“What’s New” for Security
04/11/24 | Semiannual Verification of Users’ Security Access Levels Due Semiannual Verification of Users’ Security Access Levels Due
Security coordinators are required to certify that their records are up to date through a semiannual security verification process that is concurrent for all Fiscal Management applications.
If you have questions, email ssa.security@cpa.texas.gov. |
---|---|
02/23/24 | Encrypt Confidential Emails to Fiscal Management Encrypt Confidential Emails to Fiscal Management
State agencies and institutions of higher education sometimes send documents with confidential information to Fiscal Management. An unencrypted email is not a secure transmission. Agencies must send confidential information in an encrypted email or as an encrypted email attachment as prescribed by your agency’s information security policy. See Confidential Information Must Be Encrypted Before Emailing to Fiscal Management (FPP D.004) for details. |
12/14/23 | Security Alert: Avoid Email Confirmation Security Alert: Avoid Email Confirmation
Fiscal Management urges all agencies to review and further strengthen internal processes and procedures for requesting system or security changes. To avoid security threats, it is best to validate requests by a method other than email. In the past, hackers harvested credentials such as user IDs, passwords, email addresses, etc., then used the credentials to access systems and gather data or other sensitive information. Now, hackers target the credential with the most transparency — email addresses. They hijack an email account, change the password, then use the email address to request the agency to provide sensitive information or make detrimental changes to the user’s profile, such as changing direct deposit instructions. This is what makes these hacks so dangerous. Everything about the email appears legitimate, because it is. Since the email account is compromised, the traditional strategy of training users to identify illegitimate email will not work. Only a second level of validation will ensure the instructions received were from the intended user. See Fraud Prevention Recommendations for more tips, or contact your agency’s information security office for more information and/or to discuss and implement security improvements for your agency. |
10/19/23 | Reminder – Semiannual Verification of Users’ Security Access Levels Due Reminder – Semiannual Verification of Users’ Security Access Levels Due
Security coordinators are required to certify that their records are up to date through a semiannual security verification process that is concurrent for all Fiscal Management applications.
Email mailto:ssa.security@cpa.texas.gov with any questions. |
10/06/23 | Semiannual Verification of Users’ Security Access Levels Due Semiannual Verification of Users’ Security Access Levels Due
Security coordinators are required to certify that their records are up to date through a semiannual security verification process that is concurrent for all Fiscal Management applications.
Email ssa.security@cpa.texas.gov with any questions. |
09/28/23 | Reminder – Complete Our Customer Service Survey by Sept. 29 Reminder – Complete Our Customer Service Survey by Sept. 29
If you already completed our Fiscal Management customer service survey, thank you! If you haven't had a chance to take our online survey, it will be available until the close of business Friday, Sept. 29. We appreciate your feedback. If you have any questions about the survey, email us at fiscal.documentation@cpa.texas.gov. |
09/15/23 | Fiscal Management Customer Service Survey Fiscal Management Customer Service Survey
How well are we meeting your customer service expectations? Please let us know by completing the online survey by Friday, Sept. 29. We appreciate your feedback. Email us at fiscal.documentation@cpa.texas.gov with any questions. |
05/19/23 | Current Forms Always Available on FMX Current Forms Always Available on FMX
Check the Forms page on FMX to ensure you use the current version. Previously downloaded forms might be outdated. The top of every FMX page has a link to the Forms page. Topic pages (such as Appropriations and Payment Services link to their specific forms on the Forms page. Note: Payment Services forms on FMX are secured and require login to prevent unauthorized users from accessing them and submitting them to state agencies. If it is necessary to maintain any of these forms on your agency’s website, ensure the forms require login and are the most current version. |
04/27/23 | Reminder – Semiannual Verification of Users’ Security Access Levels Due Reminder – Semiannual Verification of Users’ Security Access Levels Due
Security coordinators are required to certify that their records are up to date through a semiannual security verification process that is concurrent for all Fiscal Management applications.
If you have questions, email ssa.security@cpa.texas.gov. |
04/14/23 | Semiannual Verification of Users’ Security Access Levels Due Semiannual Verification of Users’ Security Access Levels Due
Security coordinators are required to certify that their records are up to date through a semiannual security verification process that is concurrent for all Fiscal Management applications.
