ISA/ISM FAQ’s

The unit is responsible for assigning the ISM, ISA, and Tech Contact roles by following these steps:

  1. A candidate for ISM must complete the Integrated Risk Management System training course UF_ITT104_OLT before the role can be assigned. ISAs and Tech Contacts should also complete this training, although it is not a prerequisite to assign the role. 
  2. The unit DSA requests the appropriate role in the ARS system: “UF_SEC_ISM” or “UF_SEC_ISA” or “UF_SEC_TECHCONTACT”. Within the ARS role request, the unit DSA specifies what DeptIDs they will be responsible for before submitting the role for approval in ARS.
  3. Submit a ticket in MyIT, Select Service Catalog -> Technology Services -> Networking -> IP Address Request Management to link the new ISA/ISM to the IP and DNS addresses for the unit. This database is used for contacts for network issues, and to send vulnerability and incident alerts and tickets. 

That means either your department has not assigned those roles in ARS, or that UF Security has not assigned the Dept IDs that your ISA, ISM or Tech contacts are responsible for. It could also be that the ISM has been assigned at a higher level than your unit – such as an ISM assigned for the entire college rather than individual departments. See the question below on correcting the information.

If an incorrect person is listed as the ISA, ISM, or Tech Contact for the unit, the DSA will need to remove the role from the incorrect person. Before doing so, please check to make sure that person has not moved into a similar role for another unit and just needs the Area of Authority (DeptID) changed. 

To change the Area of Authority, the DSA should email security@ufl.edu with the person’s name, UFID, and corrected DeptIDs. 

Also submit a ticket in MyIT by Selecting Service Catalog -> Infrastructure -> Network -> IP Address Management, DNS, DHCP, and Host Monitoring and request to make the appropriate changes in the Net Services Database. 

Please refer to the other question on assigning new people to an ISA, ISM, or Tech Contact role. 

Click here for more information on what it means to be an ISA or ISM.

The DSA process is managed by the Identity and Access Management team.