Oregon Administrative Rules
Chapter 291 - DEPARTMENT OF CORRECTIONS
Division 5 - NETWORK INFORMATION SYSTEM ACCESS AND SECURITY
Section 291-005-0005 - Authority, Purpose, and Policy

Universal Citation: OR Admin Rules 291-005-0005

Current through Register Vol. 63, No. 9, September 1, 2024

(1) Authority: The authority for these rules is granted to the Director of the Department of Corrections in accordance with ORS 179.040, 423.020, 423.030, and 423.075.

(2) Purpose:

(a) The purpose of these rules is to establish policies, procedures, and guidelines for the security of Department of Corrections information systems. Any information system operated by the Department of Corrections, connected to the department's network, or information contained in the department's computer systems shall be protected by the security guidelines established in these rules.

(b) The Department of Corrections intends to operate all information system assets, including multi-user computer systems, terminal devices, workstations, networks, mobile devices, and communications devices, in such a manner as to ensure:
(A) The confidentiality, integrity, and availability of the department's information, regardless of whether it is stored or processed on the department's information systems or on other computer systems, including employee-owned personal computers or information systems operated by other agencies and organizations;

(B) The protection of rights to privacy concerning personally identifiable information (PII) about a person which may be stored on Department of Corrections information systems;

(C) Accessibility to information by department-authorized users or as required by state statute or legislation;

(D) Denial of access to Department of Corrections information systems and information contained within for all unauthorized persons; and

(E) Detection of misuse of Department of Corrections information systems, computer equipment, computer networks or information, and the intervention against attempted or actual system intrusions, information tampering, destruction, data exfiltration, or any other forms of misuse.

(3) Policy: It is the policy of the Department of Corrections that computerized information shall be made secure from unauthorized access. Accepted supervision and management practices shall be required of employees to provide adequate security which restricts unauthorized access. Any external organization granted access to Department of Corrections information systems shall be required to follow and enforce the security guidelines of these rules.

Statutory/Other Authority: ORS 179.040, 423.020, 423.030 & 423.075

Statutes/Other Implemented: ORS 179.040, 423.020, 423.030 & 423.075

Disclaimer: These regulations may not be the most recent version. Oregon may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.