800.1 - Systems Security Policy - Certification of Security Access for OSC Application Systems Policy

Policy Area:  Systems Security
Policy Sub Area:  Security
Authority:  G. S. § 147-33.110
Effective Date:  2012
Last Revision Date:  5/6/2020
Policy Owner/Division:  Risk Mitigation Services

Policy

It is the policy of the Office of the State Controller (OSC) to comply with all applicable security standards issued by the State CIO under the authority of G. S. § 147-33.110.  In accordance with the requirements of Security Standard 020101, Managing Access Control Standards, the access rights for users of OSC’s enterprise application systems1 shall be reviewed and documented on a semi-annual basis and quarterly for all privileged accounts.  

It is the responsibility of the management of each state entity using an OSC enterprise application system1 to ensure that this review is performed and documented on a timely basis in accordance with Security Standard 020101.  Documentation  evidence of such reviews shall be maintained for three fiscal years from the end of the fiscal year for which the documentation was prepared if no litigation, claim, audit, or other official action involving the records has been initiated. If official action has been initiated, documentation shall be maintained until after completion of action and resolution of issues involved.  Upon request, all documentation will be made available to representatives of OSC and/or the Office of the State Auditor.

1   North Carolina Accounting System (NCAS); NCAS Laser Check; Cash Management and Control System (CMCS); Integrated HR-Payroll; EAGLE SharePoint Web Portal
 

Procedures

Click here

Accounting Guidance

N/A

Related Documents (Memos/Forms)

Reports for Certification of Security Access for OSC Enterprise Application Systems

Certification of Security Access Form

Revision History

  • 4/13/2015 - Removed reference to CJLEADS application
  • 1/13/2016 - Updated Related Documents section to reference updated PDF
  • 1/25/2017 - Updated PDF links
  • 5/6/2020 - Updated PDF links with docs listed on website page - JP