101 Pa. Code § 521.3

Current through Register Vol. 54, No. 49, December 7, 2024
Section 521.3 - Security
(a)Primary responsibility. The LDPC has primary responsibility for maintaining security for the service. In response to a security attack or exploit or in response to a well-founded threat to the security of the service, the LDPC may take action it deems necessary, including suspension of the service on a user, agency or entity or network-wide basis, to preserve the integrity of the service.
(b)Agency and entity responsibility.
(1) Each agency or entity that connects to the service shall ensure that its connection to and use of the service does not jeopardize the security of the service.
(2) With regard to individual users, each agency or entity shall ensure that only authorized users from its local environment are able to access the service. For accountability purposes in the event of a security threat or breach, the LDPC has the right to trace the route from a user to points within the service. Each agency or entity shall maintain and, upon request, shall make available to the LDPC a secure log of access events. The log shall be in a format and be for a period as the LDPC prescribes.
(c)User responsibility. A user may not knowingly engage in an action that undermines the security of the service or interferes with use of the service by another user.

101 Pa. Code § 521.3