STATE OF CONNECTICUT
THE STATE COMPTROLLER
55 ELM STREET
HARTFORD, CONNECTICUT 06106-1775
MEMORANDUM 2008 - 07
March 4, 2008
TO THE HEADS OF ALL STATE AGENCIES
|Attention:||Chief Administrative and Fiscal Officers, Business Managers, and Payroll and Personnel Officers|
|Subject:||Comptroller's Core-CT Systems Security|
The purpose of this memo is to advise all state agencies of the importance of having appropriate internal controls over and within the Core-CT Financial and Human Resource Management System (HRMS) to ensure that all transactions are properly authenticated and authorized. Guarding against unauthorized and inappropriate access to the Core-CT system is critical due to the integration of the Financial and HRMS Systems. Unrestricted access to the Core-CT system compromises the controls provided by segregation of duties and other safeguards that are part of manually operated systems.
II. CONTROL ACTIVITIES
Security in the Core-CT system is imperative and must be restricted to only those individuals authorized to have access. The establishment or modification of user access to Core-CT is initiated by the agency's security liaison via Form CO-1092, Agency Application Security Request Form. Only permanent state employees and those acting under a Memorandum of Understanding are allowed to have access to the Core-CT production environment.
Each agency designee has the responsibility to assign a Core-CT Security Liaison to be the primary contact with the Statewide Core-CT Applications Security Administrator. The Security Liaison is responsible for monitoring all authorized access to the Core-CT Financials/HRMS application to their agency personnel, and acting as point of contact for the Core-CT Applications Security Administrator. Each agency should develop internal security procedures for Financial, HRMS and EPM users.
The liaison's tasks include:
It is each agency's responsibility to monitor the following:
III. GUIDELINES AND PROCEDURES
The following are the guidelines and procedures for submitting security application requests. The Core-CT Application Security Request Form (CO-1092) is available at http://www.core-ct.state.ct.us/user/xls/core-ct_application_security_request_form.xls .
NOTE: New Policy for Financial Roles - If an agency submits a security request for a new employee or changes an existing employee's role for "Final Approver" in encumbrance or expenditure, they must submit an updated Claims Authorization Form (CO-512) to the Office of the State Comptroller, Accounts Payable Division before the security request can be approved.
IV. PASSWORD SECURITY POLICIES
The following password security policies are in effect:
Distribution of the User-ID's and temporary passwords by the agency security liaison, should be by the most expeditious and secure means. Agency personnel should be informed of the password guidelines and policies, procedures for password and access problems, and who to contact. Any problems associated with User ID's or passwords must be communicated through the agency security liaison. Agency personnel are not to contact the Core-CT Security Unit directly.
Questions may be directed to the State Comptroller's Office as follows:
Return to Index of 2008 Comptroller's Memoranda
Return to Index of Comptroller's Memoranda
Return to Comptroller's Home Page