National Highway Specifications Website

Accessing FHWA Information Systems

PDF Version (0.4 mb)

• I. Introduction

  The Federal Highway Administration (FHWA) has developed several information systems for use by FHWA employees, Federal Motor Carrier Safety Administration (FMCSA) employees, selected State government employees, and other FHWA partners. The FHWA User Profile and Access Control System (UPACS) controls access to these systems.

  The UPACS has two major functions: it provides users with a menu of systems to which they have access and provides authorized personnel a mechanism for granting such access. The UPACS provides access control for FHWA's applications through system-generated User IDs and user-supplied passwords and PINs, in combination with individual access profiles created for users by system owners.

  This document describes how FHWA's partners register for a UPACS User ID and gain access to systems appropriate to their needs.

• II. The UPACS Environment

  The UPACS is accessed via a web browser and is optimized for Internet Explorer version 6.0. A few of FHWA's systems require additional software to be installed on the user's workstation. Information about and downloads for these can be found on the "system requirements" link from the UPACS log in screen.

  Most of the State Departments of Transportation are connected to the FHWA State Extranet and can access the UPACS log in screen using the URL https://fhwapap05.fhwa.dot.gov. State users may be able to be granted access to this connection by contacting the office in their State responsible for network connectivity.

  State users, or users in local governments or highway industry organizations who cannot get access to the FHWA State Extranet can usually access the UPACS log in screen via the Internet using the URL https://apps.fhwa.dot.gov. Some States and local governments have limited the access their employees have to the Internet by use of a firewall. If you are unable to connect to the UPACS login screen via the Internet, the FHWA Network Communications Team can work with your local network communications team to resolve this issue.

• III. What are the UPACS user levels?

  At the administrative level, UPACS controls access to the main systems menu through the UPACS administrator function and to each FHWA system through three levels of system administration and use: owner, sponsor, and user. Descriptions of these functions and their roles in UPACS are as follows:

  • A. What is a UPACS Administrator?

    The UPACS Administrators are FHWA employees or designated contractor personnel who approve registration requests for UPACS User IDs for users in their local office. They also approve requests for State or other users in the same location. In other words, the UPACS Administrator in the FHWA Florida Division can approve users in the FHWA Florida Division and the Florida Department of Transportation, but cannot approve users in the FHWA Georgia Division or the Georgia Department of Transportation. There are UPACS Administrators in all of the FHWA Headquarters offices and field offices.

    In addition to approving registration requests, UPACS Administrators can help reset passwords and PINs, correct user profile information, delete User IDs that are no longer needed, and refer users who need access to systems on the UPACS menu to system sponsors.

  • B. What is a User?

    A user is someone with a User ID and access rights to one or more FHWA systems. Users are granted such rights by system owners (see D. below), whose policies for system use are represented locally by sponsors (see C. below). Rights may vary from system to system for a user, such as, read-only in one system, update in another, and creating and signing documents in a third. Users may be FHWA employees, FMCSA employees, State government employees, or other external partners.

    Users apply for a User ID by completing a registration request, supplying profile information such as name, address, and contact information, and submitting this request to the local UPACS Administrator. Users must agree to the FHWA Terms and Conditions of Use and Rules of Behavior and must notify their UPACS Administrator once they no longer need access to FHWA information systems.

  • C. What is a Sponsor?

    A system owner does not necessarily know all of the users of his/her system. Therefore, FHWA created the role of Sponsor, an FHWA employee who can vouch for the need of a requestor for access to a specific FHWA system, whether that requestor is another FHWA employee, an FMCSA employee, a State partner or other FHWA partner. Similar to UPACS Administrators, Sponsors can only sponsor users located in the same State as their FHWA field office or in their Headquarters office.

    Sponsors are selected by system owners and represent the system owner locally, acting as a liaison between users and the system owner. Sponsors play the critical roles of enforcing system security measures by validating users request for access to a system and forwarding it to the system owner.

  • D. What is an Owner?

    Each FHWA system has one or more system owners. An owner has ultimate responsibility for the system, and approves or denies all system access rights to all users of their system.

