1.0 The contractor shall use the
DMDC Authentication service to perform authentication for beneficiary
web access to contractor portals or web sites that access beneficiary-specific
TRICARE data. The DMDC Authentication service supports the DoD approved
enterprise self-service credential called the DoD Self-Service Logon
(DS Logon) account.
1.1 Available credentialing options
may be modified due to security enhancements, and will be made known when
available.
1.2 The contractor may use authentication
methods that meet National Institute of Standards and Technology
(NIST) Level 2 requirements (NIST Special Publication (SP) 800-63)
for beneficiaries that are not eligible to receive DS Logon accounts.
2.0 Access to beneficiary specific
TRICARE data requires authentication with the approved DoD credential,
or their equivalent. DMDC issues the DS Logon credential; DMDC retains
responsibility for maintaining this credential.
• An authentication service will
be provided by DMDC for the DS Logon credential.
• The contractor shall use the
DMDC Authentication service at the registration point for beneficiary
access to the contractor portal or web site for all beneficiaries
eligible to obtain a DS Logon.
• The contractor shall use the
authentication service to validate authentication of a beneficiary
every time a contractor portal or web site is accessed.
3.0 Upon presentation of the DS
Logon credential, the DMDC Authentication service will provide the
following data to the contractor upon successful authentication:
• Method of Authentication (e.g.,
DS Logon).
• Status of the account.
• Identity information of the
authenticated beneficiary (e.g., DoD Electronic Data Information
Patient (EDI) PIN).
• Affiliation information of
the authenticated beneficiary to the DoD.
• Family member association including
DoD EDI PIN of the sponsor.
4.0 The contractor may use the
information returned with a successful authentication to enforce
any application specific business rules. For example, the contractor
may exclude access by a parent to a family member’s Explanation
Of Benefits (EOB) information if the family member is over the age
of 18.
5.0 The contractor shall rely on
their own authentication methodology to authenticate users accessing beneficiary-specific
TRICARE data via a contractor portal or website for those beneficiaries
ineligible for a DS Logon.