Access Control (PS-08-009)
PS-08-009 Access Control
Issue Date: 3/20/2008
Review Date: 8/30/2024
PURPOSE
This policy establishes that each agency is responsible for establishing access control measures that limit access to information assets to only those individuals that are authorized to obtain it.
SCOPE AND AUTHORITY
O.C.G.A 50-25-4(a)(8) – State Government, Georgia Technology, General Powers
O.C.G.A 50-25-4(a)(9) – State Government, Georgia Technology, General Powers
O.C.G.A 50-25-4(a)(20) - State Government, Georgia Technology, General Powers
O.C.G.A. 50-25-4(a)(27) – State Government, Georgia Technology, General Powers
O.C.G.A 50-25-4(a) (28) State Government, Georgia Technology General Powers
PM-04-001 – Information Technology Policies, Standards and Guidelines
PS-08-005 – Enterprise Information Security Policy
TERMS and DEFINITIONS
Authorization is the formal administrative approval required for an individual to gain access to a facility, system, or other information asset.
Access Control is the rules and deployment mechanisms that control physical and logical access to information systems.
Physical Access is the ability to access areas or premises where information systems and technology assets reside.
Logical Access is the ability to read, write, or execute records or data contained in the information system.
POLICY
Agencies that create, use or maintain information assets for the State of Georgia shall implement physical and logical access control measures that appropriately limit access to information, processing systems and facilities to only authorized individuals, except where designated for general public access.
RELATED ENTERPRISE POLICIES, STANDARDS, GUIDELINES
Authorization and Access Control Management SS-08-010
Third Party Security Requirements SS-08-013