Skip Main Navigation
Official Nebraska Government Website
NITC Logo
Skip Side Navigation

STATE GOVERNMENT COUNCIL
Nebraska Information Technology Commission
Thursday, September 6, 2007, 1:30 p.m. - 2:30 p.m.
Nebraska State Office Building - Lower Level C
301 Centennial Mall South, Lincoln, Nebraska
MINUTES

MEMBERS PRESENT:

Dennis Burling, Department of Environmental Quality
Randy Cecrle, Workers’ Compensation Court
Tom Conroy, OCIO - Enterprise Computing Services
Josh Daws, Secretary of State’s Office
Brenda Decker, Chief Information Officer (Alternate Steve Henderson for part of meeting.)
John Erickson, Governor's Policy Research Office
Pat Flanagan, Private Sector
Rex Gittins, Department of Natural Resources
Bill Miller, State Court Administrator's Office
Jim Ohmberger, Health and Human Services
Gerry Oligmueller, Budget Office
Mike Overton, Crime Commission
Jayne Scofield, OCIO - Network Services
Bob Shanahan, Department of Labor
Len Sloup, Department of Revenue
Rod Wagner, Library Commission

MEMBERS ABSENT: Bob Beecham, NDE Support Services; Mike Calvert, Legislative Fiscal Office; Carlos Castillo, Department of Administrative Services; Dorest Harvey, Private Sector; Jeanette Lee, Department of Banking; Beverly Neth, Department of Motor Vehicles; Terry Pell, State Patrol; Robin Spindler, Correctional Services and Bill Wehling, Department of Roads

ROLL CALL, MEETING NOTICE & OPEN MEETINGS ACT INFORMATION
 
Mr. Henderson welcomed Len Sloup as the new alternate to the Council from the Department of Revenue. Mr. Henderson called the meeting to order at 1:30 p.m. There were 14 voting members at the time of roll call. It was stated that the meeting notice was posted to the NITC, State Government Council and Nebraska Public Meeting Calendar Websites on August 16, 2007 and that the agenda posted to the NITC Website on August 31, 2007. A copy of the Open Meetings Act was located on the front table.

PUBLIC COMMENT

There was no public comment.

Mr. Gittins arrived at the meeting at 1:33 p.m.

APPROVAL OF AUGUST 9, 2007 MINUTES

Mr. Henderson indicated that we will pass over this item and approve the August minutes at the next meeting.

STANDARDS AND GUIDELINES - Recommendations to the Technical Panel and NITC

Mr. Henderson provided background information on the three documents to be discussed at this meeting. All three were on the last meeting agenda and action was postponed until today. During the interim, the Technical Panel has posted the documents for the 30-day comment period which ends on September 9. Also, Mr. Hartman held three informational meetings on these documents which members were invited to attend. Links to the agenda included draft revisions based on the comments received to date. Mr. Hartman shared these changes with the Security Architecture Work Group and they recommend approval of the changes.

STANDARDS AND GUIDELINES - INFORMATION SECURITY POLICY

Mr. Hartman reviewed the changes to the document and entertained questions from members.

Mr. Oligmueller arrived at the meeting at 1:48 p.m.

Members recommended moving the sentence on page 11 beginning "To provide accountability..." to page 9 at the end of the "Agency Accountability" section; and keeping the deleted language regarding "fixed asset guidelines" and adding "or agency" after "DAS".

Ms. Scofield left the meeting at 2:15 p.m.

Ms. Decker arrived at the meeting at 2:19 p.m.

Mr. Conroy moved to recommend approval of the Information Security Policy as revised.  Mr. Ohmberger seconded. Roll call vote:  Overton-Yes, Burling-Yes, Conroy-Yes, Decker-Yes, Sloup-Yes, Flanagan-Yes, Daws-Yes, Gittins-Yes, Erickson-Yes, Shanahan-Yes, Cecrle-Yes, Ohmberger-Yes, Oligmueller-Yes, Wagner-Yes, and Miller-Yes. Results:  Yes-15, No-0.  Motion carried.

STANDARDS AND GUIDELINES - DATA SECURITY STANDARD
 
Mr. Hartman reviewed the changes to the document and entertained questions from members. The due date for the first report will be October 31, 2008.

Mr. Flanagan moved to recommend approval of the Data Security Standard as revised.  Mr. Daws seconded. Roll call vote:  Overton-Yes, Burling-Yes, Conroy-Yes, Decker-Yes, Sloup-Yes, Flanagan-Yes, Daws-Yes, Gittins-Yes, Erickson-Yes, Shanahan-Yes, Cecrle-Yes, Ohmberger-Yes, Oligmueller-Yes, Wagner-Yes, and Miller-Yes. Results:  Yes-15, No-0.  Motion carried.

Mr. Gittins and Mr. Oligmueller left the meeting.

STANDARDS AND GUIDELINES - PASSWORD STANDARD

Mr. Hartman reviewed the document and entertained questions.

Mr. Hartman indicated that one of the written comments received discussed the expense of having to reprogram an application to force compliance with this standard. Mr. Hartman stated that the proposed standard does not require any programmatic enforcement and no requirement to reprogram. The requirement is on the user to meet the standard.

Members discussed two different approaches to this standard. One option is to only require the standard for the initial login (e.g. LAN login) and not apply this standard to other applications and resources once authenticated; and the second option is to have this apply to all passwords. As written, it is the latter approach.

Members also discussed the impact on e-government and other situations where there may be a business need to have a less stringent password. Mr. Hartman indicated that the work group would review this and may recommend changes; however, the standard does allow for agencies to apply for an exemption if there is a business need.

Mr. Miller moved to recommend approval of the Password Standard.  Mr. Ohmberger seconded. Roll call vote:  Overton-Yes, Burling-Yes, Conroy-Yes, Decker-Yes, Sloup-No, Flanagan-Yes, Daws-Yes, Erickson-No, Shanahan-Abstain, Cecrle-No, Ohmberger-Yes, Wagner-Yes, and Miller-Yes. Results:  Yes-9, No-3, Abstain-1.  Motion carried.

STANDARDS AND GUIDELINES - EMAIL STANDARD FOR STATE GOVERNMENT AGENCIES

The Council recommended approval of this document at the last meeting. Two recommended changes to the document will be made to the Technical Panel. First, to change it from a "standard" to a "policy"; and second, to add language which makes it clear this applies to employee/worker email accounts.

Ms. Decker expressed appreciation for all the work done on these documents and the input from members of the Council.

OTHER BUSINESS

None.

AGENCY REPORTS

There were no agency reports.

NEXT MEETING DATE AND ADJOURNMENT

The next meeting of the NITC State Government Council will be on October 11, 2007, 1:30 p.m. 
 
With no further business, Ms. Decker adjourned the meeting.

 

Meeting minutes were taken by Rick Becker, Office of the CIO.

Meeting Minutes