800.1 - Systems Security Policy - Certification of Security Access for OSC Application Systems Policy

Policy Area:  Systems Security
Policy Sub Area:  Security
Authority:  G. S. § 143B-1376 
Effective Date:  2012
Last Revision Date:  8/2/2021
Policy Owner/Division:  Risk Mitigation Services

Policy

It is the policy of the Office of the State Controller (OSC) to comply with all applicable security standards issued by the State CIO under the authority of G. S. §143B-1376.  In accordance with the requirements of Security Standard SCIO-SEC-301-00, Access Control Policy, Section AC-2, Account Management, requirement “v.”:

“Agencies shall monitor the use of information system accounts. Agencies shall review accounts for compliance with account management requirements at least annually for user accounts and semi-annually for privileged accounts/roles. Privileged accounts are accounts with elevated access and/or agency-defined roles assigned to individuals that allow those individuals to perform certain functions that ordinary users of that system are not authorized to perform. These privileged roles may include, for example, root access, system administrator access, key management, account management, network and system administration, database administration, and website or server administration.”

It is the responsibility of the management of each state entity using an OSC enterprise application system1 to ensure that this review is performed and documented on a timely basis.  Documentation evidence of such reviews shall be maintained for three fiscal years from the end of the fiscal year for which the documentation was prepared if no litigation, claim, audit, or other official action involving the records has been initiated. If official action has been initiated, documentation shall be maintained until after completion of action and resolution of issues involved.  Upon request, all documentation will be made available to representatives of OSC and/or the Office of the State Auditor.

1 North Carolina Accounting System (NCAS); NCAS Laser Check; North Carolina Financial System (NCFS); Integrated HR-Payroll; EAGLE SharePoint Web Portal
 

Procedures

Procedures for Certification of Security Access

Accounting Guidance

N/A

Related Documents (Memos/Forms)

Reports for Certification of Security Access for OSC Enterprise Application Systems

Certification of Security Access Form

Revision History

  • 4/13/2015 - Removed reference to CJLEADS application
  • 1/13/2016 - Updated Related Documents section to reference updated PDF
  • 1/25/2017 - Updated PDF links
  • 5/6/2020 - Updated PDF links with docs listed on website page - JP
  • 8/2/2021 - Updated to reflect current State CIO requirements and to remove references to CMCS and add NCFS