security team will schedule the schedule the access controls to run on a regular basis.
• NCFS Security team will schedule the schedule the report synchronization process to run on a regular basis.
• NCFS Security team will execute the report quarterly for Security Reviews by Agency Security Administrators.
• NCFS Security team may also generate this NCFS AAC Incidents report on demand for Security Reviews.
• Agency Security Administrators will submit Security Change requests or remediation documentation as needed after
  reviewing the report.

As part of this specification, FBR AAC Incidents by Business Unit. Summary Report will be developed with the ability to execute by Business Unit, Control Name, or by User ID. The user should be able to select one parameter, or multiple parameters, or ALL parameters at report generation time. The user should also be able to select one Username or multiple Usernames or ALL Usernames at report generation time.

Report data flow:

• NCFS Security team will create/enter all State of North Carolina Usernames, their Job Role access as well as their Data access for the NCFS.
• NCFS Security team will schedule the schedule the access controls to run on a regular basis.
• NCFS Security team will schedule the schedule the report synchronization process to run on a regular basis.
• NCFS Security team will execute the report quarterly for Security Reviews by Agency Security Administrators.
• NCFS Security team may also generate this NCFS AAC Incidents report on demand for Security Reviews.
• Agency Security Administrators will submit Security Change
  requests or remediation documentation as needed after reviewing the report.

As part of this specification, FBR AAC Intra Role Conflicts Report will be developed with the ability to execute by Role Name or Control Name. The user should be able to select one parameter, or multiple parameters, or ALL parameters at report generation time. This report should also include detailed information on role access conflicts so that the NCFS Security team can resolve any role level SODs that may need to be remediated.

Report data flow:

• NCFS Security team will create/enter all State of North Carolina Usernames, their Job Role access as well as their Data access for the NCFS.
• NCFS Security team will run the controls following any role changes where new privileges have been granted.
• NCFS Security team will run the Report Synchronization Process following any role changes where new privileges have been granted.
• NCFS Security will generate this NCFS AAC Intra Role Conflicts Report on demand for Security Reviews to determine if a role
  change has introduced a new SOD conflict.