New Mexico Administrative Code
Title 1 - GENERAL GOVERNMENT ADMINISTRATION
Chapter 12 - INFORMATION TECHNOLOGY
Part 20 - INFORMATION SECURITY OPERATION MANAGEMENT
Section 1.12.20.7 - DEFINITIONS
Current through Register Vol. 35, No. 18, September 24, 2024
Defined terms apply to this rule and all other rules promulgated by the secretary and adopted by the information technology commission.
A. "Act" means the Department of Information Technology Act, NMSA 1978 9-27-1 et seq.
B. "Agency" means an executive branch agency of the state or any other state entity which uses the state IT infrastructure.
C. "Architectural configuration requirement (ACR)" means the technical specifications for information architecture and information technology system purchases for agencies.
D. "CIO" means chief information officer and refers to the secretary of the department as chief information officer of the state or any agency CIO.
E. "Commission" means the information technology commission.
F. "Department or DoIT" means the department of information technology.
G. "Exception" means a request, limited in scope and duration, granted by the department allowing an agency an exclusion from compliance with a rule, ACR or guideline.
H. "Firewall" means a part of a computer system or network designed to block unauthorized access while permitting authorized communications. It is a device or set of devices which is configured to permit or deny computer based applications based upon a set of rules and other criteria.
I. "Individual" means a natural person, a human being.
J. "Information owner" means the individual or individuals held managerially and financially accountable for a dataset and who have legal ownership rights to a dataset even though the dataset may have been collected/collated/disseminated by another party.
K. "Information security officer ("ISO") means a senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy and program to ensure information assets are adequately protected
L. "Information technology ("IT") means computer hardware, software and ancillary products and services including: systems design and analysis, acquisition, storage and conversion of data; computer programming, information storage and retrieval, voice, radio, video and data communications, requisite systems, simulation and testing, and related interactions between users and information systems.
M. "Information technology project" means the purchase, replacement, development or modification of an IT component or system.
N. "IT asset" means all elements of software and hardware found in an IT environment.
O. "Malicious code" is the term used to describe any code in any part of a software system or script intended to cause undesired effects, security breaches or damage to a system. Malicious code describes a broad category of system security terms that includes attack scripts, viruses, worms, Trojan horses, backdoors, and malicious active content.
P. "Network segregation" means controlling the security of networks by dividing them into separate secure networks. Security measures can then be applied to further segregate the network environments.
Q. "Password" means a secret series of characters that enables a user to access a file, computer, or program. On multi-user systems, each user must enter his or her password before the computer will respond to commands. The password helps ensure that unauthorized users do not access the computer. In addition, data files and programs may require a password.
R. "Person" means an individual, association, organization, partnership, firm, syndicate, trust, corporation, and every legal entity.
S. "Portable computing devices or removable media devices" means, but is not limited to, removable media such as thumb or USB drives, external hard drives, laptop or desktop computers, mobile/cellular phones, smartphones or personal digital assistants (PDA's) owned by or purchased by agency employees, contract personnel, or other non-state user(s).
T. "Privileged accounts" means accounts required for systems to function; they are frequently used by system administrators in their performance of their job duties. These special system privileges are primarily used when major changes to the system are necessary by administrators.
U. "Rule" means any rule promulgated by the department for review and approval by the commission which requires compliance by executive agencies and any other state user of the state IT infrastructure.
V. "Secretary" means the secretary of the department of information technology.
W. "Segregation of security duties" means disseminating the tasks and associated privileges for a specific business process among multiple users to reduce the potential for damage from the actions of one person. IT staff should be organized in a manner that achieves adequate separation of duties in the agency.
X. "State" means New Mexico, or, when the context indicates a jurisdiction other than New Mexico, any state, district, commonwealth, territory, or possession of the United States.
Y. "State CIO" means the cabinet secretary of the department of information technology.
Z. "State information architecture" means a logically consistent set of principles, policies and standards that guides the engineering of state government's information technology systems and infrastructure in a way that ensures alignment with state government's business needs.
AA. "State information technology strategic plan" means the information technology planning document for the state that spans a three-year period.
BB. "Virtual private network ("VPN") means a network that uses a public telecommunication infrastructure, such as the internet, to provide remote offices or individual users with secure access to their organization's network. These systems use encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.