9.1.02.01 – Warning Banners
Current Statement
Where possible, a login / warning banner must be displayed on information technology systems upon login (e.g., servers,desktops, VPN connections, network devices). Login banners must be approved by the Information Risk Management Organization and the Legal Department and must adhere to all government regulations and UnitedHealth Group directives.
Modify Statement
Where possible, a login / warning banner must be displayed on information technology systems upon login (e.g., servers, desktops, VPN connections, network devices, application elevations). Login banners must be approved by the Information Risk Management Organization and the Legal Department and must adhere to all government …show more content…
It is up to the end-user to make necessary countermeasures to keep the data protected and secure.
Explanation
• Tricky
• We can’t control the application’s data
Subsection
13.2.01.04 Protected Information in Information Systems and Applications
Current Statement
Permission rights to information systems and applications that transmit, receive and/or store Protected Information will be limited to and based on the user's job function. {ADD HERE}
The following controls must be in place:
1. Specify: the specific system privileges required.
2. Document: the approved authorization of both the direct manager and the Information Owner or Resource Administrator of the
Protected Information.
3. Re-approve: perform periodic entitlement reviews to re-authorize system privileges to Protected Information, if applicable.
Added Statement
Applications not standard to the UnitedHealth Group application baseline may store data within the application or on the user’s system. It is the user’s responsibility to take proper countermeasures against data leakage or data loss.
Explanation
• Tricky
• UHG can’t control the application’s