Updated: 03/21
2101 Standard Security Measures
Standard business conventions will be used to ensure security on the DORS Network, including AWARE™. These include login requirements, assigned User Names and Passwords.
2101.01 Login Requirements
Staff are required to login to the DORS Network and the AWARE™ case management system using their own assigned User Names and Passwords. As network resources are unique to each individual user, staff shall not login to the network using another person’s user name and password.
LDAP provides a means to allow staff to log on to different systems on our network using the same password. For LDAP to function properly, your username in AWARE™ must match your username on the Domain.
2101.02 System Lock Out
This is a security feature to discourage unauthorized login attempts. After three incorrect login attempts, a user will be locked out for two hours. If this occurs inadvertently, staff must call the Service Desk as the Network Administrator is the only individual with the authority to override the two-hour lock out.
2101.03 User Names
Each new user will be provided a unique User Name for both the network and AWARE™.
Format – The User Name for both Network and AWARE™ login consists of the same format and should be identical. The user name is comprised of the user's first initial of the first name plus the last name (FiLname). As an example, the User Name for James Allen Tupperman would be "jtupperman." Note that, due to limitations of AWARE™, last names cannot be hyphenated.
Case Sensitivity – User Names are not case sensitive, that is it does not matter if User Names are entered in UPPER or lower case (jtupperman, or JTUPPERMAN, or JTupperman).
Duplication of User Name – If there is a possible duplication (e.g., two individuals work for MSDE and have the same first initial and last name, such as John Smith and Joan Smith), the Network Administrator will assign an alternate User Name. Typically the alternate user name will be comprised of the first initial first name, middle initial, and last name (FiMiLname).
2101.04 Passwords
Passwords for the Network and AWARE™ are identical. An arbitrary password will be assigned to new users to allow initial access. The first time a new user logs on, he/she will be required to immediately change the password to one of his/her own choosing in accordance with the following:
Format of passwords – The minimum length for a password is 12 alphanumeric characters. The password must include a combination of numbers, letters and special characters. Punctuation, including spaces, may not be included. The password is case sensitive. It is important to pick a password that is easy to remember, since it should never be written down.
Expiration of passwords – Passwords are in effect for up to 45 days, at which time users will be required to change their passwords. Users may not reuse the same password for 10 consecutive cycles. After 10 cycles, the password may be reused.
Security of passwords – Since staff will know user names of other staff because of the format, it is especially important that passwords remain confidential. All users are responsible for the security of their password. Passwords should not be written down and should never be revealed to other staff members, as users may be held accountable for work done under their User Name by another individual. Passwords will not be given out by Management Information Services (MIS) or DoIT Service Desk staff and are not transferable.
Forgotten passwords – Staff who forget their network password must contact the DoIT Service Desk to receive a temporary password. The staff person can then login and change the password to one of his/her choosing.
2102 Restrictions on Access to DORS Network
The following restrictions are required by the State of Maryland Information Technology Security Policy and Standards, sections 9.4 and 6, respectively.
2102.01 Personally-owned Data Processing Equipment
Directly accessing the DORS network at DORS offices using any non-state-owned computer or computer-related equipment is strictly prohibited unless written approval is granted at least two business days in advance of such usage by the Office Director and MIS Director. This applies to all authorized users of the DORS network, and is necessary to safeguard the MSDE network and nonpublic data from both deliberate and unintentional misuse or attack.
2102.02 Non-DORS Staff Internet Access at DORS Facilities
DORS staff making arrangements for vendors, staff of community programs, trainers or other non-authorized users to use DORS facilities must advise them that they must provide their own wireless network if they plan to access the Internet while at any DORS facility. Any exception to access the internet via the DORS network requires prior (two business days) approval of the Office Director and MIS Director in writing. DORS staff may not give their network credentials (user name and password) to anyone to enable internet access at a DORS facility.
2102.03 Accessing DORS Nonpublic Data
DORS nonpublic data (e.g., information in AWARE™) may be accessed only by appropriate persons and for authorized reasons. DORS staff working with a non-DORS individual who requests access to the DORS nonpublic data shall advise them to put their request in writing, including justification, and submit the request to the appropriate Office Director. If approved by the Office Director, the individual shall be required to complete, sign and date the form Confidentiality Statement for Non-DORS Access to the DORS Network and/or Data and submit it to the Director of MIS for approval. DORS staff may not give their network credentials (user name and password) to anyone to enable access to DORS nonpublic data.
2102.04 Resource Room Computers
For security and system integrity purposes, resource room computers do not include access to DORS staff network which includes, but not limited to AWARE™, InDORS and DORS file server. These computers will enable consumers to access the internet and their personal email for rehabilitation/employment purposes.
