Overview: • Enforce approved authorizaons for access to informaon and system resources. • Develop daily access control operaonal procedures. • Enforce approved authorizaons for controlling the flow of informaon within the system and between interconnected systems. • Employ least-privilege concept, allowing only authorized access for users that is necessary to accomplish assigned tasks. • Employ a system-use noficaon to alert users that they are accessing a state informaon system, that usage is monitored, and that unauthorized use is prohibited and subject to penales. • Establish wireless and remote access restricons and configuraon requirements. Monitor and control remote access methods to detect cyber aacks. • Employ full-device encrypon to protect the confidenality and integrity on mobile devices authorized to connect to state systems or handle confidenal informaon. • Facilitate informaon sharing by enabling users to determine awhether access assigned to the sharing partner matches restricons and circumstances. Purpose: Define the correct use and management of access controls for the protecon of state informaon systems and assets. Why it’s important: Protects the confidenality and integrity of informaon when connecng to state informaon systems. Target audience: IT personnel and system administrators 06.16.14 8320 IT SECURITY POLICY 8320 IT SECURITY POLICY Access Controls Access Controls Install perimeter firewalls between any wireless network and the protected state information system. Enforce a limit of consecutive invalid logon attempts by a user and automatically lock the account for a specified period of time. Employ a session lock to prevent access to the system by initiating a specified limit-of-time inactivity or until the user reestablishes access. Portable storage devices shall be restricted or prohibited by authorized individuals on external information systems. service providers acknowledge that they are responsible for the security of confidential data they possess. Personal firewall software is required on mobile devices or computers with Internet connectivity used to access the network. password username login For more informaon about this IT Security Policy, contact [email protected]. 07.07.14 14

8320 Access Controls V2 NewLogo - ADOA-ASET POLICY P8320 Acc… · 8320_Access Controls_V2_NewLogo Created Date: 8/7/2014 9:45:26 PM

Download PDF Report

Upload
others
View
1
Download
0

Embed Size (px)

Citation preview

Page 1: 8320 Access Controls V2 NewLogo - ADOA-ASET POLICY P8320 Acc… · 8320_Access Controls_V2_NewLogo Created Date: 8/7/2014 9:45:26 PM

Overview:

• Enforce approved authorizations for access to information and system resources.

• Develop daily access control operational procedures.

• Enforce approved authorizations for controlling the flow of information within the system and between interconnected systems.

• Employ least-privilege concept, allowing only authorized access for users that is necessary to accomplish assigned tasks.

• Employ a system-use notification to alert users that they are accessing a state information system, that usage is monitored, and that unauthorized use is prohibited and subject to penalties.

• Establish wireless and remote access restrictions and configuration requirements. Monitor and control remote access methods to detect cyber attacks.

• Employ full-device encryption to protect the confidentiality and integrity on mobile devices authorized to connect to state systems or handle confidential information.

• Facilitate information sharing by enabling users to determine awhether access assigned to the sharing partner matches restrictions and circumstances.

Purpose:Define the correct use and management of access controls for the protection of state information systems and assets.

Why it’s important:Protects the confidentiality and integrity of information when connecting to state information systems.

Target audience:IT personnel and system administrators

06.16.14

8320IT SECURITY POLICY

8320IT SECURITY POLICYAccess

ControlsAccess

Controls

Install perimeter firewalls between any wireless network and the protected state information system.

Enforce a limit of consecutive invalid logon attempts by a user and automatically lock the account for a specified period of time.

Employ a session lock to prevent access to the system by initiating a specified limit-of-time inactivity or until the user reestablishes access.

Portable storage devices shall be restricted or prohibited by authorized individuals on external information systems.