Annual CMS Security Reauthorization

Annual CMS Security Reauthorization

The CMS Security Reauthorization is an annual reauthorization of CMS/PeopleSoft security roles granted to employees with administrative accounts. Student Administration, Human Resources, and Financial roles are included in the reauthorization.  Insight Reporting and CMS/PeopleSoft access granted via self-service, such as Faculty Center and Absence Management Self Service, are not included. 

The reauthorization process includes a review of roles by the direct lead/supervisor who initiates the process, an employee confirmation of the continued business need for the current access and agreement to comply with the current Information Security policies and procedures, and an Appropriate Administrator reauthorization of the access. 

To go to the Dashboard, click here

Deadlines

PeopleSoft Annual Reauthorization of Roles will take place in March, 2014.  Access to PeopleSoft Student Administration, Human Resources and Financials, Data Warehouse and INSIGHT are included in this reauthorization process.

  • Lead/Supervisor reviews by – 3/7/14
  • Employee confirms by – 3/14/14
  • Appropriate Administrator approves by – 3/21/14

 

CMS Security Reauthorization Process Flow

CMS Security Reauthorization Process Flow

Background and Requirements:

It is the responsibility of the Employee as well as the Lead/Supervisor to understand the security roles and permissions assigned to each employee.  Access and account privileges must be commensurate with job function, need-to-know, and employment status.   It is the responsibility of the Employee, Lead/Supervisor, and Appropriate Administrator to verify that access to information resources has been revoked in cases where employee has experienced a change of employment (e.g., termination or position change), or when job duties no longer provide a legitimate business reason for access (CSU Information Security Policy ICSUAM 8030 300, ICSUAM 8060 500).

Except where specifically permitted by campus policy and by the appropriate data owner, Lead Supervisors and Appropriate Administrators may not re-authorize employee roles or permissions for positions or responsibilities for which the Lead/Supervisor or Appropriate Administrator is not responsible (ie. employees with multiple positions).

References

CSU Information Security Policy ICSUAM Section 8000   

CSU Access Control Policy ICSUAM 8060

CSU Access Control Standard 8060.S000

CSU Asset Management Policy ICSUAM 8065

CSU, Chico Account Management Standards

Frequently Asked Questions (FAQs)

Why are we doing this reauthorization?

CSU Policy and CSU, Chico Account Management Standards require that all user accounts be reviewed at least annually to ensure that access and account privileges are commensurate with job function, need-to-know, and employment status. 

Who do I contact if I have questions regarding the process?

E-mail cmssecurityreauth@csuchico.edu with any questions regarding this process.

Who do I contact if I do not understand someone’s access?

E-mail the appropriate CMS security team with specific CMS access questions:

CMS HCM - Human Resources Module: hrsecurity@csuchico.edu

CMS HCM - Student Module: sasecurity@csuchico.edu