Computers and User Accounts. Computers that connect to ERDS will have system and application logging enabled with a retention period of 3 months. Lead County may request reports of user access and transaction activity. Workstations used to submit, retrieve, or, when applicable, return ERDS payloads are protected from unauthorized use and access. As a minimum, workstations shall meet all of the following requirements: • Anti-malware software configured to start on system boot-up. • A Licensed and Supported Operating System and application software with the most up-to-date patches and hot-fixes. • Validated system configuration in accordance with operating system, application, and firewall checklists available in the National Checklist Program (NCP) repository. Checklists published by the following government and private entities shall be used before any other: United States Government Configuration Baseline (USGCB), Defense Information Systems Agency (DISA), United States Department of Defense (DOD), National Security Agency (NSA), Center for Internet Security (CIS), and The MITRE Corporation. All non-compliance shall be documented in a manner that states the reason for non-compliance and a plan of action to obtain compliance, mitigation, or acceptance of the risk by the applicable counties. • Installed applications shall be limited to the purpose of performing the necessary operational needs of the recording process as defined by the County Recorder. Shared user accounts may not be issued. At no time shall more than one person be authorized access to SECURE ERDS using a single SECURE ERDS user account or set of identity credentials. Each person shall be uniquely identified. If a user’s status changes, so that access to SECURE ERDS is no longer required, the user’s SECURE ERDS account and identity credentials shall be disabled and revoked, but not deleted from the system. SECURE ERDS user accounts and identity credentials are non-transferable.
Computers and User Accounts. Computers that connect to ERDS will have system and application logging enabled with a retention period of 3 months. Lead County may request reports of user access and transaction activity. Computers on which documents originate shall have: (1) all critical operating system patches applied within one month from when the patch first becomes available; (2) a hardware firewall installed and maintained; (3) up to date virus scan software that shall check for definition updates twenty-four hours; (4) screen lock must be configured for activation after 10 minutes of inactivity; and, (5) complex passwords, as per Microsoft password complexity requirements. Shared user accounts may not be issued. At no time shall more than one person be authorized access to SECURE ERDS using a single SECURE ERDS user account or set of identity credentials. Each person shall be uniquely identified. If a user’s status changes, so that access to SECURE ERDS is no longer required, the user’s SECURE ERDS account and identity credentials shall be disabled and revoked, but not deleted from the system. SECURE ERDS user accounts and identity credentials are non- transferable.
Computers and User Accounts. Government Agency computer(s) connected to the SECURE G2G Portal must be dedicated workstations for G2G recording only. Government Agency computers utilized for such are required to comply with a workstation checklist provided by Lead County. Computers that connect to SECURE G2G Portal will have system and application logging enabled with a retention period of 3 months. Lead County may request reports of user access and transaction activity. Workstations used to submit, retrieve, or, when applicable, return SECURE G2G Portal payloads are protected from unauthorized use and access. As a minimum, workstations shall meet all of the following requirements: Anti-malware software configured to start on system boot-up. All critical operating system patches applied within one month from when the patch first becomes available. A hardware firewall installed and maintained. Up to date virus scan software that shall check for definition updates every twenty- four hours. A full virus scan configured to run weekly at a minimum. Installed applications shall be limited to the purpose of performing the necessary operational needs of the recording process as defined by the County Recorder. Screen Lock must be configured for activation after 10 minutes of inactivity. Shared user accounts may not be issued. At no time shall more than one person be authorized access to SECURE G2G Portal using a single SECURE G2G Portal user account or set of identity credentials. Each person shall be uniquely identified. If a user’s status changes, so that access to SECURE G2G Portal is no longer required, the user’s SECURE G2G Portal account and identity credentials shall be disabled and revoked, but not deleted from the system. SECURE G2G Portal user accounts and identity credentials are non-transferable.
Computers and User Accounts. Government agency computer(s) connected to the SECURE G2G Portal will have system and application logging enabled with a retention period of 3 months. Lead County may request reports of user access and transaction activity. Computers on which documents originate shall have: (1) all critical operating system patches applied within one month from when the patch first becomes available; (2) a hardware firewall installed and maintained; (3) up to date virus scan software that shall check for definition updates twenty-four hours; (4) screen lock must be configured for activation after 10 minutes of inactivity; and, (5) complex passwords, as per Microsoft password complexity requirements. Shared user accounts may not be issued. At no time shall more than one person be authorized access to the SECURE G2G Portal using a single SECURE G2G Portal user account (user account) or set of identity credentials. Each person shall be uniquely identified. If a user’s status changes, so that access to the SECURE G2G Portal is no longer required, the user’s account and identity credentials shall be disabled and revoked, but not deleted from the system. User accounts and identity credentials are non-transferable.
