CAPPS Notes - August 18, 2004

I. Welcome (Cliff Lee) -

Cliff covered the logistics for evacuation in the event of an emergency and relocation in the event of a "Shelter-in-Place" crisis. He also requested that participants sign the 'sign in' sheet.

II. PKI (e-Authentication Solutions) (Randy Speed/Jim Julian) -

Randy provided an update on where NFC is with its PKI initiatives at this point. NFC is positioning itself away from the terminology of PKI and in its place is using the term e-Authentication. Clients should still think of PKI as a Level 3 to 4 (stronger form) of e-authentication. NFC accomplishments include up to 3,000 customers using the system and additional roll outs forthcoming between now and the end of CY2004. NFC is talking to other customers and bidding for the service of others (e.g., NASA). It is very expensive to operate a PKI provider service. Some agencies who initially established a service are now interested in outsourcing. In order to become a PKI provider, you must go through a certification process. An RFP was issued and NFC bid on it. It involved a shared package and a demonstration for a very intense operation. Providers have to meet 32 mandatory operational requirements. Providers have to follow a very specific policy requirements. NFC submitted its package. One other competitor at the time also submitted a package. Upon review, NFC met 31 of the 32 requirements. Although not all requirements were initially met, overall NFC did exceptionally well. The encryption used on NFC's CA application was the 1024-bit encryption, but we are now operating at the 2048-bit encryption. On July 6th, NFC was selected for government-to-government PKI services. At that time, one other CA provider was selected as well. NFC staff is very proud of its accomplishments and this selection.

NFC needs to E-authenticate enable some of our applications. NFC plans to pilot this technology on the CLER project for OPM, as well as, NFC's Reporting Center (RC) and Star web. NFC will move forward with enabling CLER and RC first. NFC will put together a project plan in the next month and have the work done sometime in the Fall of this year. Randy clarified that RC users will not be required to use PKI to access the RC. Utilizing the PKI technology will enable a user to receive additional data.

Q: USDA - What does this mean for a USDA employee where we had to do our own e-Authentication since every employee had to do this? A: Randy indicated that NFC is in partnership with OCIO to determine the levels of assurance OCIO needs. If the access levels are 1's and 2's, users will already have their passwords. Once behind that OCIO umbrella you can use the user id's and passwords. If level 3 security is needed, users cannot use a level 2 access and must have a level 3 certificate. NFC wants one helpdesk for all e-Auth initiatives. Currently NFC has them in Ft. Collins and New Orleans and NFC is working to streamline the whole process. Jim added that the e-Gov initiative is to assess all access request and mandating of the certificate will be forthcoming. Level 1 and 2 access versus Level 3 certificate. Certificate is a more inclusive form. It gives the user the ability of a single sign on. As NFC moves these applications into the RC, depending on what part of the RC a user accesses, s/he may be able to use a Level 2 access. If the data requires Level 3 security, the user must have a certificate. FQ: USDA - If we did the testing and we received the certification, since we have already signed and been given our ID's, are we OK? FA: You have the USDA certificate, from USDA perspective, to have level 2 access is great. You would have access to necessary Level 2 and Level 1 applications. Level 3 is the best because that covers levels 1 and 2 access also. There are some technical issues with this still pending. USDA is our first client to do this. From NFC's perspective, we have customers all over the place. USDA was mandated to get a Level 2 by Fall 2004. FQ: USDA - Is someone paying for both certificates for us? FA: At the moment that is true. However, down the road Level 3's should cover level 2's. Mark indicated it's better than having 30 certificates. USDA expressed concern about the costs.

STAR 4.0 is rolling out and NFC will eventually PKI enable it also. At the moment, no date has been set for this.

An audit was completed in April and only a few minor issues were found. NFC is now official. NFC has also updated the latest version of software, 7.0, which provides the 2048-bit encryption. NFC is helping USDA build a database with only one feed that will populate a common employee database used by USDA.

