RULE 200.00.03-004 - Warning Banner for State IT Systems
RULE 200.00.03-004. Warning Banner for State IT Systems
Information handled by computer systems must be adequately protected against unauthorized modification, disclosure, or destruction. Warning banners are necessary at all access points in the event an organization wishes to prosecute an unauthorized user.
This standard statement applies to all state agencies, boards, commissions and institutions of higher education.
The Arkansas Information Systems Act of 1997 (Act 914, 1997) gives the Office of Information Technology the authority to define standards, policies and procedures to manage the information resources within the state. This is accomplished through work with a multi-agency working group known as the Shared Technical Architecture Team
In addition, Act 1042 of 2001 states that the Executive Chief Information Officer oversee the development of information technology security policy for state agencies.
4.1 Arkansas State Government Information Resources Security Policy Guidelines
4.2 Act 914 of 1997: Authorized the Office of Information Technology (OIT) to develop statewide policies.
4.3 Act 1042 of 2001: Authorized the Executive CIO to develop security policy.
5.1 Warning banners are required on all access points. The banner shall warn authorized and unauthorized users
1) about what is considered the proper use of the system,
2) that the system may be monitored to detect improper use and other illicit activity,
3) that there is no expectation of privacy while using the system,
4) of the penalties for noncompliance.
The agency shall be able to demonstrate compliance.
7.0 Revision History
Description of Change
Original Standard Statement Published
8.1 Warning banner:
A warning banner is verbiage that a user sees or is referred to at the point of access to a system which sets the right expectations for users regarding acceptable use of a computer system and its resources, data, and network access capabilities. These expectations include notice of authorized monitoring of users' activities while they are using the system, and warnings of legal sanctions should the authorized monitoring reveal evidence of illegal activities or a violation of security policy.
8.2 Access points:
Points of access at logon to a computer system.
9.0 Related Resources
Sample warning banners:
Navy AIS warning banner: http://www.nswc.navy.mil/ISSEC/Guidance/warning.banner.html
NIST sample banner: http://csrc.nist.gov/fasp/FASPDocs/logaccess-control/WARNINGbanner-nlb.doc
Direct inquiries about this standard to:
Office of Information Technology Shared Technical Architecture
124 W. Capitol Ave., Suite 200
Little Rock, AR 72201
OIT policies can be found on the Internet at:(12/9/2003)
The following state regulations pages link to this page.