Privacy Impact Assessment for Guaranteed
The applications capability to establish access control lists (ACL) or registers is by based upon the basic security setup of the operating system.
2. Application users are restricted from accessing the operating system, other applications, or other system resources not needed in the performance of their duties via access given to User IDs limited to what is needed to perform their job.
Any controls used to detect unauthorized transaction attempts are security
logs/audit trails through ACF2 tools. Users are required to have password- protected screens~vers on th, ei~ PC’s to
Are criteria, procedures, controls, and responsibilities regarding user access documented?
How wil! user access to the data be restricted?
Question How will user access to the data be determined?
The RD ISSS Point of Contact (POC) is responsible for verifying user identification. The RD ISSS User Access Management Team (UAMT) relies on the POC supplying the correct user roles, privileges, and areas of responsibility (e.g. State office user with authority for their state only) to be assigned to each user. The UAMT creates the accounts and the users and their assigned roles are
verified quarterly by the PQC. Logbook tickets are the too! used to track authorized requests by approving POC.
5. Warning banners are used to warn and inform users who sign on to the system that this is a secure and private network. Warning banners are in compliance with
USDA guidelines. 6. See also #21.
Are procedures in place to detect or deter browsing or unauthorized user access?
 Yes  No
Does the system employ security controls to
make information unusable to unauthorized individuals (i.e., encryption, strong authentication
 Yes  No
Date: July 16, 2009