HomeMy WebLinkAbout20200604.tiffChloe Rempel
From:
Sent:
To:
Cc:
Subject:
Hi Jan,
Don Sandoval
Thursday, January 28, 2021 12:38 PM
Jan Warwick
Chloe Rempel; Mariah Higgins
RE: February CTB Temp Status Update
HUD has approved access to the IDIS system. They did not sign' the document. Please make a note that the document
is finalized.
Thanks for all you do,
Don
Don Sandoval
CDBG Manager
1150 O Street
PO Box 758
Greeley, CO 80632
Phone: 970 400-4480
Cell: 970 590-0423
dosandoval a(�weldgov.com
Confidentiality Notice: This electronic transmission and any attached documents or other writings are intended only for
the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise
protected from disclosure. If you have received this communication in error, please immediately notify sender by return
e-mail and destroy the communication. Any disclosure, copying, distribution or the taking of any action concerning the
contents of this communication or any attachments by anyone other than the named recipient is strictly prohibited.
From: Jan Warwick <jwarwick@weldgov.com>
Sent: Thursday, January 28, 2021 11:08 AM
To: Don Sandoval <dosandoval@weldgov.com>
Cc: Chloe Rempel <crempel@weldgov.com>; Mariah Higgins <mhiggins@weldgov.com>
Subject: February CTB Temp Status Update
Good morning,
This email serves as a status update for documents from the Commissioner's Agenda that are pending final
signatures from various sources. When final signatures are obtained, please remember to send a copy to the
Clerk to the Board's Office to ensure the Commissioners' final Resolution is signed, the Resolution is
distributed, and the complete document is finalized. The query included items pending as of today's date, so
there are items from recent Agendas that understandably may not have final signatures yet.
1 a00 — OCoOH
F --T. OO-7
ON/111 Approval No, 2506-0171 exp 04/30/202O
IDIS OnLine Access Request
U.S. Department of Housing and Urban Development
Office of Community Planning and Development
GRANTEE & REQUESTOR INFORMATION
REQUEST TYPE
Privacy Act Statement: Public Law 97-255, Financial Integrity Act, 31 U.S.C 3512, authorizes
the Department of Housing and Urban Development (HUD) to collect all the information
which will be used by HUD to protect disbursement data from fraudulent actions. The
purpose of the data is to safeguard the Integrated Disbursement and Information System
(IDIS) from unauthorized access. The data are used to ensure that individuals who no longer
require access to IDIS have their access capability promptly deleted. This information will
not be otherwise disclosed or released outside of HUD, except as permitted or required by
law Failure to provide the information requested on the form may delay the processing of
your approval for access to IDIS.
Public Reporting burden for this information collection is estimated to average 3O minutes
including time for collecting, reviewing, and reporting data. HUD may not collect this
information, and respondents are not required to complete this form, unless it displays a
currently valid OMB Control Number
Role to be Performed by Head_ carters Role to be Performed by Field or Local IDIS Administrator
New Request
Renew Lapsed ID
Change Name
Add Access for Another Grantee
Please create a five digit pin that will be used for password
Requestor's Name (Last, First, MI):
Sandoval, Donald, E
Office Address:
1150 O Street, PO Box 758, Greeley, CO 80632
Grantee Name in IDIS:
Weld County Colorado
Please Mark All Necessary Functions & Programs
Authorized
Functions
Set Up Activity
Approve Drawdown
CDBG HOME
HESG HCPWA-C
Drop from IDIS _
Change Function or Program Area [J
resets.
