HomeMy Public PortalAboutIDIS OnlineIDIS OnLine Access Request
U.S. Department of Housing and Urban Development
Office of Community Planning and Development
GRANTEE„& REQUESTOR INFORMATION
REQUEST TYPE
OMB Approval Ha, 250641175 emu 04/30/2020
Privacy Act Statement: public Law 97455, Financial IntegrhyAct, 31 u,S,C, 3512,authoriao6
Um Deportment of Housing and Urban Development MUD) to collect all the Information
whichWal be used by HUD to protect disbursement data (ram fraudulent actions. Tim
purpose of the data la to safeguard the Intagmmd Disbursement and Information System
(uss) from unauthmmd across. The slate are used to ensues that Individuals who no longer
require guess la IDIS hove thelr access capability promptly doloted. This Infmmalkn will
not bootharwbe disclosed or ralauaed outside of HUD, menses permitted or raqulrud by
law. Failure to provide ilia Inlmm0an requested on the form may delay the processing of
Year approval for access to IDI6.
Publlelleporting burden for IMs In(onnatkn collection b estimated to average 30 minutes
Including time for collecting, reviewing, and reporting data. HUD may not collect this
rnformation, and respondents aro not required 10 campkte tbls form unless B dbplaysa
currently valid OMO Conbol Number.
Role to be Performed by Headquarters Role to be Performed by Field or Local IDIS Administrator
New Request WI
Renew Lapsed ID ❑
Change Name ❑
Add Access for Another Grantee
Please create a five digit pin that will be used for password resets. 1 2 3o ci 5o
Requestor's. Name (Last, First, MI):
Shepheard, Crista S,
Office Address:
198 N Wilson St Crestview, FL 32536
Grantee Name in IDIS
Cityof Crestview
... ar...
Please Mark All Necessary Functions & Programs
Authorized
Functions
Program
Areas
Set Up Activity
Approve Drawdown
Request Drawdown 0
Local IDIS Administrator U
CDBG e] HOME 0 ESG ❑ HOPWA ❑
HESG ❑ HOPWA-C ❑ HTF ❑ Other:____...
nether, please specify name of program
*Approval of State Sub Grantee Request — CPD State Coordinator or State Official name, signature and date:
)j Name: Signature: Date:
Drop from IDIS
Change Function or Program Area
Con Plan:
Caper:
ii
n
Introduction
This Rules of Behavior (RoB) procedure was developed as a guide to ensure that all users of IDIS Online are made aware of their security
responsibilities before accessing IDIS Online. The RoB defines responsibilities and procedures for secure use of IDIS Online. By reading
and acknowledging these rules, users accept the responsibility to protect 1015 online and data. Users are accountable for their actions
and the requirements to protect 1015 Online data and equipment from both malicious and accidental loss and damage. These rules
clearly delineate the responsibilities of and expectations for all Individuals with access to IDIS Online. Non-compliance with these rules will
be enforced through sanctions commensurate with the level of infraction.
Responsibilities
All authorized users who have access to IDIS Online are required to read, acknowledge understanding, and sign the RoB before accessing IDIS
Online and associated data. This acknowledgement must be completed annually thereafter.
By agreeing to and signing these rules, the user signifies:
1. Understanding that access is given only to IDIS Online to which the user requires access in the performance of their official duties
and the user will not attempt to access systems they are not authorized to access,
Office E-mail Address:
shepheardc@cltyoforestview.org
Office Phone: ext:
850-758-0747
GRANTEE TYPE..... ....�-._ __ ....�...__...
City ® County ❑ State ❑Non Profit :pub Grantee* 0
fi
❑
Create/Edit/Submit jj Edit ❑
Create/Edit/Submit (A Edit 0
IDIS Online Rules of Behavior
September 14, 2015
View ❑
View ❑
ALL PPEN0111 VEIIOONS QfIIISFOAM WILL NOT at ACCEPIEO Oa rnaaa9SE0. Mm FORM 270S51 D5-$4117)
Page 1al3
2. Understanding of the IDIS Online Rules of Behavior (IDIS RoB) security requirements.
3. Acknowledgement that disciplinary action may be taken based on violation of the IDIS RoB.
The 1015 Online System Security Administrator (SSA) verifies that the users who require access to IDIS Online have read and
accepted (via signature on the acceptance form) this IDIS RoB.
Other Policies and Procedures
This IDIS RoB is intended to enhance and further define the specific rules each user must follow while accessing IDIS Online. The rules are
consistent with the policy and procedures described in the following directives:
) Revision of OMB Circular No. A-130, Transmittal No. 3, Appendix i https://www.whitehouse.gov/omb/circulars a130 a130pre
Ill, "Security of Federal Automated Information Resources."
1 Privacy Act of 1974, as amended, 5 U.S.C. § 552a http://www.iustice.gov/opcl/privacy-act-1974
18 USC 1030(a)4, "Accessing to Defraud and Obtain Value http://www.gpo.gov/fdsys/granule/USCODE-2010-titlel8/USCODE-
2010-titlel8-partl-chap47-sec1030/content-detail.html E
NIST Special Publication 800-18 - Revision 1, Guide for http://csrc.nist.gov/publications/nistpubs/800-18-Rev1/sp800-18- i
Developing Security Plans for Information Technology Systems, Rev1-final.pdf
i
( February 2006
1 HUD Information Technology Security Policy Handbook
Application Rules
1
http://portal.hud.gov/hudoortal/HUD?src=/program offices/admin
istration/hudclips/handbooks/cio/2400.25
Because written guidance cannot cover every contingency, you are asked to go beyond the stated rules, using your best judgment
and highest ethical standards to guide your actions. These rules are based on Federal laws and regulations and HUD policies. As
such there are consequences for non-compliance. The following IDIS RoB is the minimum rules for users who are requesting an IDIS
Online user account:
1. You are aware of the existence of and penalty for violating 18 USC 1030 and abide by:
a. The elements of 18 USC 1030(a)4, "Accessing to Defraud and Obtain Value" are:
i. Knowingly accessing a protected computer without or in excess of authorization;
ii. With intent to defraud;
iii. Access furthered the intended fraud; and
iv. Obtain anything of value
b. The penalty for violating this statute includes a fine and imprisonment of not more than ten years, or both.