NFC has renegotiated a blanket purchase agreement which can be used for encrypted email and getting to PKI enabled applications. Now clients can buy one license and it can serve all functions for all PKI and Level 3 access and can be used for any application (e.g., digitally sign documents, access RC data, etc.). NFC will no longer offer the single application bundles, clients will just buy one license for all the applications. The price has been reduced to $20 for a full enterprise license. The annual cost includes all maintenance and operational costs. NFC is still negotiating annual costs but we will not exceed $22 per user per year. If you want to start business with NFC, there is a $20, one time purchase fee, then the annual cost of $22 per user per year. The annual cost only applies to an active user. For example, if an agency buys 1,000 licenses but only want 100 activated. The agency will pay $20 for the 1,000 user licenses, but only pay @ $22 annual maintenance for those 100 activated licenses. The NFC price is pretty exceptional.

NFC is continuing to work with cross-serviced agencies and committees for policy changes, etc. If clients want more information, please contact Randy Speed (Randy.Speed@usda.gov) or Theresa Trentacoste (Theresa.Trentacoste@usda.gov). If an agency is interested in being a pilot agency for RC, the reps should also contact Randy or Theresa.

III. Leave Error Report (Jules Leaumont) -

NFC will be discontinuing the issuance of a hard copy of the leave error report mailed to T&A Contact points from the DISPATCH system and has moved this report to the Reporting Center. NFC originally scheduled the discontinuance for the end of the calendar year. However, in consideration of end of year leave restoration issues and/or leave errors that require correction, this discontinuance date has been moved to February 2005. Clients agreed that NFC should not change the procedure until early 2005.

Penny indicated that this move to electronic accessibility is the direct result of an OIG audit concern in USDA. USDA's OIG is concerned that the leave error report is being sent to incorrect locations (i.e., TMGT003 is not being kept current). Therefore, the system generated version of this report will be discontinued and NFC will add the report to the RC. NFC recognizes that this is considered detailed data on the RC and some agencies have not given NFC permission to place their detailed data on the RC at this point. Those agencies may still run the Leave Error Report via CULPRPT. The RC version will be an option under the Administrative grouping. Each report under this category requires individual access. When NFC was preparing the draft bulletin, much consideration was given to the termination date of the mailed report. The initial date was set at the end of the FY, moved to the end of CY, and finally set for February (PP-03/04) of 2005. This extended date will give everyone time to gain security access for the RC. If agencies wish for their T&A contact points reps to be able to access this data, each will need an NFC User ID and password for the RC. The security request will need to be submitted via the Agency Security Officer (ASO). The security request must specify the T&A Contact Point(s) for which the user is to be granted access.

When NFC staff were preparing for the RC version release, they compared the DISPATCH and CULPRPT versions of the report. The one in CULPRPT is sorted by POI versus T&A Contact Point. Agencies who do not wish to use the RC version need to realize that the CULPRPT version is different. Clients were reminded that it is taking some time to get security access. Jo suggested that for those using STAR web, maybe we can combine any new security requests to include access to the same T&A contact points for the Leave Error Report on the RC. This will prevent multiple requests by the agencies and thus reduce the volume of different requests to the security office. Penny expressed concern that this call will have to be made by the dept/agcy to ensure the detailed data is "OK" to be placed on the RC since access is via the internet. Jo pointed out that the access can be granted on the users security profile since the ASO needs to submit the request anyway. If the access is in the security profile, but the data is not loaded, no harm is done. Penny indicated it was a good idea from a security standpoint but was concerned that there may be other issues. Access to the Administrative reports is not automatic as new reports are added to the group, but rather via special request for each individual report. Randy indicated that if the ASO requests STARweb (with the access to the RC Leave Error Report included) and the agency authorizes detailed data at a later date, there would be no need for a 2nd access request.

A. Q: TR - What are the various levels for this report? T&A Contact Point, Bureau? A: Jo - Just those two. Penny agreed.

B. Q: TR - Since the two reports are not alike, has NFC considered making them alike? R: Jo asked why an agency would want them alike. FC: TR - Because of the limited authorization to the RC. FA: Jo - The report in CULPRPT is sorted by Agency, POI, and then T&A Contact Point with a page break on T&A Contact Point. FC: TR - OK, fine.

C. Q: CFTC - If an agency has already requested thru the GESDREQUEST mailbox for certain reports on the RC, do they need to do this every time a new report is issued? A: Penny indicated that once an agency has agreed to have detailed data loaded, any report will be added to your access as long as the report is a general report and listed as an agency specific or detailed report.

D. Q: DHS - Why are we discontinuing this report? A: Jo - The report is sent to names/addresses pulled from TMGT 003. In many cases therefore it is going to out-of-date addresses, names, etc. Now access to the leave error report will not be tied to names and addresses on the TMGT 003.