If you have questions, email ssa.security@cpa.texas.gov. |
01/05/23 | Security Advisory: Implement Multifactor Authentication Security Advisory: Implement Multifactor Authentication
Multifactor authentication (MFA) is one of the best practices an agency can use to prevent unauthorized access to its data, devices and networks. MFA requires users to present multiple pieces of information that must be validated by the system before the user can access the system. It is essential that agencies implement strong password policies to enhance the protection of MFA. However, MFA for CAPPS is only as effective as the surrounding controls that each agency implements. It remains each agency’s responsibility to secure the entire infrastructure supporting the MFA factors (e.g., agency email accounts and voice call). If any of the systems supporting MFA are compromised, it could lead to account takeover. |
12/30/22 | Current Forms Always Available on FMX Current Forms Always Available on FMX
Check the Forms page on FMX before submitting a form to ensure you submit the current version. Previously downloaded forms or stored links might be outdated. The top of every FMX page has a link to the Forms page. Topic pages (such as Appropriations or Payment Services) link to their specific forms on the Forms page. |
10/14/22 | Semiannual Verification of Users' Security Access Levels Due Semiannual Verification of Users' Security Access Levels Due
Security coordinators are required to certify that their records are up to date through a semiannual security verification process that is concurrent for all Fiscal Management applications.
Email ssa.security@cpa.texas.gov with any questions. |
09/23/22 | Reminder – Fiscal Management Customer Service Survey Reminder – Fiscal Management Customer Service Survey
How well are we meeting your customer service expectations? Please let us know by completing the online survey by Friday, Sept. 30. We appreciate your feedback. Email us at fiscal.documentation@cpa.texas.gov with any questions. |
09/16/22 | 2022 Fiscal Management Customer Service Survey 2022 Fiscal Management Customer Service Survey
How well are we meeting your customer service expectations? Please let us know by completing the online survey by Friday, Sept. 30. We appreciate your feedback. Email us at fiscal.documentation@cpa.texas.gov with any questions about the survey. |
06/24/22 | Reminder – Direct Deposit Fraud Increasing Reminder – Direct Deposit Fraud Increasing
State agencies continue to report fraud attempts to the Comptroller’s office, especially for direct deposit payments. Agencies must be vigilant when setting up and/or changing direct deposit account information for employees and vendors. Review the Fraud Prevention Recommendations on TexPayment Resource, which include Don’t Be a Target of Fraud, Vendor Impersonation Fraud and Payment Processing Tips. |
04/28/22 | Reminder – Semiannual Verification of Users’ Security Access Levels Due Reminder – Semiannual Verification of Users’ Security Access Levels Due
Security coordinators are required to certify that their records are up to date through a semiannual security verification process that is concurrent for all Fiscal Management applications.
If you have questions, email ssa.security@cpa.texas.gov. |
03/25/22 | Direct Deposit Fraud Increasing Direct Deposit Fraud Increasing
State agencies are reporting more fraud cases to the Comptroller’s office, especially for direct deposit payments. Agencies must be vigilant when setting up and/or changing direct deposit account information for employees and vendors. Review the Fraud Prevention Recommendations on TexPayment Resource, which include Don’t Be a Target of Fraud, Vendor Impersonation Fraud and Payment Processing Tips. |
03/18/22 | Encrypt Confidential Emails to Fiscal Management Encrypt Confidential Emails to Fiscal Management
State agencies and institutions of higher education sometimes send documents with confidential information to Fiscal Management. Email is not a secured transmission. Agencies must send confidential information as an encrypted email attachment as prescribed by your agency’s information security policy. See Confidential Information Must be Encrypted Before Emailing to Fiscal Management (FPP D.004) for details. |
02/11/22 | New Name and Email for Fiscal Management Security Team New Name and Email for Fiscal Management Security Team
The Statewide Fiscal Systems (SFS) Security team’s name has changed to Statewide Security Administration (SSA). Effective Feb. 14, the support email address (SFS.security@cpa.texas.gov) will be replaced with SSA.security@cpa.texas.gov. This email account is primarily for agency security coordinators to send questions/correspondence to the SSA team. Security access requests must still be submitted via the Security Request System. Agencies should:
