CAO & DSA Reporting Guidelines
Chief Administrative Officers (CAOs) and Departmental Security Administrators (DSAs) are required to perform the following reviews:
- On a monthly basis, CAOs should review the unread Post-Authorization Notifications (PANs) of mandatory reviewers, taking note of how long it takes each reviewer to read their PANs to ensure that delays are promptly addressed. This information may be accessed using the “Reporting As Of Date” function report on the PAN Main Menu screen. The report lists all PAN notifications (read and unread) for each reviewer and shows the number of days notifications were in a users’ queue before being reviewed, as well as those that remain unread.
- On at least a semiannual basis, CAOs should discuss with the DSA(s) which privileges have been granted and revoked in the intervening period. Both parties should review documentation maintained by the DSA(s), which summarizes the accountability structure and privileges granted.
- On at least a semiannual basis, Distributed Administrative Computing Security System (DACSS) Query Database (QDB) Reports should be reviewed by CAOs for accuracy. The review need not be detailed, but it should be substantive. A list of the reports is provided in the table below.
On at least a semiannual basis, CAOs should spot-check the Online Administrative Systems Information Services (OASIS)/DACSS to validate reports on accountability and accesses granted:
- Review a list of preparers for selected DEPT codes.
- Review a list of reviewers (both mandatory and nonmandatory) for selected DEPT codes.
- Verify those set up as DSAs for selected DEPT codes.
- Review recent changes for individuals, in particular those who were transferred or assumed new responsibilities.
DACSS QDB Reports
|#1. Users by Appointment Unit(s)||Generates a list of all employees with a logon ID, including those that do not have any DACSS functions associated them.|
|#3. Users by Appointment Unit(s), their functions and values||Generates a list of all employees in a chosen appointment area who have a logon ID and have been given DACSS functions. This includes information regarding assigned values associated with each value- and nonvalue-based function for each logon ID.|
|#7. Separated Reviewers||Generates a list of all reviewers for selected units that have an employment status = S (separated).|
|#8. Separated employees for a specific System Access Request (SAR) unit(s)||Generates a list of all users with employment status = S for a selected SAR department code and indicates whether the logon has been suspended or is still active. The report does not indicate whether the logon has any functions associated with it.|
|#10. Separated employees with their functions codes for specific SAR units(s)||Generates a list of all users with employment status = S for a selected SAR department code. For each user, it lists the function codes associated with the user logon ID, including values associated with each value- and non-value-based function.|
|#11. Separated employees who have access to specific units||Generates a list of all users with employment status = S who have value based functions for a specific unit.|