E. Q: PTSA - When will the report be available on the RC? A: It is available to users now, but they must request security access to the specific report. NFC will be discontinuing the paper reports in PP-03/04 of 2005.

F. Q: USDA - Getting data loaded is one thing, getting access is different? A: Penny - Yes, that is correct. You must request the access to the specific report because of the sensitivity and nature of the data. C: Jo - If you do not have access to a report, it will not be shown on your RC list of reports. If you see it, you have access to it.

G. Q: DOJ - On the leave error report, until access to detailed data on the RC is granted, do they need to ask for it? A: You can still get the system generated version. NFC is not stopping the dispatch distribution until the end of February 2005. FQ: DOJ - If by the end of February they do not have access to the RC, what happens? Will we have to allow access to the HR Offices to mail them out themselves? A: Yes the agency will have to mail it if it has to be mailed. NFC is delaying distribution until February to allow agencies time to get access to the RC.

H. Q: TR - Are we requesting access for one report? A: Yes, specific instructions are on the bulletin. Q: Is there anyway we can get a listing of all reports? A: Jo - On RC sign-in page, you can look at the left hand bar and see all the reports available. There is also information about the detailed reports.

I. Q: FMCS - Is the bulletin going to have instructions for the ASO to request access? They have many concerns about the ASO's and what they have to ask for. A: The detailed request information will be in this bulletin. If you have access to RC and detailed data, you will be able to access the report. FQ: Does data get loaded and access granted simultaneously? FA: No. There are multiple groupings of report data. For example, Personnel Action Reports is a category on the left. If a user has access to that category, auto access is available to any new reports in this area. Administrative Reports is different category - this is where the Leave Error Report will be located. Access to a report in this category must be requested individually. There is no auto access to these reports. The only auto access is to Personnel Data reports. FQ: Where does an individual go to obtain instructions for requesting access to each application? FA: For information on the "Big picture" level for an ASO s/he can send an e-mail to NFC.SECURITYOFC@usda.gov. Check prior CAPPS notes for more information on detail information on the RC and security. GC: Additional agency representatives expressed concerns about knowing what to ask for, who to ask, etc. and the bulletin board is out of date as well. The training provided to the ASOs is out of date. Security issues are very cumbersome and NFC security is requiring a lot of information on these requests. FC: We need to work in conjunction with the agencies and security so that the process to grant access does not become so burdensome.

J. Q: TR - Let's not let this issue ride until the September meeting. Maybe we can find out what is covered and what is not since the training is outdated. NFC Q: Penny - Is there an ASO workgroup? R: No, per ASO. FA: Penny will coordinate a meeting. DHS, FMCS, and PTSA immediately volunteered to participate. Penny requested that agencies send her and Jim Julian an e-mail with their issues. They will coordinate a conference call to discuss these security issues.

K. Q: TR - Just want to clarify one thing. To use the T&A error report on the RC, the agency must have detailed data loaded, right? A: Yes.

L. Q: DOJ - DOJ will not want the T&A Contact Point to have access to the RC. Given that - I have a real problem with this because we now want the HR folks to do mass mailings. A: Once PKI is enabled would they feel more comfortable with that? All NFC development is web related. NFC will work with all departments/agencies to determine the best method for utilizing the web format. FC: What was stated here, we cannot give this to all timekeepers. FA: They will only have access to that one report. FC: If they go thru RC, they will get access. FA: Penny will meet with DOJ separately in October.

IV. New Regs on Locality Pay & Danger Pay (Cliff Lee) -

On August 5th, OPM issued a Federal Register release in coordination with Department of State. The change in regulations mandates that agencies compute danger pay and post differential based on danger pay plus locality pay. The new regulation becomes effective this pay period. It only applies to an employee detailed to foreign country or in travel to that country and eligible for this pay.

A. Q: TR - What is the effective date? A: August 8, 2004 - this pay period.

B. Q: TR - Will the system compute this and take locality into account? A: Cliff - NFC has been doing this (even if it was wrong) and affected employees have been overpaid. However, only a small number of employees were affected. The good news is that the system is already ready for the new regulations.

