Access Control (PS-08-009)
PS-08-009 Access Control
Issue Date: 3/20/2008
Revision Effective Date: 3/20/2008
Review Date: 12/1/2020
This policy establishes that each agency is responsible for establishing access control measures that limit access to information assets to only those individuals that are authorized to obtain it.
Agencies that create, use or maintain information assets for the State of Georgia shall implement physical and logical access control measures that appropriately limit access to information, processing systems and facilities to only authorized individuals, except where designated for general public access.
RELATED ENTERPRISE POLICIES, STANDARDS, GUIDELINES
Authorization and Access Control Management SS-08-010
Third Party Security Requirements SS-08-013
TERMS and DEFINITIONS
Authorization is the formal administrative approval required for an individual to gain access to a facility, system, or other information asset.
Access Control is the rules and deployment mechanisms which control physical and logical access to information systems.
Physical Access is the ability to access areas or premises where information systems and technology assets reside.
Logical Access is the ability to read, write, or execute records or data contained in the information system.