Security Investigation Process Will Be Streamlined

Account sponsors and alternates for the MVS South system have the overall responsibility for the proper use of their accounts. One aspect of this responsibility involves responding to security investigations triggered by repeated attempts to gain access to the NIH Computer Center facilities with incorrect RACF passwords. At present these investigations require numerous communications between the Computing Facilities Branch security investigators and the account sponsor—often a time-consuming and cumbersome process.

Security investigations for the MVS North system are handled in an efficient and effective manner. Beginning in September, this same process will be used for security investigations on the MVS South system. On that date, if a set of registered initials has been deactivated due to an apparent security breach, electronic mail will be sent to the account sponsor. The sponsor must still investigate the incident but, once satisfied that no improper use of the account occurred, the sponsor can then reactivate the initials. The Web Sponsor facility will be enhanced to allow this—no communications with Computer Center staff will be necessary. Prior to September, a memo will be distributed and electronic mail sent to all account sponsors to detail these changes.

This change will significantly streamline the security investigation process and will allow the account sponsor to control the time involved in reactivating the initials. The Computer Center's security investigators will, of course, be available to assist with any aspect of the investigation. They may be reached by calling TASC.