C. Q: What about overpayment? A: Cliff - You can collect it or waive it. You will need to set up a bill. This is not the employee's fault, the agency has the flexibility to waive it or collect the overpayment. Cliff did not know if NFC was in a position to identify the affected employees. Penny indicated that NFC has not done that at this point, but the staff will look into it.

D. Q: DOJ - If we have people that are on TDY and not in a danger post and may be receiving post differential, what about these folks and calculating on scheduled salary? A: Cliff - The system is doing the TDY calculations based on the employee's permanent duty station. FC: What we are asking is: If someone is on TDY and their permanent duty station is DC but are sent somewhere with post differential without danger pay, then my post differential would need to be based on my scheduled salary without the DC Locality. What is the system doing? FR: Jo indicated that DOJ is the only agency with programming for post differential for TDY assignments. Neither she nor Cliff know what was in the DOJ requirements for this. FQ: DOJ indicated that the requirements specified the base salary. However, my question is are we going to leave those people alone since the regulations say on scheduled salary? What about those folks? FR: We cannot answer that right now, research will be required from NFC South on what is in the programs now.

E. Q: TR - Since TDY post differential is programmed for DOJ, you have not made changes to open up this up for any other agencies yet? A: Jo - we are exploring this and we are going to try and organize requirements and get this done. Right now DOJ's programming does not accommodate those employees already overseas. If an overseas employee is put on TDY via the system, there is currently no way to return his/her post differential code to the foreign post upon completion of the TDY. C: DOJ indicated that they had addressed this issue and that she had the requirements, but nobody had requested them. FC: Jo indicated that she had contacted the DOJ requirements representative, but that if DOJ could share those requirements it would be appreciated. R: DOJ agreed to share this information.

Post Meeting Update: Cliff contacted Jeanne Jacobson at OPM's Pay and Performance Policy staff for clarification of the interim regulations. Jeanne indicated that locality pay is only used in the computation of post differential if (1) the employee has a permanent duty station in the 48 states and (2) the Dept. of State has established a danger pay allowance for the overseas location to which the employee is detailed or TDY. If an employee is detailed to a foreign duty station with post differential and Dept of State has not established a danger pay allowance for that location, the post differential is computed on basic pay, exclusive of locality pay.

V. Miscellaneous

A. The Fiscal Year-end reminder bulletin is now on the NFC web page. Pay period 19 is fast approaching so agencies should make sure that T&A staff are aware of changes they may need to make in the last pay period of the fiscal year.

B. There have also been several state tax change bulletins from NFC. In particular one in PP-15 which impacted employee salaries.

C. C: TR - IRS has employees in two WV's cities where the city is imposing fees. NFC has placed those records into the employees' individual database records. We had no idea NFC was planning to do this and the employee records went to SINQ. The agency received no notification from NFC that the affected employee records would be touched. Why? R: We will check on that. C: Everyone needs to know the answer, since the cities imposed the new user fees. Actions go into SINQ? A: Yes, if certain changes occur. Gary checked with Jules on the status of the bulletin. It has gone through the red-sheet process. The bulletin is going to GESD for sign off and should be released ASAP. FC: When did the WV city user fee policy go into effect? R: It was effective in PP-16.

VI. Status of 2004 Retroactive Pay Adjustment Processing (Donna Speed) -

Donna indicated that there are 40 cases remaining. They are distributed across the databases as follows: CV05 = 11, CV06 = 28, and CV07 = 1. Q: For CV06 which agencies are affected since this CV is shared by so many agencies? A: Specifically, no. The affected agencies received reports in the July CAPPS meeting. Agencies should refer to those reports to determine if they remain affected.

A. Jody distributed reports in electronic format via e-mail. However, nobody in the meeting received them. She will pursue the issue, there may be a firewall issue and the attachment may be blocked.

VII. Benefits Updates (Jody Nyers) -

A. FEGLI Open Season runs from September 1 through 30, 2004. HOWEVER, the first effective pay period is in September 2005. Clients currently utilizing the PACT system in lieu of EPIC need to be aware that NFC has no mechanism of capturing the "I" documents and moving them to EPIC once the POI converts to EPIC (which quite possibly will occur before the September 2005 effective date). Therefore, PACT users will need to delay input until after converting to EPIC or September 2005 whichever comes first. This information will be in the NFC bulletin addressing this FEGLI Open Season.

