eLaws | eCases | Ohio Courts | Counties & Cities of Ohio | Code of Federal Regulations and Register |
Home » 2015 Issues » Weekly Report - 30/11/2015 to 04/12/2015 » 5101:9-9-37 Data system security.

  5101:9-9-37 Data system security.  

  • Text Box: ACTION: Internal Management Text Box: DATE: 12/02/2015 9:44 AM

     

     

     

    5101:9-9-37                 Data system security.

     

     

    The following requirements ensure the security of departmental data and must be followed by all county and state employees (hereafter referred to as 'user' or 'users') who access the office of information technology (OIT)services (OIS) and the Ohio department of job and family services (ODJFS) local area networksvia the private or public network.

     

    (A)   Users are responsible for system inquiries and activities executed with their system user indentificationidentification (USER-ID).

     

    (B)    Passwords must remain confidential and be between four and eight characters or longer in length and have each of the following characteristics:.

     

    (1) At least one number.

     

    (2) At least one special character.

     

    (3) At least one upper case letter.

     

    (4) At least one lower case letter.

     

    (C)A terminal or personal computer must never be left unattended or unsecured when logged onto the network.

     

    (D)Only the files which are required to perform job duties shall be accessed.

     

    (E)(C) Passwords are valid for a maximum of thirtysixty days and shall not be repeated for a twelve month period.

     

    (F)(D) The county liaison must contact the ODJFS security officer to have a forgotten password reset. The user will then supply a new password on their next accessPassword resets executed by OIS support staff or county technical points of contacts (TPOCs), must require the user to change their password upon next login.

     

    (G)(E) Users must not change their passwords more than once per day.

     

    (F) A terminal or personal computer must never be left unattended or unsecured when logged onto the network.

     

    (G)Only the files or information, which are required to perform their job duties, shall be accessed.

     

    (H)   Users must comply with all items included on the JFS 07078 "Ohio Department of Job and Family Services Code of Responsibility" (Rev. 3/03).

     

     

     

     

    (I) An original signed (physical or electronic) JFS 07078 must be submitted to ODJFS with every county request for a USER-ID or user access to the OITOIS and ODJFS local area networks.

    (J) Temporary access may be granted at the discretion of ODJFS upon receipt of a faxed request and signed JFS 07078. Failure to submit a signed original JFS 07078 to ODJFS within fourteen days will result in termination of access.

    (K)(J) The JFS 07078 is required for every new employeeuser accessing the system, and for making changes to an existing employee'suser's access.

    (L)(K) Counties must not modify the JFS 07078.

    Effective:

     

     

    CERTIFIED ELECTRONICALLY

    01/01/2016

    Certification

     

     

    12/02/2015

     

    Date

     

     

    Promulgated Under:

     

    111.15

    Statutory Authority:

    5101.02, 329.04

    Rule Amplifies:

    Prior Effective Dates:

    5101.02, 329.04

    3/18/88 (Emer.), 6/10/88, 6/15/98, 7/1/05
Visit the Official Version
Leave a Comment

Document Information

Effective Date:
1/1/2016
File Date:
2015-12-02
Last Day in Effect:
2016-01-01
Rule File:
5101$9-9-37_FF_A_RU_20151202_0944.pdf
Related Chapter/Rule NO.: (1)
Ill. Adm. Code 5101:9-9-37. Data system security