NOTE: The old SFS email account will not receive messages after Tuesday, March 15. Agency security coordinators may contact the SSA team with questions. |
01/21/22 | Reminder – Upgrade to TLS 1.2 by Jan. 30 Reminder – Upgrade to TLS 1.2 by Jan. 30
The Comptroller’s office will disable two transport layer security (TLS) protocols, 1.0 and 1.1, on Jan. 30. After that, only TLS 1.2 connections will work. This update is needed to correct security vulnerabilities. This change will impact all connections to Comptroller systems, so be sure your information technology team is aware of the upgrade. The Comptroller’s office alerted state agencies to the upcoming change in September and has worked with agencies to replace the older protocols. See Microsoft’s update for more information. |
01/03/22 | Current Forms Always Available on FMX Current Forms Always Available on FMX
Check the Forms page or appropriate topic page on FMX before submitting a form to ensure you submit the current version. Previously downloaded forms or stored links might be outdated. You’ll find a link to the Forms page at the top of any FMX page. Also, FMX topic pages such as Appropriations or Payment Services feature links to related forms. |
12/15/21 | Upgrade to TLS 1.2 Required by Jan. 30 Upgrade to TLS 1.2 Required by Jan. 30
The Comptroller’s office will disable two transport layer security (TLS) protocols, 1.0 and 1.1, on Jan. 30, 2022. After that, only TLS 1.2 connections will work. This update is needed to correct security vulnerabilities. This change could impact any connection to Comptroller systems, so be sure your informational technology team is aware of the upgrade. The Comptroller’s office alerted state agencies to the upcoming change in September and has worked with agencies to replace the older protocols. See Microsoft’s update for more information. |
10/28/21 | Semiannual Verification of Users’ Security Access Levels Due Semiannual Verification of Users’ Security Access Levels Due
Security coordinators are required to certify that their records are up to date through a semiannual security verification process that is concurrent for all Fiscal Management applications.
Email sfs.security@cpa.texas.gov with any questions. |
09/17/21 | Reminder – Take the 2021 Fiscal Management Customer Service Survey Reminder – Take the 2021 Fiscal Management Customer Service Survey
How well are we meeting your customer service expectations? Please let us know by completing the online survey by Friday, Sept. 24. We appreciate your feedback. If you have any questions about the survey, email us at fiscal.documentation@cpa.texas.gov. |
09/10/21 | Take the 2021 Fiscal Management Customer Service Survey Take the 2021 Fiscal Management Customer Service Survey
How well are we meeting your customer service expectations? Please let us know by completing the online survey by Friday, Sept. 24. We appreciate your feedback. If you have any questions about the survey, please email us at fiscal.documentation@cpa.texas.gov. |
09/03/21 | Reminder – Upgrade to BlueZone Web-to-Host 7.1 by Sept. 8 Reminder – Upgrade to BlueZone Web-to-Host 7.1 by Sept. 8
BlueZone Web-to-Host 5.2 will be decommissioned Sept. 8. Customers must upgrade to BlueZone Web-to-Host 7.1 before that date. See Requirements for Transmitting Comptroller Information (FPP N.007) (login required) for installation instructions. Note: If you have trouble connecting to the FMX site or downloading BlueZone, contact your IT support to determine if your agency security policies or firewalls are blocking access. |
08/27/21 | Reminder – Upgrade to BlueZone Web-to-Host 7.1 by Sept. 8 Reminder – Upgrade to BlueZone Web-to-Host 7.1 by Sept. 8
BlueZone Web-to-Host 5.2 will be decommissioned Sept. 8. Customers must upgrade to BlueZone Web-to-Host 7.1 before that date. See Requirements for Transmitting Comptroller Information (FPP N.007) (login required) for installation instructions. Note: If you have trouble connecting to the FMX site or downloading BlueZone, contact your IT support to determine if your agency security policies or firewalls are blocking access. |
08/19/21 | Upgrade to BlueZone Web-to-Host 7.1 by Sept. 8 Upgrade to BlueZone Web-to-Host 7.1 by Sept. 8
BlueZone Web-to-Host 5.2 will be decommissioned Sept. 8. Customers must upgrade to BlueZone Web-to-Host 7.1 before that date. See Requirements for Transmitting Comptroller Information (FPP N.007) (login required) for installation instructions. Note: If you have trouble accessing instructions or downloading BlueZone, contact your IT support to determine if your agency security policies or firewalls are blocking access. |
08/10/21 | Upgrade to BlueZone Web-to-Host 7.1 by Sept. 8 Upgrade to BlueZone Web-to-Host 7.1 by Sept. 8