1. Q: TR - There are no system checks? A: Jody - No, the agency must confirm that the pay and duty status requirement was met. Jo added that staff can utilize PQ025 to confirm the number of hours in pay and duty status. FQ: Does Military time meet the pay and duty requirement? R: Unknown.

B. FEHB Coverage Code KA (OmniCare Health Plan) is ending FEHB participation at the end of September. Report has been run and copies of affected employees will be distributed.

C. Flexible Spending Account Customer Service - FYI Jody received an inquiry from one of the agencies who had been speaking with a SHPS Customer Service Representative (CSR) regarding employee eligibility. The CSR informed the agency that there are belated open seasons and the employee could enroll. This information is partly correct since it is up to SHPS to determine if a belated open season enrollment can occur. Jody discussed this with SHPS and SHPS indicated that they have been experiencing numerous CSR issues that are being addressed. One thing is certain, SHPS is concerned about declining usage and are hoping that customer service is not the problem.

D. Health Savings Account Update - Per a conversation Jody had with OPM, they are still in negotiations for the 2005 plan year and have no specific information at this time but hope to have something by mid-September. OPM Director James sent a letter to interested parties - mostly members of Congress - who inquire about OPM's plans. Some constituents are opposed to the idea of Health Savings Accounts being introduced into the FEHB program so who knows where this will end up.

VIII. Employee Express Update (Jody for George Morris) -

A. Fall Testing has been completed and the changes will go into production on August 31st.

B. The Interactive Voice Decision (IVD) will proceed with updating the system primarily for the support of the Treasury and the Dept of Labor. The cost to retain minimal software is roughly $50,000 per client. The upgrade will occur in approximately February/March 2005.

C. The Checkbook v.s. SmartPlanChoice purchase decision is still up in the air. The issue is about which agencies want to 'group' their buy with EEX vs purchase a separate contract with vendors.

D. EEX is going to quarterly invoice/billings. Charges will be based on flat fee of 24 cents per employee per month. Development costs will remain separate, but will also be billed quarterly.

E. CFC Update - OPM is still in a mess over the CFC situation. Each of the 360 separate campaigns retains virtual autonomy, which makes any rollout beyond the pilot extremely difficult. The Washington area campaign is still not on board so EEX will have to wait until next year to expand this initiative

F. E-Payroll initiatives in EEX

a. EOD Process - EEX wants a work group to convene and review the Air Force EOD system for transfer to EEX with minimum changes (enhancements for future). The AF system does not currently feed payroll/personnel systems, so this is merely an initial data capture system.

b. FEHB Year Round Transactions - EEX is working with OPM to automate the FEHB year round transactions. The initial effort would be only for self certifiable actions which require no review by the agency. EEX currently has indicators in place for employees impacted by court-ordered FEHB and premium conversion so this would not be a stumbling block.

IX. Followup on PAYE Accelerated for PP's 15 & 18 (Penny Forbes) -

PP 15 is no longer an issue. NFC offered the opportunity to accelerate running the last pass of PAYE for PP-18 which would move it to FRIDAY (September 24th) as opposed to Saturday (September 25th). If you have any comments, reply to Penny by August 20th. NFC will be implementing new e-payroll clients and may need to push it back if we need more time to implement the new agencies.

A. Q: TR - Since the IRS wants this, when I tell them there could be a clinker (i.e. new E-payroll clients), how much notice will we have? A: We should know in the beginning of the process week of PP-18.

X. STAR 4.0 Update (Penny Forbes) -

NFC is moving forward with production pilot of STAR 4.0 that began in PP-15. There have been a few issues that staff has dealt with, but NFC is planning on moving forward with the full production in PP-17. That means that in PP-17, STAR 3.0 will be retired! The new version will be available on September 2, 2004, for the beginning of PP-17 T&A processing.