Office E-mail Address:
dosandoval@weldgov,com
Office Phone:
970 400 4480
GRANTEE TYPE
City [J County
State
Request Drawdown
Local IDIS Administrator /l
ESG bJ HOPWA
HTF
Other:
ext.:
1Non-Profit i JSub Grantee*
If other, please specify name of program
*Approval of State Sub Grantee Request -- CPD State Coordinator or State Official name, signature and date:
Name: Signature: Date:
Con Plan: Create/Edit/Submit L) Edit
Caper: Create/Edit/Submit Edit
IDIS Online Rules of Behavior
September 14, 2015
View
View
Introduction
This Rules of Behavior (RoB) procedure was developed as a guide to ensure that all users of IDIS Online are made aware of their security
responsibilities before accessing IDIS Online. The RoB defines responsibilities and procedures for secure use of IDIS Online. By reading
and acknowledging these rules, users accept the responsibility to protect IDIS Online and data. Users are accountable for their actions
and the requirements to protect ID'S Online data and equipment from both malicious and accidental loss and damage. These rules
clearly delineate the responsibilities of and expectations for all individuals with access to IDIS Online, Non-compliance with these rules will
be enforced through sanctions commensurate with the level of infraction,
Responsibilities
All authorized users who have access to IDIS Online are required to read, acknowledge understanding, and sign the RoB before accessing IDIS
Online and associated data. This acknowledgement must be completed annually thereafter.
By agreeing to and signing these rules, the user signifies:
1. Understanding that access is given only to IDIS Online to which the user requires access in the performance of their official duties
and the user will not attempt to access systems they are not authorized to access.
o nsesint ► oh,
IaC)
ALf. PREVIOUS VERISONS OF IHIS FORM WILL NOT BE ACCEPTED OR PROCESSEDea 6310 01-7(-
2020-0604
F10077
d-/�i-o2o
2. Understanding of the IDIS Online Rules of Behavior (IDIS RoB) security requirements.
3. Acknowledgement that disciplinary action may be taken based on violation of the IRIS RoB.
The IDIS Online System Security Administrator (SSA) verifies that the users who require access to IDIS Online have read and
accepted (via signature on the acceptance form) this IRIS RoB.
Other Policies and Procedures
This IDIS RoB is intended to enhance and further define the specific rules each user must follow while accessing IDIS Online. The rules are
consistent with the policy and procedures described in the following directives:
Revision of OMB Circular No. A-130, Transmittal No, 3, Appendix
Ill, "Security of Federal Automated Information Resources."
Privacy Act of 1974, as amended, 5 U.S.C. § 552a
18 USC 1030(a)4, "Accessing to Defraud and Obtain Value
NISI Special Publication 800-18 - Revision 1, Guide for
Developing Security Plans for Information Technology Systems,
February 2006
HUD Information Technology Security Policy Handbook
Application Rules
Because written guidance cannot cover every contingency, you are asked to go beyond the stated rules, using your best judgment
and highest ethical standards to guide your actions. These rules are based on Federal laws and regulations and HUD policies. As
such there are consequences for non-compliance. The following IDIS RoB is the minimum rules for users who are requesting an IDIS
Online user account:
https://www.whitehouse.gov/omb/circulars a130 al3ppre
http://www.iustice.gov/opcl/privacy-act-1974
http://www.gpo,gov/fdsys/gra n ule/USCODE-2010-titlel8/USCO DE-
2010-titlel8-parts-cha p47-sec1030/content-detail.html
http://csrc. n ist.gov/publications/nistpu bs/800-18-Rev 1/sp800-18-
Rev1-final.pdf
http://portal.hud.gov/hudoortal/HUD7src=/program offices/admin
istratian/hudclips/handbooks/cio/2400.25
1. You are aware of the existence of and penalty for violating 18 USC 1030 and abide by:
a. The elements of 18 USC 1030(a)4, "Accessing to Defraud and Obtain Value" are:
I, Knowingly accessing a protected computer without or in excess of authorization;
ii. With intent to defraud;
iii. Access furthered the intended fraud; and
iv. Obtain anything of value
b. The penalty for violating this statute includes a fine and imprisonment of not more than ten years, or both.
2. You must adhere to HUD's policy requiring a separation of duties between the requestor and approver for financial
transactions:
a. Effective December 14, 2001, the same person can no longer both request and approve a given draw down in IDIS
Online.
b. While individual persons may have the power to both request and approve draws, this rule prevents an individual
from approving a draw that he or she created. IDIS Online requires two people to be involved in every draw down
of funds.
