Content Header Image

EIV Security Awareness Training and Online Security Exam Update

by Published On: Dec 13, 2012Updated On: Feb 14, 2014

In August 2013, a U.S. Department of Housing and Urban Development (HUD) RHIIP listserv announced that the online Security Exam that must be passed by both new and existing EIV users to be able to see EIV data for their properties - which pops up the first time new usersy go into EIV; and which existing users see it on their screens approximately one year from the date they previously passed the test - has been temporarily suspended for all users. 

The RHIIP listerv indicated that EIV would show that the person logging in has passed the Security Exam. And that all users shoulds watch for a RHIIP Listserv for updates  We have confirmed that this pop-up exam is still disabled..

This test is totally separate from the online CyberAwareness Course, required for all EIV and TRACS users. That course must be passed (as evidenced by printing a certificate upon completion) each year, and within 30 days for new TRACS users signing the TRACS Rules of Behavior. (more details can be found at the end of this article)

4350.3 Change 4 changed passing the pop-up training from a "must" to a "should".  And, as occupancy specialist and trainer Bonnie Wilpon aptly stated it, "they can't hold you to passing something that's not there."  She went on to say that, if it does pop up, EIV users will need to pass it within 30 days or lose access to EIV data.  

Here's the confirming language from Handbook 4350.3, Change 4 and the new Chapter 9 on EIV:

9-20 Security Training

A. EIV users are required to complete online security training annually. To meet this requirement, EIV users must complete the online Cyber-Awareness Challenge (for DoD and Federal Personnel) training program. At the end of the training, EIV users must print and maintain the Certificate of Completion provided.

The training can be found at http://iase.disa.mil/eta/index.html#onlinetraining. EIV users authorized by owners to have access to EIV on their behalf may also need to complete the applicable online Security Awareness Training Questionnaire for Multifamily Housing Programs upon initial access to the system and annually thereafter.

B. EIV users should:

  1. Review Section 4 on Security contained in the Multifamily EIV User Manual for Multifamily Housing Program Users posted at: http://www.hud.gov/offices/hsg/mfh/rhiip/eiv/usermanual.pdf
  2. Review the EIV Security Administration Manual posted at: http://www.hud.gov/offices/hsg/mfh/rhiip/eiv/securityadminmanual.pdf 
  3. View the Security training provided during the most recent EIV webcast, posted at: http://portal.hud.gov/hudportal/HUD?src=/webcasts/archives/multifamily  

C. Owner and management agent staff who do not have access to EIV but who use EIV reports to perform their job function must have security training annually.

Security Awareness Online Training Program for EIV and TRACS Has Changed

In late November 2012, the module for online security awareness training changed to the Cyber-Awareness Challenge. Those who have trained within the last 12 months need not take this training until their anniversary date requires it. 

Anyone who has access to iMAX, TRACS or EIV through Secure Systems and any staff that may have opportunity to view EIV reports as part of the HUD certification process must complete required Security Awareness Training each year. 

Those who have taken the new training advise that it takes about 60-90 minutes, depending on your system bandwidth. It is formatted like a video game, and it is not entirely focused on HUD systems, so participants will be learning more about some other federal security systems along the way.   

To complete the online security awareness training, please follow the revised steps below.

• Open your internet browser.
• Type http://iase.disa.mil/eta/index.html#onlinetraining
• Press Enter.
• Click on CyberAwareness Challenge (for DoD and Federal Personnel) icon on the IA Education, Training and Awareness screen (this is on the left).
• Click on Launch CyberAwareness Challenge Federal Version to proceed with the training.
• Proceed with the training.

HUD issued RHIIP ListServ #287 on No. 28, 2012, providing this new information. 

Secure Systems Upgrade; Coming FASS deadlines - ALERT

HUD recently updated their Secure Systems Internet Explorer to 7.0.

As part of the upgrade in November 2012, HUD changed the link for Secure Systems log-in.  As a result, the links that you had saved to your "favorites" on the internet may no longer work. Secure Systems is critical for EIV and TRACS access, also for submissions of FASS filings. So, all industry users are advised to check their ability to access Secure Systems.  
According to information HUD REAC staff shared with us today, only browsers of 6.0 and above will be compatible with the software.  With FASS “March Madness” (the deadline for calendar year end automated financial statement submissions) rapidly approaching, your audit firm and/or finance department may also need to know this info.  Therefore, HUD requests that secure systems coordinators update and validate their correct contact information now, before the rush to submit year-end filings is upon us.

FASS-MF has implemented a verification process to allow users to verify and update their email addresses.   These addresses are used to send correspondence to owners.   System coordinators must make sure this information is correct.

This verification process function can be found on the main SECURE SYSTEMS webpage, on the left, under USER MAINTENANCE.   This information can also be accessed on the VERIFICATION SCREEN when an owner’s submission template is created.

The new link is:  Click here for the new link

 



comments powered by Disqus