Security Policy 100.02 | Security Policies Definitions
Subject: Security Policies Definitions
100.02
Effective Date: 01/09/2015
Revised Date: 04/19/2024
Approved Date: 04/19/2024
Purpose: To establish the minimum security requirements needed to protect judiciary information assets in conformance with statutes, regulations and rules. Security is needed to protect the judiciary’s electronic information systems from unauthorized access, modification and destruction, and to ensure authenticity, integrity, confidentiality and availability of the judiciary’s electronic information systems.
Definitions
Active Directory – A Windows Operating System directory service that is used for managing permissions and user access to network resources.
Assigned Computer – A computer for which a user has had temporary or permanent access designated by OSCA IT, local IT, or his or her supervisor.
Automated Build – A pre-configured automated installation for specific computer models based on the approved standardized build. It includes the reference image and any appropriate software updates.
Business Requirements – The core activities of the judiciary that must be performed to meet the organizational objective(s).
Confidential – Confidential Records as defined in Court Operating Rule 4.24 and personal information as defined in Court Operating Rule 2.05 (c): Personal information includes, but is not limited to:
Cryptographic Erase – Permanently rendering the data on a device unreadable by deleting the data encryption key.
Destroyed – Complete physical destruction of a device or media rendering the data stored irretrievable.
Digital Media – Any surfaces that are formatted to be readable to store electronic data. Some examples are flash drive, CD, DVD, floppy disk, and memory cards of various physical sizes.
Electronic Device – Refers to any computing equipment including, but not limited to, computers and portable digital devices.
Electronic Information – Any information, files, documents, images, or data stored, rendered, or transmitted digitally.
Group Policy – An operating system control that enforces rules for user and computer accounts.
Hard Drive – A data storage device used for storing and retrieving digital information. Data is retained even when powered off. A hard drive may be a moving or solid state storage unit.
Jailbreak – Circumventing manufacturer designed system security protocols to gain root access to the iOS operating system, allowing the download of additional applications, extensions, and themes that are unavailable through the official Apple App Store or to circumvent operating system protection.
Active Directory – A Windows Operating System directory service that is used for managing permissions and user access to network resources.
Assigned Computer – A computer for which a user has had temporary or permanent access designated by OSCA IT, local IT, or his or her supervisor.
Automated Build – A pre-configured automated installation for specific computer models based on the approved standardized build. It includes the reference image and any appropriate software updates.
Business Requirements – The core activities of the judiciary that must be performed to meet the organizational objective(s).
Confidential – Confidential Records as defined in Court Operating Rule 4.24 and personal information as defined in Court Operating Rule 2.05 (c): Personal information includes, but is not limited to:
(1) Social security numbers;
(2) Motor vehicle operator license numbers;
(3) Victim information including name, address, and other contact information;
(4) Informant information including name, address, and other contact information;
(5) Witness information including name, address, and other contact information;
(6) State identification numbers; and
(7) Financial institution account numbers, credit card numbers, personal identification numbers, or passwords used to secure accounts.
(2) Motor vehicle operator license numbers;
(3) Victim information including name, address, and other contact information;
(4) Informant information including name, address, and other contact information;
(5) Witness information including name, address, and other contact information;
(6) State identification numbers; and
(7) Financial institution account numbers, credit card numbers, personal identification numbers, or passwords used to secure accounts.
Cryptographic Erase – Permanently rendering the data on a device unreadable by deleting the data encryption key.
Destroyed – Complete physical destruction of a device or media rendering the data stored irretrievable.
Digital Media – Any surfaces that are formatted to be readable to store electronic data. Some examples are flash drive, CD, DVD, floppy disk, and memory cards of various physical sizes.
Electronic Device – Refers to any computing equipment including, but not limited to, computers and portable digital devices.
Electronic Information – Any information, files, documents, images, or data stored, rendered, or transmitted digitally.
Group Policy – An operating system control that enforces rules for user and computer accounts.
Hard Drive – A data storage device used for storing and retrieving digital information. Data is retained even when powered off. A hard drive may be a moving or solid state storage unit.
Jailbreak – Circumventing manufacturer designed system security protocols to gain root access to the iOS operating system, allowing the download of additional applications, extensions, and themes that are unavailable through the official Apple App Store or to circumvent operating system protection.
Judiciary’s Electronic Information Systems – Systems operated at the state, county and city level to conduct day to day judiciary business. This includes all electronic data, applications, and computers, connected or unconnected to the judiciary network. These systems include but are not limited to Lotus Notes, JIS, JMS, courts website, personal computers, servers, networking equipment and Microsoft Office software. Access to public WiFi provided by a court or OSCA does not constitute a network connection to the Judiciary’s Electronic Information System.
