U.S. Department of Health and Human Services
Access controls exist to permit only authorized access to the system and restrict users to authorized transactions, functions, and data. These controls are automated and ensure that only authorized individuals gain access to information system resources, that they are assigned an appropriate level of privilege, and that they are individually accountable for their actions. All users accessing the system are required to sign the HHS Rules of Behavior.
At HHS, system access administrators or designees process all internal requests for access. Access is granted according to the most restrictive set of rights or privileges needed. The data owner is responsible for specifying the type of user access which may be approved. Each facility ISSO reviews all requests for access by non-facility users.
Page 1 of 4
Level of Access