3. Currently, the IDIS Online Local Administrator initially defines what a person can do in IDIS Online, carrying out the
wishes of each grantee's authorizing official — mayor, grant holder, CEO, CFO, etc. Some users have full rights, while
others have limited rights of various kinds. You understand that you are given access only to IDIS Online to which you
require access in the performance of your official duties and that you will not attempt to access systems that you are not
authorized to access.
4. You are prohibited from misusing IDIS Online, i.e,, exceeding your authority, Your level of access to IDIS Online is limited to
ensure your access is not more than necessary to perform your legitimate tasks or assigned duties, If you believe you are
being granted access that you should not have, you must immediately notify the IDIS Online SSA via email at
1dlsUseridRequests Chud.gov.
5. You must immediately notify your Supervisor, CPD Field Office Administrator, and/or your Local Grantee Administrator if
your access/privilege are no longer required, termination, promotion, and transferred.
6. You must maintain the confidentiality of your authentication credentials such as your password. Do not reveal your
authentication credentials to anyone and do not record passwords on paper or in electronic form.
7. You must report all security incidents or suspected incidents (e.g., lost passwords, improper or suspicious acts) related to
IDIS Online to the HUD Computer Incident Response Team at CIRT@hud.gov.
8. Your IDIS Online password expires every 90 days, so ensure you access IDIS at least once a month. Users who do not use
IDIS within a 90 day period will find their accounts are de -activated.
AU. PREVIOUS VERISONS GA Tin EDAM Will NOT CE ACCEP If DOH PROCESSED. HUD FORM %7053{ 0S.1S.20lI
Page l of
9. You must follow proper logon/logoff procedures. You must manually logon to your session; do not store your password
locally on your system or utilize any automated logon capabilities. You must promptly logoff when session access is no
longer needed. If a logoff function is unavailable, you must close your browser. Never leave your computer unattended
while logged into IDIS Online,
10. You must not establish any unauthorized interfaces between IDIS Online and other non -HUD systems.
11. Your access to IDIS Online constitutes your consent to the retrieval and disclosure of the information within the scope of
your authorized access, subject to the Privacy Act, and applicable Federal laws.
12. You must safeguard IDIS Online resources against waste, loss, abuse, unauthorized use of disclosure, and misappropriation.
13. You must not process classified national security information on IDIS Online,
14, You must not browse, search or reveal IDIS Online data except in accordance with that which is required to perform your
legitimate tasks or assigned duties. You must not retrieve data, or in any other way disclose data, for someone who does
not have authority to access that information.
15. By your signature or electronic acceptance (such as by clicking an acceptance button on the screen), you must agree to these
rules
User Acknowledgement and Certification- I acknowledge and certify that:
1. I understand the IDIS RoB and Federal Government policies as set forth above regarding security awareness and practices
when accessing and utilizing IDIS Online.
2 I have read and understand the IDIS RoB governing my use of IDIS Online and agree to abide by them.
3, I understand my responsibilities and the penalties for NOT ADHERING to the IDIS RoB,
4. I understand that failure to comply will result in disciplinary action against me which may include, but are not limited to, a
verbal or written warning, removal of system access, reassignment to other duties, demotion, suspension, reassignment,
termination, and possible criminal and/or civil prosecution.
Requestor Name:
Don Sandoval
GRANTEE APPROVING OFFICIAL
Approving Official's Name:
Mike Freeman
Signature:
Title:
Chair, Weld County Board of Commissioners
Office Phone:
970-400-4200
ext.:
Office Address: (Street, City, State, Zip)
1150 0 Street, Gre
Signature
Date: 02/19/2020
I authorize the person above to have access to IDIS functions checked.
