“In general, the original user must make any change to his/her user role – e.g., authorizer changes authorizer, submitter changes submitter, preparer changes preparer.”Since a consultant or contractor may be a Preparer, the consultant can request changes to their status as a Preparer. I would be willing to bet that what the answer was intended to say was that a consultant may not request changes to Authorizers, Submitters or for Preparers other than himself/herself. Pre-Populated Data The answer to Question 1647 contains the standard information about where the data comes from that should be pre-populated on the facility’s Site Security Plan when that tool is initially opened. It also reminds users to review and correct that data. The cautionary note about having to change errors in latitude and longitude only with the assistance of the Help Desk is, as usual, not explained. DHS uses the latitude and longitude of the facility as a major component of its internal tool to determine if the facility is a high risk facility and to assign its tier ranking. If there is an error in that location, there might have been an error made in making those determinations. That is why changes to the latitude and longitude must be made via the Help Desk.
Monday, November 16, 2009
DHS CSAT FAQ Page Update – 11-13-09
Last week DHS posted three new questions and responses to the already extensive CSAT Frequently Asked Question (FAQ) list. Those questions were: 1610: Can a consultant request a user change? 1646: The CSAT Security Vulnerability Assessment (SVA) Tool does not allow printing of large summary reports. Will facilities be able to print large summary reports from the CSAT Site Security Plan (SSP) Tool? 16:47: What data and information from a facility’s Top-Screen(s) and Security Vulnerability Assessment(s) (SVA) will be pre-populated by CSAT in the facility’s Site Security Plan (SSP)? User Changes It isn’t often that I can catch the FAQ preparers in a mistake, but their response to Question 1610 does contain a significant oversight. The answer starts out by stating that: “A consultant may not request or initiate a CSAT user change.” Then they go on to say: