Comptroller Mainframe Security
Agency security coordinator
Each agency has at least one appointed security coordinator, responsible for coordinating all Comptroller mainframe-related security procedures within an agency.
The CTIA
One of the most important responsibilities of the security coordinator is to review the Confidential Treatment of Information Acknowledgment (CTIA) form with each new user and obtain the user's signature on the form. The CTIA form is a paper document kept on file by the security coordinator at the agency. It must be on file for the user to receive access to the Comptroller's mainframe. (CAPPS agencies may elect for users to certify CTIA electronically during the login process.)
The CTIA specifies the penalties for security violations. Failure to observe security restrictions constitutes a Class A misdemeanor. If a breach of security is suspected, the Comptroller's office may revoke all access for those persons associated with the suspected violation while the situation is reviewed.
Examples of security violations include:
- Sharing or writing down passwords
- Disclosing confidential information
- Doing either of the above intentionally or unintentionally
In addition to explaining the CTIA form, the security coordinator:
- Requests access to the system for new users.
- Completes all other access requests pertinent to each application.
- Verifies all users' access on a semiannual basis.