State of Alaska
Information Security Policies
Title: Web Filtering
Last Review: 8/13/2010
Next Review: Quarterly
Approved by: CIO
Web Filtering Waiver Form -- Please read instructions
To define the waiver process State of Alaska (SOA) personnel must use to obtain access to otherwise prohibited internet websites when there is a defined business requirement for the exception. Personnel who circumvent the SOA security policies by providing internet access to personnel without waivers are subject to discipline up to and including dismissal. A waiver for one individual cannot be extended to another.
The SOA monitors and filters all web based traffic to the internet for non-business related material and malicious content to conserve bandwidth, to minimize the cost of conducting SOA business and to provide security to the SOA networks and assets which contain sensitive and/or confidential information.
Alaska Statute 44.21 designates the Commissioner of the Department of Administration (DOA) with the responsibility for oversight of all SOA executive branch information technology, fulfilling the role of the Chief Information Officer (CIO) for the State. The roles and responsibilities for statewide information security have been delegated to the Chief Security Officer (CSO) through the Enterprise Technology Services (ETS) division director, by the CIO.
Records owned by the Departments are subject to oversight as designated by the Commissioner of the department under AS 44.17. Record retention requirements are subject to State archivist statutes under AS 40.21.
This policy is applicable to all SOA branches, departments, divisions, corporations, commissions or other related entities which will be referred to as Department(s).
Terms in this document are defined in the SOA policy ISP-002 Information Security Glossary.
This policy stipulates:
Access to certain categories listed below will NOT be granted and are NOT accessible within the SOA networks without a web waiver (Section 7). All categories and restricted websites may change without prior notice to adapt to evolving SOA business requirements or risk exposure to meet SOA mission and services.
All SOA personnel, who have a defined business requirement for access to websites that are otherwise restricted, must submit a Web Filtering Waiver Form for evaluation and approval.
Waivers must be approved by the requester’s Commissioner or designee. Divisions should carefully review the form to ensure that requested categories and/or websites are necessary to the position for which the waiver is requested. If a waiver is requested for a department, division or section, as a whole, the Business Owner will be required to sign the waiver form and will be held accountable for the users for the department, division or section. Each user’s IP address and name must be provided.
Requesters may be required to provide additional detail to support the request for web access. Personnel with approved access to certain prohibited categories and the department’s IT manager must work directly with the State Security Office (SSO) to determine appropriate methods for alternative Internet access for this individual. Access must only be allowed once the waiver authorization is in place. All participating personnel must provide an original signature on the web waiver filtering form. A department assigning a Network Address Translation (NAT) to an IP address that has an approved waiver is in violation of SOA policy and is subject to disciplinary action as described in SOA policy ISP-001 Information Security Framework, § 6.7.2.
Business Owners must ensure their users have read and understand all aspects of SOA policies ISP-166 Web Filtering and ISP-172 Business Use/Acceptable Use prior to submitting a waiver form.
Supervisor of the requester must fully complete the Web Filter Waiver Form, including acquiring all applicable signatures. Once the form is complete, a USD must be opened. This form will not be processed without all applicable signatures, or without a USD ticket opened.
Create new USD request from a template. Use DOA Web Access Waiver template and fill in all fields. Attach the waiver form to the USD. Click on Attachments tab. Then attach document. The add file dialog box will pop up for you to browse to the document location.
If you cannot scan the document to attach it, please submit the USD and fax the form to: 465-2194 and they will try to assist you.
DOA-IT Reviewed 8/15/2012