BlueZone Web-to-Host 5.2 will be decommissioned on Sept. 8. Customers must upgrade to BlueZone Web-to-Host 7.1 before that date. See Requirements for Transmitting Comptroller Information (FPP N.007) (login required) for installation instructions. Note: If you have trouble connecting to the FMX site or downloading BlueZone, contact your IT support to determine if your agency security policies or firewalls are blocking access. Customers using BlueZone Web-to-Host 5.2 can leave that version installed; it will not conflict with version 7.1. After Sept. 8, BlueZone Web-to-Host 5.2 will no longer connect to the CPA mainframe and will redirect to a Comptroller.Texas.Gov welcome page. Agencies and institutions may also use other TN3270E emulation software equivalent to BlueZone. See Alternative Emulator Configuration Settings (login required) in FPP N.007 or contact Information Technology Support at your agency or institution for assistance. |
06/04/21 | BlueZone Web-to-Host Upgrade Postponed BlueZone Web-to-Host Upgrade Postponed
Customers using BlueZone Web-to-Host 5.2 may continue using this version until further notice. We recommend that you upgrade to Web-to-Host 7.1 at your earliest convenience; see Requirements for Transmitting Comptroller Information (FPP N.007) (login required) for more information and installation instructions. The Comptroller’s office will announce the new decommission date for Web-to-Host 5.2 shortly. |
05/21/21 | Reminder – Upgrade BlueZone Web-to-Host by June 1 Reminder – Upgrade BlueZone Web-to-Host by June 1
All customers using BlueZone Web-to-Host 5.2 must upgrade to the latest version, 7.1, by June 1, when the current version will be decommissioned on Comptroller systems. Note: If you or your IT support already downloaded and installed BlueZone Web-to-Host 5.2 from FMX, you must upgrade to the latest 7.1 version. If your agency or office has its own licensed version of BlueZone or another 3270 emulator, you can continue using it to connect to the Comptroller’s mainframe. See Requirements for Transmitting Comptroller Information (FPP N.007) (login required) for more information and installation instructions. Agencies and institutions may also use other TN3270E emulation software equivalent to BlueZone. See Alternative Emulator Configuration Settings (login required) in FPP N.007, or contact information technology support at your agency for help. |
05/07/21 | Reminder – Upgrade BlueZone Web-to-Host by June 1 Reminder – Upgrade BlueZone Web-to-Host by June 1
All customers using BlueZone Web-to-Host 5.2 must upgrade to the latest version, 7.1, by June 1, when the current version will be decommissioned on Comptroller systems. Note: If you or your IT support already downloaded and installed BlueZone Web-to-Host 5.2 from FMX, you must upgrade to the latest 7.1 version. If your agency or office has its own licensed version of BlueZone or another 3270 emulator, you can continue using it to connect to the Comptroller’s mainframe. See Requirements for Transmitting Comptroller Information (FPP N.007) (login required) for more information and installation instructions. Agencies and institutions may also use other TN3270E emulation software equivalent to BlueZone. See Alternative Emulator Configuration Settings (login required) in FPP N.007, or contact information technology support at your agency for help. |
04/30/21 | Reminder – Upgrade BlueZone Web-to-Host by June 1 Reminder – Upgrade BlueZone Web-to-Host by June 1
All customers using BlueZone Web-to-Host 5.2 must upgrade to the latest version, 7.1, by June 1, when the current version will be decommissioned on Comptroller systems. See Requirements for Transmitting Comptroller Information (FPP N.007) (login required) for more information and installation instructions. Agencies and institutions may also use other TN3270E emulation software equivalent to BlueZone. See Alternative Emulator Configuration Settings (login required) in FPP N.007, or contact information technology support at your agency for help. |
04/20/21 | Reminder — Semiannual Verification of Users' Security Access Levels Due Reminder — Semiannual Verification of Users' Security Access Levels Due
Security coordinators are required to certify that their records are up to date through a semiannual security verification process that is concurrent for all Fiscal Management applications.
If you have questions, email sfs.security@cpa.texas.gov. |
04/08/21 | Semiannual Verification of Users’ Security Access Levels Due Semiannual Verification of Users’ Security Access Levels Due
Security coordinators are required to certify that their records are up to date through a semiannual security verification process that is concurrent for all Fiscal Management applications.
If you have questions, email sfs.security@cpa.texas.gov. |