    Each owner creates sponsors for his system who will assist with registering and maintaining users of their specific system. The owner registers and approves sponsors, apprises them of responsibilities, and enforces compliance with system and security requirements. The owner reviews and approves all user access change requests forwarded by sponsors and removes rights to the system from sponsors or users.

• IV. How Do I Register in UPACS?

  • A. Prospective User Makes Contact and Completes Registration Request

    Individuals who need access to one of the FHWA information systems must first register for a UPACS User ID.

    1. Access the FHWA Information Systems Login screen located at https://fhwapap05.fhwa.dot.gov on the FHWA State Extranet or https://apps.fhwa.dot.gov on the Internet.
    2. Select Register Now from the login screen, shown in Figure 1., below. Notice there are links to a list of UPACS Administrators, a copy of the Terms and Conditions of Use and Rules of Behavior, System Availability, and System Requirements. Users are also able to reset their password or PIN (for systems that require a PIN) from this screen.

       Figure 1.
       

    3. You will be presented with a screen showing the Terms and Conditions of Use and the Rules of Behavior, displayed in Figures 2 and 3, below. You must accept these Terms and Conditions of User and Rules of Behavior or you will not be allowed to proceed and will not be granted access to any FHWA information systems.

       Figure 2.
       

       Figure 3.
       

    4. In order to direct the registration request to the appropriate UPACS Administrator, you must enter the User ID for the local UPACS Administrator and the your email address in the Registration Identification screen, as shown in Figure 4, then select Next. You can get a complete list of UPACS Administrators by clicking the UPACS Administrator link on this screen.

       Figure 4.
       

    5. Fill in your name, address, and contact information in the Registration Profile screen shown in Figure 5, below.

       Figure 5.
       

       1. For security purposes, you will be asked to enter your secret word and the last four digits of your Social Security Number.

       2. Select your Organization Group from the dropdown list. State users should select State DOT, regardless of whether you are in the State DOT or other department within a state government, see Figure 6 below. Select the refresh link so that you will be presented with Organization options appropriate to your Organization Group.

          Figure 6.
          

       3. Select Organization, if applicable.

       4. Select Submit. This completes the request and submits it for approval.

  • B. UPACS Administrator Reviews and Approves Submittal

    The UPACS system generates an email to the UPACS Administrator whose User ID you entered in step A.4 above, telling him/her there is a request awaiting approval. The UPACS Administrator reviews and verifies submitted information, validating the user through personal or telephone contact, if necessary, and approves the submittal.

  • C. UPACS Assigns a User ID.

    Once your request has been approved, UPACS will create a unique User ID from the user's name and generate a temporary password. The UPACS will send the User ID and information about your temporary password to you at the email address you entered when you registered.

  • D. New User Logs in to UPACS

    You must log in within 10 days of receiving your User ID to activate the User ID or it will be deleted and you will have to resubmit a registration request. The first time you log in, UPACS will require you to replace the temporary password.

• V. How Do I Gain Access to A Secured System?

  Some applications have security that goes beyond having a UPACS User ID. A user is blocked from entering such an application unless he has access rights approved by its owner (See III.D above.) If you are not an FHWA or FMCSA employee, until you have been granted rights to one of FHWA's software applications the only item you will see on your menu when you login is UPACS itself. You can use the UPACS application to update your user profile information at any time.

  • A. Contact A Sponsor

    In order to be granted access to a secured system, you need to contact the local sponsor for the system to which you need access. For example, if you need access to one of our fiscal applications you would contact the Financial Manager in the FHWA Division Office in your state or if you need access to the National Bridge Inventory system you would contact the Bridge Engineer in the FHWA Division Office in your state to sponsor you.

  • B. The Sponsor Verifies Request and Determines Rights

    The sponsor will determine what type of access is needed (e.g. do you only need to be able to view data or do you need to be able to enter data?) and will go into UPACS to request that you be granted that access level. The UPACS will generate a message to the system "owner" in the FHWA Headquarters office telling him/her that you require access and were sponsored by the FHWA employee.

  • C. The Owner Approves Rights

    Once the system owner approves or denies the request, UPACS will notify you and the sponsor via email.

  • D. User Sets Up a PIN

    If the system you access requires a personal identification number (PIN) for electronic signature purposes, you will be required to create a PIN the next time you log in to UPACS.