HUD FIELD OFFICES
Field Office Approval (CPD Director or Designee)
Name:
Signature:
Don Sa 1 'doI Digitally signed by Don Sandoval
6JJ Date: 2020 02 13 11:00:02 -07'00'
Date:
i _
NOTARY
The Approving Official's signature must be notarized to
verify the identity of the individual who signed this
document using the appropriate notary certificate of the
state, territory or insular area. Once completed, attach
the completed notary certificate to this form and send
to your local HUD CPD Field Office. If your state,
territory or insular area does not require a notary
certificate, use the space below.
Date: 02/19/2020
Signature
r
r �T
ESTHER E. GESICK
NOTARY PUBLIC
STATE OF COLORADO
NOTARY ID 19974016478
MY COMMISSION EXPIRES SEPT. 29, 2021
Date:
All PREVIOUS VERISONS OF IRIS FORM WILL. NOT BE ACCEPTED OR PROCESSED HUD FORM 27055 ( 05-15-2017)
Page 3 of 3
i
4°2oo2d _cc S
OMB Approval No. 2506-0171 exp 04/30/2020
IDIS OnLine Access Request
U.S. Department of Housing and Urban Development
Office of Community Planning and Development
GRANTEE & REQUESTOR INFORMATION
REQUEST TYPE
Privacy Act Statement: Public Law 97-255, Financial Integrity Act, 31 U.S.C. 3512, authorizes
the Department of Housing and Urban Development (HUD) to collect all the information
which will be used by HUD to protect disbursement data from fraudulent actions. The
purpose of the data is to safeguard the Integrated Disbursement and Information System
(IDIS) from unauthorized access. The data are used to ensure that individuals who no longer
require access to IDIS have their access capability promptly deleted. This information will
not be otherwise disclosed or released outside of HUD, except as permitted or required by
law. Failure to provide the information requested on the form may delay the processing of
your approval for access to IDIS.
Public Reporting burden for this information collection is estimated to average 30 minutes
including time for collecting, reviewing, and reporting data. HUD may not collect this
information, and respondents are not required to complete this form, unless it displays a
currently valid OMB Control Number.
Role to be Performed by Headquarters Role to be Performed by Field or Local IDIS Administrator
New Request ❑ Drop from IDIS ❑
Renew Lapsed ID ❑ Change Function or Program Area ❑
Change Name ❑
Add Access for Another Grantee ❑
Please create a five digit pin that will be used for password resets. [ ] [ ] [ ] [ ] [ ]
Requestor's Name (Last, First, MI):
Sandoval, Donald, E
Office Address:
1150 O Street, PO Box 758, Greeley, CO 80632
Grantee Name in IDIS:
Weld County Colorado
Please Mark All Necessary Functions & Programs
Set Up Activity
Approve Drawdown ❑
Authorized
Functions
Program
reas
Office E-mail Address:
dosandoval@weldgov.com
Office Phone:
970 400 4480
ext.:
GRANTEE TYPE
City ❑ County State ❑Non -Profit Sub Grantee*
Request Drawdown
Local IDIS Administrator VI
CDBG HOME ❑ ESG ❑ HOPWA ❑
HESG ❑ HOPWA-C ❑ HTF
Other:
If other, please specify name of program
*Approval of State Sub Grantee Request — CPD State Coordinator or State Official name, signature and date:
Name: Signature: Date:
Con Plan: Create/Edit/Submit Edit ❑ View ❑
Caper: Create/Edit/Submit Edit ❑ View ❑
IDIS Online Rules of Behavior
September 14, 2015
Introduction
This Rules of Behavior (RoB) procedure was developed as a guide to ensure that all users of IDIS Online are made aware of their security
responsibilities before accessing IDIS Online. The RoB defines responsibilities and procedures for secure use of IDIS Online. By reading
and acknowledging these rules, users accept the responsibility to protect IDIS Online and data. Users are accountable for their actions
and the requirements to protect IDIS Online data and equipment from both malicious and accidental loss and damage. These rules
clearly delineate the responsibilities of and expectations for all individuals with access to IDIS Online. Non-compliance with these rules will
be enforced through sanctions commensurate with the level of infraction.
