Important E-Biz POC Login and Password Reset Update
When an EXISTING E-Biz POC logs in for the first time after the October 11, 2010 Security Build, the E-Biz POC must enter the DUNS and for the Password field, enter the MPIN. If the MPIN is unknown, the E-Biz POC can check online at http://www.ccr.gov. A search can be run through CCR using either the organization's Data Universal Number System (DUNS) Number or legal business name. Once the E-Biz POC has entered the MPIN at Grants.gov and it is verified, the system will immediately request that the E-Biz POC change the password. Once changed, the MPIN will no longer be able to be used as a password.
In order for a NEW E-Biz POC account to be established at Grants.gov an applicant from that organization must register to become an Authorized Organization Representative with Grants.gov. Once the applicant has completed registration, the NEW E-Biz POC account will be established. A system-generated password will be sent in an email to be used to log in to the E-Biz POC account. This new password will be sent to the E-Biz POC CCR email address on file with Grants.gov. If your email is not the email on file with CCR, you may not be the E-Biz POC. Please check with CCR or your organization for the E-Biz POC. E-Biz POCs may receive two emails if they are also an applicant. Look closely at the link provided to determine if the email is intended for an E-Biz POC or Applicant. The link will either contain "userType=applicant" or "userType=ebiz."
The "I Forgot My Password/Unlock My Account" functionality for an E-Biz POC with an established password, is a new option that allows an E-Biz POC to request a system-generated password through an email message. The system will send the email to the address in the user's profile. The "I Forgot My Password/Unlock My Account" feature cannot be used to reset CCR MPINs. You must contact CCR directly at http://www.ccr.gov for more information.
The Grants.gov system is currently designed to grant log in access to the E-Biz POC using the DUNS and new password. When the DUNS and MPIN are shared within an organization and the password has been changed, the system will deny access when different passwords are entered for the same DUNS. Be sure to share new passwords with all necessary users within the agency. Read more about the new E-Biz POC functionality below.
FAQs for E-Biz POCs are available in the Applicant Resources section.
The Help Desk is also available as an additional resource, however; the caller should be the organization’s official E-Biz POC for matters concerning MPIN.
Security Build Overview - E-Business Point of Contacts (E-Biz POC)
Security Build Overview - Example screenshots are included in this document as well as the details that are outlined below.
Security Build WebEx Recording - Watch an overview about the changes that will occur in the Security Build and how they will impact you.
The Security Build is an update to the Grants.gov system to comply with the National Institute of Standards (NIST) security standards.1 The changes for the build will be available on October 11, 2010. These updates will not apply to System-to-System accounts. E-Biz POCs will experience a number of system changes that include updates to passwords and logins, including:
- Applicant Center shortcut to E-Biz POC functionality
- E-Biz POC login update
- New password requirements
- 90-day password expiration
- New change password option
- New “I Forgot My Password/Unlock My Account”
- Account lockout for incorrect passwords.
1 The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53A, recommended Security Controls for Federal Information Systems. The items listed in this document will be included in the Security Build on October 11, 2010.
This document will explain the changes to the system and what to expect once the security build is in place.
Applicant Center Shortcut To Enable E-Business Point Of Contact (E-Biz POC) Functionality
An option will be available to the AOR to request E-Biz POC authorization once the AOR is logged into the Applicant Center. A prompt will be displayed for an MPIN the first time E-Biz POC functionality is selected. A valid MPIN must be entered at every session in order to be granted E-Biz POC authorization. Once a valid MPIN is entered the AOR can act as the E-Biz POC and perform the following functions:
- Issue AOR role(s)
- Revoke AOR role(s)
- View all submissions for the organization's DUNS
- Deactivate AOR account(s)
- Revoke E-Biz POC role assigned to other AOR accounts.
If the AOR enters the correct MPIN at the Applicant Center, the AOR will begin to receive E-Biz POC email notification when a new AOR registers under the organization’s Data Universal Number System (DUNS). If the AOR does not enter the correct MPIN the AOR will not receive E-Biz POC email notifications until they enter a valid MPIN.
E-Business Point Of Contact (E-Biz POC) Account Login Update
When an existing E-Biz POC goes to log in for the first time after the Security Build is released, the E-Biz POC will enter the DUNS and for the Password field, enter MPIN. The system will immediately request the E-Biz POC to change the password and comply with the password complexity rules (see "3. New Password Requirements" for details).
Once this security control is implemented, when a new E-Biz POC account is established, a system-generated password will be sent in an email to be used to log in to the account. The new password will be sent to the CCR email address on file with Grants.gov.
New Password Requirements
When an E-Biz POC changes a password in the Grants.gov system, the password will have to comply with the following requirements:
- Cannot be the same as the previous three (3) passwords
- Must contain at least eight (8) characters
- Must contain at least one (1) number
- Must contain at least one (1) uppercase letter
- Must contain one (1) lower case letter.
What to expect:
When an E-Biz POC changes a password, prompts will be displayed with instructions to comply with the new password requirements.
Passwords Expire In 90-Days
A 90-day password expiration policy for accounts will be implemented.
Going forward all passwords will expire every 90 days. For example, if a password is changed today, it is considered as day one (1). This password will be valid for 90 calendar days and will not be valid on the 91st day onward.
Without a valid password, an E-Biz POC will not be able to log in to Grants.gov and approve AORs or check the application status of the organization.
What to expect for E-Biz POC Center Login:
E-Biz POCs who successfully log in to Grants.gov will see a password expiration warning message, beginning 15 days before expiration. Grants.gov will display a countdown message of the number of days until the password expires when the users log in or until the password is changed. No users with an expired password will be able to log in using the browser. Users can change the password by using the "Change My Password" button on the login page. If the user is successful in changing the password, then the user will be able to log in.
Password Expiration Email Notification
- All users will receive two (2) email notifications before passwords expire.
- The first email notification will be sent 15 days before the password expires.
- The second email notification will be sent five (5) days before the password expires.
New Change Password Option
E-Biz POCs will be able to change a password at any time by entering their current password and entering a new password twice correctly. The change password option will be provided on the E-Biz POC login page and the E-Biz POC center.
What to expect:
When E-Biz POCs receive the email notification that their password will expire they can use the Change My Password functionality to avoid password expiration.
New "I Forgot My Password/Unlock My Account" For E-Biz POC
The new option allows E-Biz POCs to request a system-generated password through an email message. The system will send the email to the address in the user's profile.
What to expect:
E-Biz POCs will receive the system-generated password. The password will not expire for 90 days.
Account Lockout For Incorrect Passwords
The E-Biz POC's account will lock for 15 minutes if the user provides an incorrect password three (3) consecutive times within a five (5) minute period.
Once an E-Biz POC is locked out, the E-Biz POC will not be able to login through the browser for 15 minutes.
- After 15 minutes with no attempts to log in, the E-Biz POC can log in to the system with the correct password.
- E-Biz POCs who don't know the correct password can unlock an account within 15 minutes by using the "I Forgot My Password/Unlock My Account" optionto request a system-generated password.
If you are interested in the upcoming changes for your organization's AORs, please visit www.grants.gov/securitybuild for more information about new AOR functionality that will be included in the Security Build.
For more information about the Grants.gov process including finding grant opportunities, registration process and applying for a grant - review the Applicant User Guide, FAQs and find additional help by using the iPortal. All resources can be found at: http://www.grants.gov/applicants/resources.jsp.