Statutes, codes, and regulations
Oregon Administrative Code
Chapter 291 - DEPARTMENT OF CORRECTIONS
Division 5 - NETWORK INFORMATION SYSTEM ACCESS AND SECURITY
Section 291-005-0005 - Authority, Purpose, and Policy

Or. Admin. Code § 291-005-0005

Download
PDF
Current through Register Vol. 64, No. 1, January 1, 2025
Section 291-005-0005 - Authority, Purpose, and Policy
(1) Authority: The authority for these rules is granted to the Director of the Department of Corrections in accordance with ORS 179.040, 423.020, 423.030, and 423.075.
(2) Purpose:
(a) The purpose of these rules is to establish policies, procedures, and guidelines for the security of Department of Corrections information systems. Any information system operated by the Department of Corrections, connected to the department's network, or information contained in the department's computer systems shall be protected by the security guidelines established in these rules.
(b) The Department of Corrections intends to operate all information system assets, including multi-user computer systems, terminal devices, workstations, networks, mobile devices, and communications devices, in such a manner as to ensure:
(A) The confidentiality, integrity, and availability of the department's information, regardless of whether it is stored or processed on the department's information systems or on other computer systems, including employee-owned personal computers or information systems operated by other agencies and organizations;
(B) The protection of rights to privacy concerning personally identifiable information (PII) about a person which may be stored on Department of Corrections information systems;
(C) Accessibility to information by department-authorized users or as required by state statute or legislation;
(D) Denial of access to Department of Corrections information systems and information contained within for all unauthorized persons; and
(E) Detection of misuse of Department of Corrections information systems, computer equipment, computer networks or information, and the intervention against attempted or actual system intrusions, information tampering, destruction, data exfiltration, or any other forms of misuse.
(3) Policy: It is the policy of the Department of Corrections that computerized information shall be made secure from unauthorized access. Accepted supervision and management practices shall be required of employees to provide adequate security which restricts unauthorized access. Any external organization granted access to Department of Corrections information systems shall be required to follow and enforce the security guidelines of these rules.

Or. Admin. Code § 291-005-0005

CD 5-1978, f. 2-15-78, ef. 2-16-78; CD 7-1981, f. & ef. 4-17-81; CD 38-1985, f. & ef. 8-16-85; CD 12-1986, f. & ef. 6-30-86; CD 24-1992, f. 11-24-92, cert. ef. 12-1-92; CD 10-1997, f. & cert. ef. 6-20-97; DOC 16-1999, f. 9-24-99, cert. ef. 10-1-99; DOC 5-2024, amend filed 04/29/2024, effective 4/29/2024

Statutory/Other Authority: ORS 179.040, 423.020, 423.030 & 423.075

Statutes/Other Implemented: ORS 179.040, 423.020, 423.030 & 423.075