Bruce Rumbold, CCBCO
Manager | Risk Advisory Services
The Federal Reserve announced several changes/requirements to enhance security over its payment and settlement platforms. Many of these requirements are very technical so we will try to highlight them in layman’s terms with some explanations. For my money? I send these requirements to my Information Security and/or Information Technology leaders and ask them if our hardware and software are compatible with these requirements.
What is Fedline Advantage?
FedLine Advantage is web-based solution that uses layered security, including both hardware and software components, to offer access to critical payment services, including FedACH Services, the Fedwire Funds Service, the Fedwire Securities Service and the National Settlement Service. The FedLine Advantage Solution allows many options for technical customization and integration that enable your organization to leverage its existing infrastructure. However, there are minimum hardware and software requirements and recommendations to ensure that the existing infrastructure and FedLine Advantage are secure and compatible.
Fedline Hardware and Software Requirements:
To start, FedLine highly recommends the use of Windows 10, but Windows 8.1 is also supported. Using the most current OS available to your organization in conjunction with FedLine Advantage will ensure the utmost security for transfers. Additionally, anything older than 8.1 is no longer being supported, Windows 7 is having its support ended on January 14th 2020.
For the use of FedLine Advantage there are several software and hardware requirements. Microsoft Internet Explorer 11 is required for access. Click on the settings gear in the upper right corner, select “About Internet Explorer.” If it indicates that you have Windows 10, you automatically have IE 11.
Web browsers such as Microsoft Edge and Microsoft Chrome and older versions of Internet Explorer are not supported with FedLine Advantage. While using Internet Explorer 11, compatibility view and enterprise mode should not be enabled. Also, those users using FedLine Security Tokens for two-factor authentication should have the latest version of the Federal Reserve Bank supplied FedLine security token client software installed.
Based on the Microsoft OS that is currently in use (10 or 8.1), the PC being used to access FedLine Advantage must meet that OS’ hardware requirements. (Hardware Requirements: 10, 8.1) as well as an additional three (3) requirements. The PC in use must also have a USB 2.0 compliant port (Can you put a thumb drive in?), this is required due to the FedLine security token mentioned above comes as a USB device. The PC must also have an Ethernet network adapter (an adapter (card) that plugs into a slot on the motherboard and enables a computer to access an Ethernet network (local area network). It’s the cable that would go from your home modem to your wireless router cable and most machines still have this port), and Microsoft Windows compatible printer. For step by step instructions for setting up hardware for use with FedLine Advantage, click here. As an additional note, thin-client (a machine without a hard drive) environments are not supported by FedLine Advantage.
There are five (5) software requirements that must be met regardless of whether Microsoft Windows 10 or 8.1 is in use. First, (1) Adobe Acrobat or Adobe Reader 10.0 or higher must be installed. An (2) Anti-virus software and (3) personal firewall software should also be in place. As a refresher this refers to a firewall for the local computer only rather than the entire network. And finally (4) Federal Reserve Bank-supplied FedLine Advantage Connection Utility software and (5) Federal Reserve Bank-supplied USB token hardware and token client software.
Fedline Network Requirements:
In addition to these requirements, specific network access requirements also exist for FedLine Advantage users. Transmission Control Protocol (TCP)/Internet Protocol (IP) communications protocol utilizing port 80 (World Wide Web HTTP) and port 443 (HTTP protocol over Transport Layer Security/Secure Sockets Layer) (Make sure your network administrator makes these ports available for network traffic). It is important to note, the Federal Reserve Banks cannot provide any setup or configuration assistance to troubleshoot network access issues when using non-Federal Reserve Bank designated or provided equipment. This includes firewall and router configuration problems.
Finally, “Entrust Root Certification Authority – G2, Expiration Year 2030” must be present in the Trusted Root Certification Authorities store in order to support SSL communications (talk to your network administrator to ensure that this Trusted Root Certification Authority is valid). This certificate is shipped with Windows, however if you do not have it present on the machine you are using for access, you can download it here.
I think what the Fed is getting at here is that the machine that you are using to access FedLine should be a dedicated machine with hardware that allows access to the network.
As a final note: Check 21 Subscribers using Axway Secure Client must ensure that they have a supported version of Secure Client. Secure Client software can be purchased directly from Axway utilizing the on-line portal that has been established for Federal Reserve Bank customers. For the specific hardware/software requirements related to this client, contact Axway.