PS-08-009 Access Control

Issue Date: 3/20/2008

Review Date: 8/30/2024

PURPOSE

This policy establishes that each agency is responsible for establishing access control measures that limit access to information assets to only those individuals that are authorized to obtain it.

SCOPE AND AUTHORITY

O.C.G.A 50-25-4(a)(8) – State Government, Georgia Technology, General Powers 
O.C.G.A 50-25-4(a)(9) – State Government, Georgia Technology, General Powers 
O.C.G.A 50-25-4(a)(20) - State Government, Georgia Technology, General Powers 
O.C.G.A. 50-25-4(a)(27) – State Government, Georgia Technology, General Powers 
O.C.G.A 50-25-4(a) (28) State Government, Georgia Technology General Powers 
PM-04-001 – Information Technology Policies, Standards and Guidelines
PS-08-005 – Enterprise Information Security Policy

TERMS and DEFINITIONS

Authorization is the formal administrative approval required for an individual to gain access to a facility, system, or other information asset.

Access Control is the rules and deployment mechanisms that control physical and logical access to information systems.

Physical Access is the ability to access areas or premises where information systems and technology assets reside. 

Logical Access is the ability to read, write, or execute records or data contained in the information system.

POLICY

Agencies that create, use or maintain information assets for the State of Georgia shall implement physical and logical access control measures that appropriately limit access to information, processing systems and facilities to only authorized individuals, except where designated for general public access.

RELATED ENTERPRISE POLICIES, STANDARDS, GUIDELINES

Authorization and Access Control Management SS-08-010

Third Party Security Requirements SS-08-013