Fiscal Intermediary, Carrier and Part A and Part B Medicare Administrative Contractor's who require access to select CMS enterprise applications must register in the CMS Individuals Authorized Access to the CMS Computer Services (IACS) security system.

In order to protect CMS and user information, all users must register and be approved in CMS' security system prior to accessing applications. IACS is the security system CMS uses to register users and control issuance of User IDs, passwords and access to CMS web-based applications.

IACS is an enterprise security solution that will be deployed to individuals requiring access to many of CMS' applications.  The primary objective of the IACS framework is to enable greater information access for CMS' application users while providing a higher degree of security across the CMS enterprise.  IACS will help CMS improve customer service by simplifying interactions for individual users. 

In the present environment, an individual user needing access to multiple applications may need to log in to each application with different user IDs and passwords.  The IACS solution will provide one single user ID and password for each user, regardless of how many applications they access. 

Trust is a critical component within the IACS system.  The contractor's self-designated Security Official (SO) will be considered a trusted CMS business partner, and will assume the responsibility to ensure that users they approve within their organization are allowed to use IACS, as well as CMS' applications.  If a CMS business partner (ex. SO) trusts a user, then through a model of delegated authority, IACS can be certain to trust them as well.  The intent of IACS is to establish and follow a chain-of-trust from CMS to the business partner organization, to the SO, to the User Group Administrators (UGAs), to the end-users. 

IACS uses a self-registration process. The self-registration process that you will follow will depend in part on your relationship to CMS.

Community Concept

IACS communities are comprised of groups of users who have a similar relationship to CMS and who need access to similar applications (ex. FI employees who need access to FI-related CMS applications). There are various community concepts such as the high-level structure, roles, and rules for each role which are important to understand.

High-Level Community Structure:

Within IACS, a community will be established for CMS' application users with the FI/Carrier/A/B MAC organizations.  The community will consist of organizations represented by each FI, carrier and A/B MAC contractor.  Each FI, carrier and A/B MAC will need to establish an Organization and an SO (and a Backup Security Official or BSO, if desired) who will be responsible for all end-users within their purview.

After the high-level (FI, Carrier or A/B MAC) Organization and SO are established in IACS, User Groups within that organization can be established along with User Group Administrators (UGAs) to manage each user group.  The intent of the User Groups within the larger organization is to allow for the organization to create sub-groups (with separate approvers called UGAs) to manage and approve users in each user group.  The organization can choose to set up their IACS User Groups along any method they elect to best position themselves for approval of users into each group.

Once User Groups and UGAs are established under the Organization and SO, end-users now come in and join the Organization and the appropriate User Group.  Specifically, end-users can perform the IACS self-registration process, thereby, associating themselves to the appropriate Organization and User Group.  This association in IACS enables the system to request approval from the appropriate approver in the chain (SO would approve the UGAs and the UGA would approve end-users).  In this way, a chain of trust is established, whereby, all end-users are known by their immediate approver (UGA) and the UGAs are known by the SO, and the SO is known by CMS. 

The Organization may also establish "Application Approvers" within the User Groups to create individuals who will approve the end users into specific CMS applications.  The only limitation is that the person acting as the Application Approver cannot also be a user of that same application.  For example, an Organization may elect to have a PS&R Application Approver.  This person would approve all users into the PS&R application (as an additional layer of security and approval), but that approver (Application Approver) him or herself would not be able to access the PS&R application. 

Expectations of IACS Security Officials and User Group Administrators

The specific terms and conditions that the various roles are expected to abide by will be presented to the user when they are going through the IACS registration process. They should read the terms and conditions carefully and then either "Accept" or "Decline" them.

Security Officials (SO's) will need to self register into IACS using a CMS provided URL (see the URL under the "Related Links Inside CMS" portion at the bottom of this page).  Each SO will then be approved by personnel in CMS and a User ID will be assigned/e-mailed to the SO. 

Once the SO establishes their Organization and is approved into IACS, the SO will be expected to approve all BSOs and UGAs.  Each of these FI, carrier, and A/B MAC personnel will self-register in the IACS System (through the same URL listed below) and will then be provided a new IACS User ID via e-mail once they are approved. 

The registration process for PS&R users may begin as soon as the FI and A/B MAC organizations are created.  For this reason, it is imperative that the SOs be identified and registered first, soon to be followed by UGAs and eventually end-users.  

The Downloads section, below, lists IACS Quick Reference Guides applicable to the FI/Carrier/MAC Community.  These guides provide users with information and instructions to register in IACS and request access to CMS application(s) available to your user community.  The guides are provided in standard and accessible versions according to the 1998 Amendment to Section 508 of the Rehabilitation Act.  The displayed titles show "Standard" and "508 Accessible", respectively.  Please contact your Help Desk if you have any questions on the IACS' guides or system functionality.

Downloads
Standard IACS Security Official New User Registration Quick Reference Guide; July 2008 [PDF, 443 KB] 508 Accessible IACS Security Official New User Registration Quick Reference Guide; July 2008 [PDF, 66 KB] Standard IACS Backup Security Official New User Registration Quick Reference Guide; July 2008 [PDF, 440 KB] 508 Accessible IACS Backup Security Official New User Registration Quick Reference Guide; July 2008 [PDF, 80 KB] Standard IACS User Group Administrator New User Registration Quick Reference Guide; July 2008 [PDF, 462 KB] 508 Accessible User Group Administrator New User Registration Quick Reference Guide; July 2008 [PDF, 62 KB] Standard IACS End User Registration New User Quick Reference Guide; July 2008 [PDF, 448 KB] 508 Accessible IACS End User Registration New User Quick Reference Guide; July 2008 [PDF, 58 KB] Standard IACS Request Access to a CMS Application Quick Reference Guide; July 2008 [PDF, 176 KB] 508 Accessible IACS Request Access to a CMS Application Quick Reference Guide; July 2008 [PDF, 29 KB] Standard IACS Approver Quick Reference Guide; July 2008 [PDF, 146 KB] 508 Accessible Approver Quick Reference Guide; July 2008 [PDF, 36 KB]
Related Links Inside CMS
CMS Applications Portal
Related Links Outside CMS
There are no Related Links Outside CMS

Page Last Modified: 09/03/2008 8:26:37 AM
Help with File Formats and Plug-Ins