Responsibilities
All authorized users who have access to IDIS Online are required to read, acknowledge understanding, and sign the RoB before accessing IDIS
Online and associated data. This acknowledgement must be completed annually thereafter.
By agreeing to and signing these rules, the user signifies:
1. Understanding that access is given only to IDIS Online to which the user requires access in the performance of their official duties
and the user will not attempt to access systems they are not authorized to access.
ALL PREVIOUS VERISONS OF THIS FORM WILL NOT BE ACCEPTED OR PROCESSED. HUD FORM 27055 105-15-20171
Page 1 of 3
2. Understanding of the IDIS Online Rules of Behavior (IDIS RoB) security requirements.
3. Acknowledgement that disciplinary action may be taken based on violation of the IDIS RoB.
The IDIS Online System Security Administrator (SSA) verifies that the users who require access to IDIS Online have read and
accepted (via signature on the acceptance form) this IDIS RoB.
Other Policies and Procedures
This IDIS RoB is intended to enhance and further define the specific rules each user must follow while accessing IDIS Online. The rules are
consistent with the policy and procedures described in the following directives:
Revision of OMB Circular No. A-130, Transmittal No. 3, Appendix
III, "Security of Federal Automated Information Resources."
' https://www.whitehouse.gov/omb/circulars a130 a130pre
Privacy Act of 1974, as amended, 5 U.S.C. § 552a
' http://www.justice.gov/opcl/privacv-act-1974
18 USC 1030(a)4, "Accessing to Defraud and Obtain Value
http://www.gpo.gov/fdsys/granule/USCODE-2010-title18/USCODE-
2 010-t i t l e l8 -p a rtl -c h a p47 -sec 103 0/content-detail . h t m l
NIST Special Publication 800-18 - Revision 1, Guide for
Developing Security Plans for Information Technology Systems,
February 2006
http://csrc.nist.gov/publications/nistpubs/800-18-Rev1/sp800-18-
Revl-final.pdf
HUD Information Technology Security Policy Handbook
I http://portal.hud.gov/hudportal/HUD?src=/program offices/admin
istration/hudclips/handbooks/cio/2400.25
Application Rules
Because written guidance cannot cover every contingency, you are asked to go beyond the stated rules, using your best judgment
and highest ethical standards to guide your actions. These rules are based on Federal laws and regulations and HUD policies. As
such there are consequences for non-compliance. The following IDIS RoB is the minimum rules for users who are requesting an IDIS
Online user account:
1. You are aware of the existence of and penalty for violating 18 USC 1030 and abide by:
a. The elements of 18 USC 1030(a)4, "Accessing to Defraud and Obtain Value" are:
i. Knowingly accessing a protected computer without or in excess of authorization;
ii. With intent to defraud;
iii. Access furthered the intended fraud; and
iv. Obtain anything of value
b. The penalty for violating this statute includes a fine and imprisonment of not more than ten years, or both.
2. You must adhere to HUD's policy requiring a separation of duties between the requestor and approver for financial
transactions:
a. Effective December 14, 2001, the same person can no longer both request and approve a given draw down in IDIS
Online.
b. While individual persons may have the power to both request and approve draws, this rule prevents an individual
from approving a draw that he or she created. IDIS Online requires two people to be involved in every draw down
of funds.
3. Currently, the IDIS Online Local Administrator initially defines what a person can do in IDIS Online, carrying out the
wishes of each grantee's authorizing official — mayor, grant holder, CEO, CFO, etc. Some users have full rights, while
others have limited rights of various kinds. You understand that you are given access only to IDIS Online to which you
require access in the performance of your official duties and that you will not attempt to access systems that you are not
authorized to access.
4. You are prohibited from misusing IDIS Online, i.e., exceeding your authority. Your level of access to IDIS Online is limited to
ensure your access is not more than necessary to perform your legitimate tasks or assigned duties. If you believe you are
being granted access that you should not have, you must immediately notify the IDIS Online SSA via email at
IdisUseridRequests@hud.gov.