Judiciary Network Account – A user account with defined access to network resources the user needs to perform their everyday job tasks. A judiciary network account does not have administrator access to the PC workstation.
Judiciary Network Users – Judiciary employees who are authorized users of the judiciary network limited to OSCA staff, court staff, judicial officers, interns, volunteers and contractors.
Laptop – A portable microcomputer having its main components (such as processor, keyboard and display screen) integrated into a single unit capable of battery-powered operation.
Local IT Managers – Information Technology Managers identified in the MCA IT Managers Task Team charter who work for circuit or appellate courts rather that the Office of State Courts Administrator.
Network Device – Components used to connect computers together to share resources. Such devices can be routers, switches and hubs.
Numeric Pins – A personal identification number (PIN), or sometimes redundantly a PIN number, is a numeric or alpha-numeric password used in the process of authenticating a user accessing a system.
Office Equipment – Non-computer electronic devices that contain a hard drive or memory such devices are fax machines, printers or scanners.
Office of State Courts Administrator Technicians – Any OSCA IT employee including but not limited to desktop support technicians and regional support technicians.
OSCA ITS Staff – OSCA Information Technology (IT) Managers.
Passcode – A unique sequence of variables, i.e., numbers, characters, patterns, or gestures that is used to authenticate a user to gain access to a device.
Password – A string of alpha numeric characters used for user authentication to prove identity or access approval to gain access to a resource (example: an access code is a type of password), which should be kept secret from those not allowed access. Examples of passwords that meet Password Controls are J@nu@ry13, $w33tT00th, F!r3FL!es and $unyD@z3.
Password Controls – Means to protect information technology systems by regulating the structure and duration of passwords.
PC Workstation Administrator Account – An account with elevated privileges that can make changes on a computer or to a system that will affect security settings, install software and hardware, access all files on the computer, and make changes to user accounts. An administrator account can change or increase the judiciary’s exposure to risks and threats to judiciary information resources. Administrator access is a level of privilege above that of a normal user.
Portable Digital Devices – Handheld electronic computing devices such as smart phones, iPads, tablets, slates, or similar devices capable of storing, retrieving and displaying information. Laptop computers are not classified as portable digital devices.
Product Administrators – OSCA ITS staff or Local IT Managers responsible for maintaining operation of the product, downloading new versions, updating the product, and coordinating purchases, licenses, and maintenance renewals.
Purge/Purged – To permanently remove all data. Purged data has been removed forever with no possibility of retrieval.
RAID (Redundant Array of Independent Disk) – An automated method of storing the same data in multiple places on more than one disk drive.
Ransomware – Ransomware is a form of malicious software (“malware”) designed to block access to a computer system or data, often by encrypting data or programs on information technology systems to extort ransom payments from victims in exchange for decrypting the information and restoring victims’ access to their systems or data. In some cases, in addition to the attack, cyber actors threaten to publicly disclose victims’ sensitive files. The cyber actors then demand a ransomware payment, usually through digital currency, in exchange for a key to decrypt the files and restore victims’ access to systems or data.
Reference Image – The underlying operating system package the automated build utilizes.
Removable Media – Any type of storage device that holds digital data that is intended to be removed from a computer by the user.
Rooting – The circumventing of operating system protection by users of smartphones, tablets, and other devices running the Android mobile operating system to attain privileged control (known as "root access") within Android's subsystem and installing applications and extensions not approved by the manufacturer.
Sanitization/Sanitizing – The process of irreversibly removing digital data stored on a device.
Secure Domain Users – Limited access users who are authorized by statute or policy to access non-public information and to electronically file information into the automated courts case management systems. These users are NOT judiciary employees who are authorized court users of the judiciary network.
Service Account – A user account created explicitly to provide a security context for services running on Windows Server operating systems. The security context determines the service's ability to access local and network resources.
SLA (Service Level Agreement) – A document defining a mutual agreement between two parties that details the nature, quality and scope of the service to be provided.
Standardized Build – Defines the minimum technical requirements and software configurations applicable to a variety of Infrastructure Standard compatible computer models.
Unauthorized Traffic - Information passed over the judicial network, which gains no enhancement, validation, or benefit from crossing judicial servers and network segments.
User Name – Unique identifier assigned by system administrator used to identify an individual in order to grant privileges to judiciary information systems.
