5101:9-9-37 Data system security.

The following requirements ensure the security of departmental data and must be followed by all county and state employees (hereafter referred to as 'user' or 'users') who access data systems maintained by the office of information services (OIS) and the Ohio department of job and family services (ODJFS) via the private or public network.

(A) Users are responsible for system inquiries and activities executed with their system user identification (USER-ID).

(B) Passwords must remain confidential and be eight characters or longer in length and have each of the following characteristics:

(1) At least one number.

(2) At least one special character.

(3) At least one upper case letter.

(4) At least one lower case letter.

(C) Passwords are valid for a maximum of sixty days and shall not be repeated for a twelve month period.

(D) Password resets executed by OIS support staff or county technical points of contacts (TPOCs) must require the user to change their password upon next login.

(E) Users must not change their passwords more than once per day.

(F) A terminal or personal computer must never be left unattended or unsecured when logged onto the network.

(G) Only the files or information that are required to perform one's own job duties, shall be accessed.

(H) Users must comply with all items included on the JFS 07078 " Code of Responsibility."

(I) An original signed (physical or electronic) JFS 07078 must be submitted to ODJFS with every county request for a USER-ID or user access to the OIS and ODJFS networks.

(J) The JFS 07078 is required for every new user accessing the system, and for making changes to an existing user's access.

(K) Counties must not modify the JFS 07078.

Effective: 1/1/2016
Promulgated Under: 111.15
Statutory Authority: 5101.02, 329.04
Rule Amplifies: 5101.02, 329.04
Prior Effective Dates: 3/18/88 (Emer.), 6/10/88, 6/15/98, 7/1/05