A. Q: DOJ - As a result of PP-15's pilot, there will many changes to our guidance from findings from the pilot. When will be able to get something definite to prepare for PP-16 such as instructional guidance? A: Jo indicated that the new manuals will be posted on September 2nd also. FC: DOJ - We reported issues found in PP-15 and programmers are making changes now. To prepare my timekeepers for PP-16. When will programmers know what needs to be changed? A: Jo indicated that if she was referring to the information submitted by Grant, those changes were being put into place later today. She was not sure if Grant had a chance to test the other issues he had reported that are already fixed. FC: Grant has reported to Deb his conversation with the programmers. Are they certain how to handle things? A: Jo asked which specific items were of concern? A: DOJ - Yes, and they have been sent to Ashley. A: Jo indicated that the way the rollover feature operated was not an error, and would not be changed before PP-16. Penny asked if these issues are being reported to Jo and then to Kim? A: DOJ - No they are not. We made NFC aware of issues in the pilot for PP 15. It was easier to get 15 thru this way. A: Penny replied that you report issues to NFC and do not follow the process, NFC is not prioritizing the items as they should be.

XI. User & Work Group Updates

A. Awards - (Jo Bonner) The next meeting is scheduled for September 8th from 9:30 to 11:30 in Resource. A reminder notice will be issued shortly. Currently there is only one major problem that they are aware of and it relates to the correction of time-off awards. If there are any other issues, please let Jo know.

B. EPIC - (Mark Liegey) - The next meeting is scheduled for 10 am on August 19th. Everyone is invited. Please send an E-mail to Mark if you want to be added to the E-mail distribution list. The major agenda item will be the pros and cons of the 006/update issue.

C. FESI (Glenda Dorsey) - no report

D. ICAMS - (Glenda Dorsey) - no report

E. PINE Edit - (Cliff Lee) - On hold. Currently working with the EPIC group for changes.

F. PMSO - (George Morris) - no report

G. T&A - (Jo Bonner) The next T&A User Group meeting is scheduled for September 2nd from 9:30 to 11:30 in the Resource room .

XII. Treasury's Electronic Savings Bonds Program - TreasuryDirect (Kim Treat) -

Kim Treat, the Associate Director for Investment Education & Communications at Treasury, provided an overview of the new Treasury Direct (TD) Electronic Savings Bonds Program.

A. Key points in the discussion were:

1. A new way to receive Savings Bonds - all electronic;

2. TR announced that it will stop issuing paper savings bonds in the future;

3. TR is going to do implement the new system in a staged fashion (other agencies, employees and lastly with financial institutions); and

4. TR requested agency personnel help in educating employees about this change. When TR stops selling paper savings bonds, employee's need to be aware of the electronic bond options. Agencies can contact Mr. Treat directly on 202-504-3535.

B. Send out electronic copy..... TreasuryDirect.gov - Employees must have an account online with the Department of Treasury to use the system. They will also need to set-up DD/EFT routing info, etc.

XIII. Potpourri

A. TR - SF-50 B issue designated for the Employee Personnel Page (EPP) in October 2004. Would like more information on this particular issue. It appears that NFC intends to send everything send copies of the RFQS SF-50B's to the EPP also. Treasury is trying to see if that is the proper way to go particularly due to settlement cases or corrections/cancellations whereby the action needs to be pulled and should not be part of the employee's OPF. Will there be any discussion with the community as a group re this requirement. A: Randy indicated that this was not planned for October and he will follow-up on the status of the project. FQ: Will there be follow-up update to the community? A: Yes

B. TR- Will NFC, POI, or EEX to match the electronic accounts to bond accounts (e.g., if you close your bond account with Treasury and your allotment is still open OR if you stop the allotment, will the bond be issued)? A: The funds would be returned as account not valid. Basic rules for allotments will apply.

C. DHS-CPB is interested in client opinion on EPP and ESS regarding the Personnel Benefits Statements. Can a retirement calculator be added? DHS-CPB is going off EEX. A: Isn't there a link to OPM calculator? NFC was also looking into COTS packages that might be able to do this. Some of those NFC has reviewed so far do not necessarily include all options. Penny indicated that NFC is looking into making the employee benefits statements more inter-active.

XIV. Attendees

A. Clients

1. In person - Ag, ARC, CFTC, CSOSA, DHS, DOC, FEC, FDIC, FMCS, GAO, HUD, NCPC, NEA, Peace Corps, PTSA, SBA, Smithsonian, & Treasury

2. Via telephone - DOJ, IBWC, & TR-BPD

B. NFC Representatives

1. In person - Jo Bonner, Jim Julian, Cliff Lee, Mark Liegey, Christy Pichon, Jody Nyers, & Randy Speed

2. Via telephone - Penny Forbes, Randy Gonzales, Jules Leaumont, & Donna Speed