2. You must adhere to HUD's policy requiring a separation of duties between the requestor and approver for financial
transactions:
a. Effective December 14, 2001, the same person can no longer both request and approve a given draw down in IDIS
Online.
b. While individual persons may have the power to both request and approve draws, this rule prevents an individual
from approving a draw that he or she created. IDIS Online requires two people to be involved in every draw down
of funds.
3. Currently, the IDIS Online Local Administrator initially defines what a person can do in IDIS Online, carrying out the
wishes of each grantee's authorizing official — mayor, grant holder, CEO, CFO, etc. Some users have full rights, while
others have limited rights of various kinds. You understand that you are given access only to IDIS Online to which you
require access in the performance of your official duties and that you will not attempt to access systems that you are not
authorized to access.
4. You are prohibited from misusing IDIS Online, i.e., exceeding your authority. Your level of access to IDIS Online is limited to
ensure your access is not more than necessary to perform your legitimate tasks or assigned duties. If you believe you are
being granted access that you should not have, you must immediately notify the IDIS Online SSA via email at
IdisUseridRequests@hud.gov.
5. You must immediately notify your Supervisor, CPD Field Office Administrator, and/or your Local Grantee Administrator if
your access/privilege are no longer required, termination, promotion, and transferred.
6. You must maintain the confidentiality of your authentication credentials such as your password. Do not reveal your
authentication credentials to anyone and do not record passwords on paper or in electronic form.
7. You must report all security incidents or suspected incidents (e.g., lost passwords, improper or suspicious acts) related to
IDIS Online to the HUD Computer Incident Response Team at CIRT@hud.gov.
8. Your IDIS Online password expires every 90 days, so ensure you access IDIS at least once a month. Users who do not use
IDIS within a 90 day period will find their accounts are de -activated.
h1 PREVIOUS VERISONS OF THIS FORM Ma NOT RE ACCEPI Et) OR PROCESSED. HUD FORM 27055 (OS.15-2017)
Page 2 or 3
9. You must follow proper logon/logoff procedures. You must manually logon to your session; do not store your password
locally on your system or utilize any automated logon capabilities. You must promptly logoff when session access is no
longer needed. If a logoff function is unavailable, you must close your browser. Never leave your computer unattended
while logged into IDIS Online.
10. You must not establish any unauthorized interfaces between IDIS Online and other non -HUD systems.
11. Your access to IDIS Online constitutes your consent to the retrieval and disclosure of the information within the scope of
your authorized access, subject to the Privacy Act, and applicable Federal laws.
12. You must safeguard IDIS Online resources against waste, loss, abuse, unauthorized use of disclosure, and misappropriation.
13. You must not process classified national security information on IDIS Online.
14. You must not browse, search or reveal IDIS Online data except in accordance with that which is required to perform your
legitimate tasks or assigned duties. You must not retrieve data, or in any other way disclose data, for someone who does
not have authority to access that information.
15. By your signature or electronic acceptance (such as by clicking an acceptance button on the screen), you must agree to these
rules
User Acknowledgement and Certification— I acknowledge and certify that:
1. I understand the IDIS RoB and Federal Government policies as set forth above regarding security awareness and practices
when accessing and utilizing IDIS Online.
2. I have read and understand the IDIS RoB governing my use of IDIS Online and agree to abide by them.
3. I understand my responsibilities and the penalties for NOT ADHERING to the IDIS RoB.
4. I understand that failure to comply will result in disciplinary action against me which may include, but are not limited to, a
verbal or written warning, removal of system access, reassignment to other duties, demotion, suspension, reassignment,
termination, and possible criminal and/or civil prosecution.
Requester Name: Crista Shepheard Signature:
GRANTEE APPROVING OFFICIAL
Approving Official's Name:
Title:
G *-Y Ivtl:A— `� C
Office Phone: ext.:
g50 -653) - 3g I a
Office Address: (Street, City, State, Zip)
Hi (-X sow St 2 Ilk)
Gfest �;�W , FLQ2; csL
Signature!
Date:
authorize the person above to have access to IDIS functions checked.
HUD FIELD OFFICES
Field Office Approval (CPD Director or Designee)
Name:
Signature:
NOTARY
The Approving Official's signature must be notarized to
verify the identity of the individual who signed this
document using the appropriate notary certificate of the
state, territory or insular area. Once completed, attach
the completed notary certificate to this form and send
to your local HUD CPD Field Office. If your state,
territory or insular area does not require a notary
certificate, use the space below.
Date:
Signatur
4g`?" t'f . ELIZABETH M ROY
MY COMMISSION # GG 133884
R ` Bonded
August 28, 2021
ded Thru Notary Public Underwriters
Date:
All PREVIOUS VERISONS OF THIS FORM WILL NOT BE ACCEPTED OR PROCESSED. HUD FORM 2 FOSS (OS.15-2013)
Page 3 of 3