5. You must immediately notify your Supervisor, CPD Field Office Administrator, and/or your Local Grantee Administrator if
your access/privilege are no longer required, termination, promotion, and transferred.
6. You must maintain the confidentiality of your authentication credentials such as your password. Do not reveal your
authentication credentials to anyone and do not record passwords on paper or in electronic form.
7. You must report all security incidents or suspected incidents (e.g., lost passwords, improper or suspicious acts) related to
IDIS Online to the HUD Computer Incident Response Team at CIRT@hud.gov.
8. Your IDIS Online password expires every 90 days, so ensure you access IDIS at least once a month. Users who do not use
IDIS within a 90 day period will find their accounts are de -activated.
ALL PREVIOUS VERISONS OF THIS FORM WILL NOT BE ACCEPTED OR PROCESSED. HUD FORM 27055 (05-15-2017)
Page 2 of 3
9. You must follow proper logon/logoff procedures. You must manually logon to your session; do not store your password
locally on your system or utilize any automated logon capabilities. You must promptly logoff when session access is no
longer needed. If a logoff function is unavailable, you must close your browser. Never leave your computer unattended
while logged into IDIS Online.
10. You must not establish any unauthorized interfaces between IDIS Online and other non -HUD systems.
11. Your access to IDIS Online constitutes your consent to the retrieval and disclosure of the information within the scope of
your authorized access, subject to the Privacy Act, and applicable Federal laws.
12. You must safeguard IDIS Online resources against waste, loss, abuse, unauthorized use of disclosure, and misappropriation.
13. You must not process classified national security information on IDIS Online.
14. You must not browse, search or reveal IDIS Online data except in accordance with that which is required to perform your
legitimate tasks or assigned duties. You must not retrieve data, or in any other way disclose data, for someone who does
not have authority to access that information.
15. By your signature or electronic acceptance (such as by clicking an acceptance button on the screen), you must agree to these
rules
User Acknowledgement and Certification— I acknowledge and certify that:
1. I understand the IDIS RoB and Federal Government policies as set forth above regarding security awareness and practices
when accessing and utilizing IDIS Online.
2. I have read and understand the IDIS RoB governing my use of IDIS Online and agree to abide by them.
3. I understand my responsibilities and the penalties for NOT ADHERING to the IDIS RoB.
4. I understand that failure to comply will result in disciplinary action against me which may include, but are not limited to, a
verbal or written warning, removal of system access, reassignment to other duties, demotion, suspension, reassignment,
termination, and possible criminal and/or civil prosecution.
Requestor Name:
Don Sandoval
Signature:
Don Sandoval
Digitally signed by Don Sandoval
Date: 2020.02.13 11:00:02 -07'00'
Date:
GRANTEE APPROVING OFFICIAL
Approving Official's Name:
Mike Freeman
Title:
Chair, Weld County Board of Commissioners
Office Phone: ext.:
970-400-4200
Office Address: (Street, City, State, Zip)
1150 O Street, Greeley, CO 80631
Signature.
Mike Freeman
Digitally signed by Mike Freeman
Date: 2020.02.19 1336:59 -0700'
Date: 02/19/2020
I authorize the person above to have access to IDIS functions checked.
HUD FIELD OFFICES
Field Office Approval (CPD Director or Designee)
Name:
Signature:
NOTARY
The Approving Official's signature must be notarized to
verify the identity of the individual who signed this
document using the appropriate notary certificate of the
state, territory or insular area. Once completed, attach
the completed notary certificate to this form and send
to your local HUD CPD Field Office. If your state,
territory or insular area does not require a notary
certificate, use the space below.
Date: 02/19/2020
Signature:
Esther Gesick
Digitally signed by Esther Gesick
Date: 2020.0119 14:00:20 -0100'
Date:
ALL PREVIOUS VERISONS OF THIS FORM WILL NOT BE ACCEPTED OR PROCESSED.
Page 3 of 3
HUD FORM 27055(05-15-2017)
Hello