May 3, 2023
Do you know what data your staff can access?
Knowing what data your staff can access is critical to setting up security roles in Enterprise Systems, your network, and other applications. Access to network administration and confidential data requires additional access controls. Security roles protect data, support segregation of duties and reduce fraud. Departments should expect to be audited on compliance with these internal controls.
- View the internal controls required for access management in our Highlights of IS.003 Access Management Standard.
- Refer to the Enterprise Information Security Standards Self-Assessment Questionnaire [Excel] to track compliance with implementing these internal controls.
See our CTR Cyber page for cybersecurity internal controls. State agencies can contact [email protected] with any incidents or suspected incidents of fraud or cyber threats or if you need support from the Statewide Risk Management Team.