Dissemination
This policy is made available to all users. Additional guidance for implementing this policy is available from the Office of State Courts Administrator’s Systems Security unit.
***
Judiciary Network Account – A user account with defined access to network resources the user needs to perform their everyday job tasks. A judiciary network account does not have administrator access to the PC workstation.
Judiciary Network Users – Judiciary employees who are authorized users of the judiciary network limited to OSCA staff, court staff, judicial officers, interns, volunteers and contractors.
Laptop – A portable microcomputer having its main components (such as processor, keyboard and display screen) integrated into a single unit capable of battery-powered operation.
Local IT Managers – Information Technology Managers identified in the MCA IT Managers Task Team charter who work for circuit or appellate courts rather that the Office of State Courts Administrator.
Network Device – Components used to connect computers together to share resources. Such devices can be routers, switches and hubs.
Numeric Pins – A personal identification number (PIN), or sometimes redundantly a PIN number, is a numeric or alpha-numeric password used in the process of authenticating a user accessing a system.
Office Equipment – Non-computer electronic devices that contain a hard drive or memory such devices are fax machines, printers or scanners.
Office of State Courts Administrator Technicians – Any OSCA IT employee including but not limited to desktop support technicians and regional support technicians.
OSCA ITS Staff – OSCA Information Technology (IT) Managers.
Passcode – A unique sequence of variables, i.e., numbers, characters, patterns, or gestures that is used to authenticate a user to gain access to a device.
Password – A string of alpha numeric characters used for user authentication to prove identity or access approval to gain access to a resource (example: an access code is a type of password), which should be kept secret from those not allowed access. Examples of passwords that meet Password Controls are J@nu@ry13, $w33tT00th, F!r3FL!es and $unyD@z3.
Password Controls – Means to protect information technology systems by regulating the structure and duration of passwords.
PC Workstation Administrator Account – An account with elevated privileges that can make changes on a computer or to a system that will affect security settings, install software and hardware, access all files on the computer, and make changes to user accounts. An administrator account can change or increase the judiciary’s exposure to risks and threats to judiciary information resources. Administrator access is a level of privilege above that of a normal user.
Portable Digital Devices – Handheld electronic computing devices such as smart phones, iPads, tablets, slates, or similar devices capable of storing, retrieving and displaying information. Laptop computers are not classified as portable digital devices.
Product Administrators – OSCA ITS staff or Local IT Managers responsible for maintaining operation of the product, downloading new versions, updating the product, and coordinating purchases, licenses, and maintenance renewals.
Purge/Purged – To permanently remove all data. Purged data has been removed forever with no possibility of retrieval.
RAID (Redundant Array of Independent Disk) – An automated method of storing the same data in multiple places on more than one disk drive.
Ransomware – Ransomware is a form of malicious software (“malware”) designed to block access to a computer system or data, often by encrypting data or programs on information technology systems to extort ransom payments from victims in exchange for decrypting the information and restoring victims’ access to their systems or data. In some cases, in addition to the attack, cyber actors threaten to publicly disclose victims’ sensitive files. The cyber actors then demand a ransomware payment, usually through digital currency, in exchange for a key to decrypt the files and restore victims’ access to systems or data.
Reference Image – The underlying operating system package the automated build utilizes.
Removable Media – Any type of storage device that holds digital data that is intended to be removed from a computer by the user.
Rooting – The circumventing of operating system protection by users of smartphones, tablets, and other devices running the Android mobile operating system to attain privileged control (known as "root access") within Android's subsystem and installing applications and extensions not approved by the manufacturer.
Sanitization/Sanitizing – The process of irreversibly removing digital data stored on a device.
Secure Domain Users – Limited access users who are authorized by statute or policy to access non-public information and to electronically file information into the automated courts case management systems. These users are NOT judiciary employees who are authorized court users of the judiciary network.
Service Account – A user account created explicitly to provide a security context for services running on Windows Server operating systems. The security context determines the service's ability to access local and network resources.
SLA (Service Level Agreement) – A document defining a mutual agreement between two parties that details the nature, quality and scope of the service to be provided.
Standardized Build – Defines the minimum technical requirements and software configurations applicable to a variety of Infrastructure Standard compatible computer models.
Unauthorized Traffic - Information passed over the judicial network, which gains no enhancement, validation, or benefit from crossing judicial servers and network segments.
User Name – Unique identifier assigned by system administrator used to identify an individual in order to grant privileges to judiciary information systems.
Dissemination
This policy is made available to all users. Additional guidance for implementing this policy is available from the Office of State Courts Administrator’s Systems Security unit.
***