The contractor shall use the
Defense Manpower Data Center (DMDC) Authentication service to perform authentication
for beneficiary web access to contractor portals or web sites that
access beneficiary-specific TRICARE data. The DMDC Authentication
service supports the Department of Defense (DoD) approved enterprise
self-service credential called the DoD Self-Service Logon (DS Logon)
account. Available credentialing options may be modified due to
security enhancements, and will be made known when available. Contractors
may also use authentication methods that meet National Institute of
Standards and Technology (NIST) Level 2 requirements (NIST publication
800-63) for beneficiaries that are not eligible to receive DS Logon
accounts.
1.0 Access to beneficiary specific
TRICARE data requires authentication with the approved DoD credential,
or their equivalent. DMDC issues the DS Logon credential; DMDC retains
responsibility for maintaining this credential.
• An authentication service will
be provided by DMDC for the DS Logon credential. For all beneficiaries
eligible to obtain a DS Logon, the contractor shall use the DMDC
Authentication service at the registration point for beneficiary
access to the contractor portal or web site. In addition, the contractor
shall use the authentication service to validate authentication
of a beneficiary every time a contractor portal or web site is accessed.
2.0 Upon presentation of the DS
Logon credential, the DMDC Authentication service will provide the
following data to the contractor upon successful authentication:
• Method of Authentication (e.g.,
DS Logon)
• Status of the account
• Identity information of the
authenticated beneficiary (e.g., DoD Electronic Data Information
(EDI) PIN)
• Affiliation information of
the authenticated beneficiary to the DoD
• Family member association including
DoD EDI PIN of the sponsor
3.0 The contractor may use the
information returned with a successful authentication to enforce any
application specific business rules. For example, the contractor
may exclude access by a parent to a family member’s Explanation
Of Benefits (EOB) information if the family member is over the age
of 18.
4.0 For those beneficiaries ineligible
for a DS Logon, the contractors shall rely on their own authentication
methodology to authenticate users accessing beneficiary-specific
TRICARE data via a contractor portal or web site.