Corporate
CGS Administrators, LLC

Serving the states of AL, AR, CO, FL, GA, LA, MS, NM, NC, OK, SC, TN, TX, VA, WV and the U.S. territories Puerto Rico and the Virgin Islands

November 28, 2018

myCGS Version 5.1 – New Password and Security Rules, Coming November 29

myCGS version 5.1 will be released tonight, November 28, 2018, and will be effective beginning November 29. This update includes enhancements to the myCGS security rules in order to meet the latest CMS security requirements as specified in CMS Change Request 10576External PDF. These changes will ensure myCGS is in sync with the Acceptable Risk Safeguards version 3.1, which are outlined in the CMS Manual System, Pub. 100-17, CMS/Business Partners Systems Security ManualExternal Website.

myCGS will be unavailable beginning at 5:30 pm central time tonight (November 28) while we install version 5.1. Please refrain from attempting to use myCGS during the installation time. myCGS will be available again tomorrow morning (November 29).

IMPORTANT: One of the security changes (which is outlined below) is regarding account inactivity. Today users are suspended in myCGS after they have been inactive for 60 consecutive days. With the implementation of version 5.1, that rule will change to 30 days. It's important to note that when myCGS version 5.1 is implemented, any user who has been inactive for more than 30 days will automatically be suspended without warning. Therefore, please be sure that you have logged into myCGS recently in order to prevent being suspended unexpectedly.

The following chart shows a list of the security rules in place today, what the rule will change to in Version 5.1, and what it means to you, the myCGS user:

Old Rule

New Rule

What It Means

User recertifications required every 365 days.

User recertifications required every 90 days.

Designated Approvers (DAs) must recertify their End Users every 90 days in order for the End Users to continue to have access to myCGS. Note that the recertification process itself is not changing; only the timeline requirement. For instructions on how to recertify an End User, refer to the Registration and Account Management GuidePDF.

Additionally, CGS is now required to recertify DAs every 90 days. In order to recertify a DA, we will contact your company's Authorized Official (AO) and must receive confirmation from the AO agreeing that the DA of record is still correct.

Inactive myCGS users are suspended after 60 days.

Inactive users are suspended after 30 days and deactivated after 90 days.

NOTE: In order to qualify as an active login, you must successfully complete the entire myCGS login process, including use of your MFA code.

myCGS users will be suspended after 30 consecutive days of inactivity (failure to log into myCGS at all). If your account is suspended due to inactivity, you must call our Provider Contact Center in order to be reactivated.

If you remain inactive for 90 consecutive days, your account will be deactivated entirely and you would need to re-register for myCGS in order to use it again.

In order to remain an active myCGS user, you must log in to myCGS at least once every 30 days.

Passwords must be at least 8 characters long, must start with a letter, and must contain each of the following:

One upper case letter, one lower case letter, one special character (@, #, $) and one number.

You cannot reuse any of your previous 13 passwords in their entirety.

Password character requirements are the same.

New passwords cannot reuse any of the same characters as your previous (most recent) password (for passwords up to 12 characters in length).

You cannot reuse any of your previous 12 passwords in their entirety.

All other password requirements remain unchanged.

When changing your password, every character in your new password must be completely from your previous password (if your password is 12 characters or less). For instance, if you use the number "7" in your current password, you cannot use a "7" anywhere in your next password.

Note that if you use a password that is greater than 12 characters, at least 12 of the characters must be new (not in your last password). For example, if you use a 15 character password, 12 characters must be new, while three characters may be repeated from your old password.

Also note that this rule applies to temporary passwords. If you have had your password reset through a temporary password, when you create your new password you cannot repeat any characters from your temporary password in the new password.

Example:  

Your old password is Portal$84. If you attempt to change to a new password of Brook#92, myCGS will give you an error message stating that you need to use different characters for your password. This is due to the fact that the letters "r" and "o" exist in both your old and new passwords. It does not matter that they are in different positions, they cannot be repeated anywhere in your new password.

Session timeout set to 30 minutes. After 30 minutes of online inactivity, you are automatically logged out of myCGS.

Session timeout set to 15 minutes. After 15 minutes of online inactivity, you are automatically logged out of myCGS.

If you are currently logged into myCGS but do not perform any activities (move from screen to screen, submit transactions, etc.) in myCGS for 10 consecutive minutes, you will receive a warning message that you will be logged out after another five minutes. Once you reach 15 minutes of inactivity, you will be logged out of myCGS and must log back in to use it again.

Three consecutive failed login attempts result in your account being locked. Waiting three hours allowed you to try again.

Three consecutive failed login attempts result in your account being locked. You must call the Provider Contact Center to have your account unlocked.

If you try to log in unsuccessfully three consecutive times within 120 minutes, your account will be locked. We recommend that if you have two consecutive unsuccessful attempts that you do one of the following to prevent being locked out:

  • Wait 120 minutes and then try to log in again,

    OR
     
  • Use the "Forgot Password" link on the login screen to generate a temporary password.

We understand that some of these rules may seem inconvenient at times, but CGS is committed to doing everything we can to protect your company's data and privacy, as well as the privacy of beneficiary data. We trust that as you use the portal over the next few weeks, following these rules will become second nature, and myCGS will continue to be your tool of choice for obtaining Medicare data for DME Jurisdictions B and C.

Be sure to stay tuned to our ListServ, News, and FacebookExternal Website pages for the latest myCGS news!

Two Vantage Way, Nashville, TN 37228 © CGS Administrators, LLC. All Rights Reserved