• VI How are ID's, Passwords and PINs Managed?

  Each user of FHWA systems uses one and only one User ID, which may provide access to multiple applications. A password and, if applicable, a PIN are used in conjunction with the ID. A single PIN is valid for different levels of authority in different systems, as authorized by the owners of those systems.

  • A. How is User ID Constructed?

    A User ID is composed of the first initial plus last name, plus a tie-breaking numeric at the end if needed. It is created when the UPACS Administrator validates and approves the prospective user's request.

  • B. What are the Rules for a Password or a PIN?

    • The UPACS Password and UPACS PIN must contain 12-25 characters with at least one upper case letter, one lower case letter, one numeric digit, and at least one of these special characters (!#$%()*,-./:;=?@[\]^_`{|}~);
    • The UPACS Password and UPACS PIN may not be the same;
    • Both are case-sensitive;
    • They cannot be reused within 12 reset cycles;
    • They must be changed, at a minimum, every 60 days;
    • They can not be changed more than once within a 3 day time period;
    • The User's UPACS Password is locked after three consecutive invalid password entry attempts;
    • The User's PIN (not Password) is locked after three consecutive invalid PIN entry attempts;
    • Both can be reset by the user without external assistance by using the "Reset Password" or "Reset PIN" option;
    • Both must be safeguarded at all times by the user:
      • no entering into a computer or network file
      • no risky network or e-mail transmission
      • no visible display
      • no inadvertent disclosure
      • immediate change if compromised

  • C. When is a PIN Used?

    A PIN is used when special rights, such as creating and/or signing a document or checking off the completion of a sensitive process, are needed within an application. PIN rights are assigned by system sponsors and approved by system owners.

• VI How is Security Maintained?

  The UPACS maintains security by controlling your user sessions and maintaining a log of system entry and exit information for auditing purposes. The UPACS enforces proper User ID, password, and PIN management. User login attempts are monitored; login violations are captured and may result in a User ID being frozen until the password can be properly reinstated.

• VIII How Are Users Removed?

  Users notify sponsors when they no longer require access to a system. An owner or a sponsor can delete a user from an individual application, with or without notice from the user, leaving access to other applications intact.

  Users notify UPACS administrators when they no longer require access to any applications on the menu, e.g., they are terminating employment. A UPACS administrator can delete a user's ID and password, removing all access to FHWA's systems.

• IX Good Tips For Using UPACS

  • A. Interpersonal Communication is Important in this Automated World!

    The most important thing to remember is that even though FHWA has UPACS, an automated system for granting access to our systems, the most important parts of the process are handling through old-fashioned interpersonal communication. It is important that someone in the FHWA Division or Headquarters office knows you personally so that the sponsor will be able find someone to confirm that you truly need access.

  • B. Things to Know When Creating Your User Profile

    A couple other tips involve creating your user profile. When you enter your registration information you will see a field to enter your first name as well as a field to enter your first initial. If you go by your middle name (or a nickname) you can enter the initial of that name into the First Initial field so that is what is used to create your User ID. For example, if Francis Scott Key went by the name Scott Key, he would enter Francis in the First Name field, but S in the First Initial field and his User ID would be generated as skey instead of fkey.

    If you want to include a suffix to your name, Jr., III, etc., be sure to enter it in the Suffix field and do not add it onto either the First Name or Last Name fields. If you do, it may be displayed differently than you intend.

  • C. Resolving Password Problems

    Users often can resolve password problems on their own. The UPACS will put a 'soft-lock' on your User ID if you have three password violations in a row. If you are soft-locked, you can select "Change Password" from the UPACS Login screen and you should be able to reset your password.

    If you cannot remember what you have entered in the Secret Word field or in the Last 4 Digits Of SSN field you will be 'hard-locked.' If you are hard-locked, you must contact your local UPACS Administrator to reset one or both of those fields.

  • E. Secret Word Field

    The Secret Word field is used in conjunction with the Last 4 Digits Of SSN field to allow users to access UPACS to change their password if they have forgotten their password. You may enter anything you like in this field, however, you must take care to enter something that you will easily remember. No one is able to see what is in either the Secret Word field or Last 4 Digits Of SSN fields to tell you what you have entered. They are encrypted in the UPACS database.