Access Requirements for Comptroller Systems
Confidential Treatment of Information Acknowledgement
Methods and Evidence of Acknowledgement
There are two acceptable methods for acknowledgement. Either of two methods for acknowledgement is acceptable. Agencies must ensure acknowledgement occurs before accessing any Comptroller systems or databases.
- Confidential Treatment of Information Acknowledgement (CTIA) (Form 70-223) – Paper or electronic copy of signed CTIA form to record user acknowledgement.
- Comptroller’s CTIA System – Online acknowledgement may be registered using the CTIA system. By providing their state email address, the user receives a link to review CTIA language and enter their acknowledgement electronically.
Note: The CTIA function on the CAPPS login screen will no longer be available; however, existing records will be retained. Acknowledgements previously recorded through CAPPS remain valid.
ONLY the CTIA system provides an online acknowledgement feature. There is no mechanism for forcing a sequence if the user is given access to multiple systems.
For example: if an agency chooses online acknowledgement as their primary method, and a new Comptroller system user logs in to USAS prior to acknowledging in the CTIA system, then the agency is noncompliant and subject to an audit finding.
Agency Security Coordinators may generate reports for all online acknowledgements made through the CTIA system.
Both acknowledgement methods apply to all Comptroller systems and databases and serve as valid methods to record user acknowledgement, effective as of the date of signature or date of online acknowledgement via the CTIA system.
Acknowledgement does not grant role-based user access.
Note: At least one valid acknowledgement method must occur prior to first accessing any Comptroller systems or databases.
Agencies with CAPPS Central Access
The CAPPS hiring process in HR/Payroll grants basic Employee Self Service (ESS) access to all newly hired employees and contractors, and basic Manager Self Service (MSS) access to individuals identified as managers.
Users must acknowledge the Comptroller’s CTIA before accessing these functions.
If additional CAPPS role-based access is required, the ASC may submit a security request.
Agency Internal Acknowledgements
Acknowledgements and advisories made through an agency’s internal network do not apply to the Comptroller systems or databases. Only the CTIA form or the CTIA system electronic acknowledgement suffice.
CTIA Acknowledgement Retention
The following retention policies apply:
- CTIA form – Agencies must maintain signed CTIA forms (paper or electronic) for the length of the users’ employment or contract, plus five years.
- CTIA system electronic acknowledgement – The Comptroller will maintain acknowledgement records for the length of the users’ employment or contract, plus five years.