Designated Security Officer (DSO) Responsibilities
Compliance
DSOs are responsible for ensuring compliance with the Commonwealth’s and/or agency/Secretariat's:
- Acceptable Use policies;
- Teleworking policies;
- Enterprise Security Policy and Standards; and
- any other internal agency/Secretariat approval processes.
Requests
DSOs are responsible for submitting and approving security-related requests on behalf of their agency/Secretariat.
Certain ServiceNow request items are only available to DSOs. Requests for these applications or services will not be accepted via Incidents or Requests submitted using other ServiceNow Catalog request items. Unauthorized requesters will be referred back to their Agency/Secretariat DSOs - this is to ensure that all access requests have been internally approved within the Agency/Secretariat prior to submission.
Designating Agency/Secretariat DSOs
Who should be a Designated Security Officer?
- Someone who will ensure compliance with the Commonwealth’s and/or agency/Secretariat Acceptable Use and Teleworking policies, along with the Enterprise Security Policy and Standards, and any internal agency/Secretariat approval processes.
- Someone who will approve and submit security-related requests on behalf of their agency/Secretariat.
- Best practice: at least two (2) DSOs per agency/Secretariat
How do I modify my agency/Secretariat's DSO list?
Only currently designated DSOs are able to add or remove DSOs on behalf of their agency/Secretariat. DSOs may modify their agency/Secretariat DSOs using the Add/Remove a Designated Security Officer (DSO) catalog request item in ServiceNow (see Additional Resources, below).
Additional Resources
Catalog Items Available to DSOs Only
The following Catalog items can only be accessed and requested in ServiceNow by designated agency DSOs:
- Add/Remove a Designated Security Officer (DSO)
- AWS Role Access Request/Adjust
- Content Filtering Services
- Domain Name System (DNS) Services
- Firewall - Port - Open \ Close
- Forensic Investigation
- ITL - Request or Modify ITL Users and Groups
- Microsoft O365 International Access
- NAT Address
- Penetration Testing Services
- Priv Account (Local Admin Access)
- VPN: Add/Remove Users
- VPN: Create a New Group
- VPN: Modify an Existing Group
- VPN: Remove an Existing Group
*NOTE: IT Liaisons (ITLs) will also have access to IT Liaison (ITL) requests