Article 63 – Identification and Authentication Policy
49200.5 Roles and Responsibilities
-
Department Chief Information Officer (CIO) or Designee
-
The CIO or Designee owns this policy and is responsible for ensuring that all users of department information assets are aware of this policy and acknowledge their individual responsibilities.
-
The CIO or Designee is responsible for ensuring that this policy is reviewed annually and updated accordingly.
-
The CIO or Designee is required to audit and assess compliance with this policy at least once every two (2) years.
-
-
Department Owners of Information Assets and Program Management
-
Owners of Information Assets shall ensure that this policy is implemented and shall review the policy’s implementation annually.
-
Owners of Information Assets in collaboration with Information Asset Custodians shall ensure that identification and authentication technologies and process controls commensurate with the sensitivity or criticality of the asset are implemented for assets under their purview.
-
-
Department Information Asset Custodians
-
Information Asset Custodians shall assist Owners of Information Assets in selecting and implementing identification and authentication technologies and process controls commensurate with the sensitivity or criticality of the asset.
-
Information Asset Custodians shall maintain the identification and authentication infrastructure and supporting processes and procedures.
-
Information Asset Custodians shall maintain identification and authentication records as defined by Owners of Information Assets for a minimum of twelve (12) months, or as defined by the department’s Information Security Officer (ISOInformation Security Officer).
-
-
Department Users
-
Users shall report any incidents of possible misuse or violation of this policy to the department ISOInformation Security Officer, designee, appropriate security staff or their immediate supervisor.
-
Users shall be aware of and adhere to all department information security and privacy policies.
-