Laserfiche WebLink
2. Access Management <br />a. Access to County information technology resources and information is based on the <br />principle of least privilege, which limits users' access rights to only what is strictly <br />required to perform their job functions. <br />b. Personnel are permitted to use only those information technology resources issued to <br />them by the County's Information Technology Department and shall not attempt to <br />access any data or application programs contained within County information <br />technology resources for which they do not have authorization or explicit consent. <br />c. All remote access connections made to internal County networks and/or environments <br />must be made through approved, and County -provided, virtual private networks (VPNs). <br />d. Personnel shall not divulge any identity and access management information to anyone <br />not specifically authorized to receive such information, including Information <br />Technology support personnel. <br />e. Personnel must not share their identity and access management information, including: <br />Account passwords; or <br />ii. Personal Identification Numbers (PINS); or <br />iii. Security Tokens (i.e. Smartcard); or <br />iv. Multi -factor authentication information; or <br />V. Access cards and/or keys; or <br />vi. Digital certificates; or <br />vii. Similar information or devices used for identification and authentication <br />purposes. <br />f. Access cards and/or keys that are no longer required must be returned to a supervisor <br />or the Human Resources Department. <br />g. Lost or stolen access cards, security tokens, and/or keys must be reported to a <br />supervisor and the Information Technology Department as soon as possible. <br />Page 14 <br />78 <br />SECTION <br />NUMBER <br />EFFECTIVE DATE <br />Information <br />ADMINISTRATIVE <br />Technology <br />AM -1200.21 <br />5/21/2024 <br />POLICY MANUAL <br />SUBJECT <br />PAGE <br />Acceptable Use <br />Page 4 of 17 <br />2. Access Management <br />a. Access to County information technology resources and information is based on the <br />principle of least privilege, which limits users' access rights to only what is strictly <br />required to perform their job functions. <br />b. Personnel are permitted to use only those information technology resources issued to <br />them by the County's Information Technology Department and shall not attempt to <br />access any data or application programs contained within County information <br />technology resources for which they do not have authorization or explicit consent. <br />c. All remote access connections made to internal County networks and/or environments <br />must be made through approved, and County -provided, virtual private networks (VPNs). <br />d. Personnel shall not divulge any identity and access management information to anyone <br />not specifically authorized to receive such information, including Information <br />Technology support personnel. <br />e. Personnel must not share their identity and access management information, including: <br />Account passwords; or <br />ii. Personal Identification Numbers (PINS); or <br />iii. Security Tokens (i.e. Smartcard); or <br />iv. Multi -factor authentication information; or <br />V. Access cards and/or keys; or <br />vi. Digital certificates; or <br />vii. Similar information or devices used for identification and authentication <br />purposes. <br />f. Access cards and/or keys that are no longer required must be returned to a supervisor <br />or the Human Resources Department. <br />g. Lost or stolen access cards, security tokens, and/or keys must be reported to a <br />supervisor and the Information Technology Department as soon as possible. <br />Page 14 <br />78 <br />