The following requirements ensure the security of departmental
data and must be followed by all county and state employees (hereafter referred
to as 'user' or 'users') who access data systems maintained by the office of
information services (OIS) and the Ohio department of job and family services
(ODJFS) via the private or public network.
(A)Users are
responsible for system inquiries and activities executed with their system user
identification (USER-ID, also know as an Ohio ID, or
OH|ID.).
(B)Passwords must remain confidential and
be eight characters or longer in length and have each of the following
characteristics:
(1)At least one number.
(2)At least one special character.
(3)At least one upper case letter.
(4)At least one lower case letter.
(C)Passwords are valid for a maximum of
sixty days and shall not be repeated for a twelve month period.
(D)Password resets executed by OIS support
staff or county technical points of contacts (TPOCs) must require the user to
change their password upon next login.
(E)Users must not change their passwords
more than once per day.
(B)Users shall follow DAS password
standards found at
https://das.ohio.gov/portals/0/dasdivisions/employeeservices/pdf/das-its-2100-01-a
das password standard organizational users.pdf.
(F)(C) A terminal or personal computer must never be
left unattended or unsecured when logged onto the ODJFS network or device.
(G)(D) Only the files or information that are required
to perform one's own job duties, shall be accessed.
(H)(E) Users must comply with all items included on
the user attestation, JFS 07078 " Code of
Responsibility."
form, and review and sign, electronically, on an annual basis.
(I)(F) An original signed (physical or electronic)
JFS 07078 hardcopy form, or digital JFS 07078 submission
must be submitted to ODJFS with every county request for a USER-ID or
user access to the OIS and ODJFS networks.
(J)(G) The JFS 07078 (paper or
digital form) is required for every new user accessing the system, and
for making changes to an existing user's access.
(K)(H) Counties must not modify the JFS 07078 form.
(I)County users shall also abide by the
data security provisions contained in IPP 3001 found at
ipp.odjfs.state.oh.us/IPP03000/.
Effective: 7/1/2021
Certification: CERTIFIED ELECTRONICALLY
Date: 06/15/2021
Promulgated Under: 111.15
Statutory Authority: 5101.02, 329.04
Rule Amplifies: 5101.02, 329.04
Prior Effective Dates: 03/18/1988 (Emer.), 06/10/1988,
06/15/1998, 07/01/2005, 01/01/2016