Home Site Map Contact Us Benefit Online Services Benefit Forms & Publications  
Introduction
"" Background
"" What is in this report
  "" What is not included in this report
"" ERS Security Categorization
"" Assurance Level 2 Authentication
"" Summary
RELATED LINKS
'' Employer Online Services
'' ERI Security Guidelines
'' LRI Security Guidelines
Employer Reporting System (ERS)
Security Categorization and E-Authentication
Introduction View this document in PDF
 
To view and download PDF documents, you need the free Acrobat Reader Read RRB's external link disclaimer
. We recommend using the latest version.
Viewers with visual disabilities can go to Adobe's Access Website Read RRB's external link disclaimer
. for tools and information that will help make PDF files accessible.
Background

The Employer Reporting System (ERS) is a web-based system for use by employers covered under the Railroad Retirement and Railroad Unemployment Insurance Acts (the Acts) in exchanging information with the Railroad Retirement Board (RRB.)

Ultimately, the RRB will provide employers a paperless option(s) for filing forms with the RRB; receiving notices from the RRB; and receiving and replying to requests from the RRB. The web-based system will be provided to employers in addition to other media available for exchanging information with the RRB. The paper forms, systems, and processes that are currently being used to send and receive forms via other media will still be available. The existing legacy systems have their own security.

ERS includes a roles-based authorization access system, a Pin/password authentication system, a security tracking and tracing system, and an e-mail notification system. The roles-based access is determined for each application on the system based on whether the applicant’s job duties (role) require access to that application.

The ERS system security will be evaluated using the guidelines established by NIST SP800-63. The ERS system will be part of the ‘Employer Reporting’ assessable unit and will be regularly tested and evaluated as part of that assessment.

What is in this report

This report is limited to issues of authentication. Authentication refers to establishing the identity of an individual and their validity to access ERS. This report begins with the determination of the required authentication assurance level for ERS based on a risk assessment. E-authentication consists of registration, identity proofing, and a token (in this case a password.) The report describes how each of these aspects meets the required assurance level. The report ends with a summary and list of references.

What is not included in this report

This document describes our confidence in the identity of the users of ERS. It does not address any security issues other than authentication. It should also be noted that the validation processing for the mainframe database is not part of this review. This edit-post processing is identical whether data is received via paper, magnetic cartridge, or web forms. Authentication of users of the web-based form DC-1 is not part of this discussion as that form resides on a separate web site and utilize authentication and access controls established by US Bank in conjunction with the US Treasury Department.

Privacy Policy Policies & Links Freedom of Information Act No FEAR Act Data Frequently Asked Questions About Us
Link to USA.gov: The U.S. government's official web portal. U.S. Railroad Retirement Board RRB Seal links to home page
844 North Rush Street
Chicago Illinois, 60611-2092
Telephone: (312) 751-7139 TTY: (312) 751-4701
Contact an RRB office near you
     
     
Date posted: 02/17/2006
Date updated: 02/16/2006