Is the User to Company Association Done for One Agency the Same for Another
NCID Integration Questionnaire
Phone Number-- extension -
Application InformationApplication/Project Name
Purpose of Application
Application Type: "In House"COTS - NO Changes AllowedCOTS - Changes AllowedGOTS - NO Changes AllowedGOTS - Changes AllowedOtherIf other, please explain
Project InformationImplementation timeline
Application Status New ApplicationExisting Application
SB991 Project Project Number Approved
Approval (projected) Date
Management Approved Planned Approval Date (MM/DD/YY)
Budget Approved Planned Approval Date (MM/DD/YY)
Separate Application Environments that are or will be available:
Lab Development Pre Production/UAT Production
Application Architecture: Attach a diagram which should contain the following
- Network links
- Database server and OS
- Application server and OS
- Presentation (GUI) server and OS
- Are any of the servers hosted by some other entity, if so show which one(s) and indicate where
- Any other architecture information
User Administration, Authentication, Authorization and Auditing InformationCurrent user management method (if applicable)
Can it be disabled? YesNoNot Sure
Current authentication and authorization method and data store for user accounts (if applicable)
Can it be disabled? YesNoNot Sure
User base for the application
User Type / Users Already in NCID / Estimated Number of Users
Initial 1 / Year 2 / Year 3 / Year 5
State Employees / YesNoNot Sure
Local Government Employees / YesNoNot Sure
Business / YesNoNot Sure
Individual / YesNoNot Sure
TOTAL / 0 / 0 / 0 / 0
If State or Local Government Employees will constitute the bulk of the users, please list the agencies that will have the majority of the end users.
Type of authentication neededID and Password
Type of authorization neededRule
Time of Day
Process for approving access to application (Business Requirements)
Business continuity requirements
Enter your business contact information.
Application/Project Name: The common name that the application, service or system is known by. How the system is commonly referred to by most people.
Sponsor/Owner’s Name: The sponsor is the business owner of the application or service.
Purpose of Application: A high level summary of what the application does. Who uses the system, and the services the system provides.
Application Description: A brief outline of the inputs, process, and outputs of the system. What other systems depend on this system. Is this system dependent on other systems or services?
Application Type: Has (or will) this application be developed by staff or contractors, or is it a purchased software package? If it is purchased, is it government off the shelf? Does your agency own the code and are you allowed to make changes to it?
Implementation timeline: Please give a high level outline of the requirements gathering, planning, design phases, implementation, testing and release dates and dependencies.
Application Status: Is this an enhancement to an existing system or a completely new service/application?
SB991 Project: Does this application or project fall under the SB991 rules? If so please provide the project number. Has it been approved? If this is a SB991 project, please provide the project approval date or the anticipated approval date.
Management Approved: Has your agency’s management approved the project? If so please attach the information that shows this approval. If not, please enter planned approval date.
Budget approved: Has your agency budgeted for the project? If not, please enter the date you expect budgetary approval.
Separate Application Environments that are or will be available. Indicate, using the four check boxes which, separate, environments your application has or plans to have. Lab is generally an area that system support test patches and updates. Development is where application programmers generally develop and test code changes. Pre production or user acceptance testing is the environment where application owners test changes and functions before moving to production. Pre production generally closely replicates the production environment. Production is the environment that the application actually runs in for general day to day use.
Application Architecture: Please attach a diagram with the information requested depicted on it. If this is a SB991 project and you have submitted the architecture information, you can attach a copy of that or we will obtain a copy from the EPMO.
User Administration, Authentication, Authorization and Auditing Information
Current User Management Method: What type of management system is used to administer users in the current system? An example would be RACF or database with a GUI interface. Can this be disabled or removed from user access?
Current Authentication and Authorization Method and Storage: Please indicate the type or types of A&A the system can or does use. Examples are: ID with password and then a database lookup for authorization. Each user is individually flagged with rights and stored in the applications own database. Can this be disabled or removed from user access?
User Types: For each type of user listed, please indicate where the bulk of the users are already in the NCID system (for other application access) or not. In addition, indicate the number of users you anticipate for the first 6 months. Then indicate the total number of application users for each type in years two, three and five.
State and Local Government Employees: If state and local government users will be in the system in anysubstantial number, please indicate the agencies and total users for each.
Load Distribution: in this section indicate the normal load distribution in a day, week, month, and year. Are their peak demand times and if so when?
Type of Authentication and Authorization Needed: Indicate the type of authentication and coarse grain authorization you are requiring from NCID. Fine grained authorization, if required, will need to be implemented by the application.
Process of Approving Application Access: Briefly describe the business rules for granting access to the application. Is it done with direct supervisor approval, management approval, paper form, etc?
Auditing Requirements: Briefly describe the auditing requirements from a user access perspective. How long are logs required to be kept and in what form? Is there a time demand for getting audit information?
Security Requirements: Are there any special security requirements pertaining to authentication and authorization?
Business Continuity Requirements: It there were a disaster or service interruption, what are the requirements for having the system access restored?