Search Results

Controlling access to government software helps establish accountability for actions taken within the system. By assigning specific user accounts and permissions, agencies can track and audit user activity, making it easier to identify individuals responsible ...

Government software resources, including licenses, computing resources, and data storage, are often limited and must be allocated efficiently. Controlling access helps ensure that resources are used effectively by restricting access to only those who truly nee...

Government software may contain proprietary algorithms, code, or technologies developed for specific government purposes. Some of the software may also be licensed with specific restrictions that should be complied with. Controlling access helps protect these ...

Government software should only be used for its intended purpose. Government software should not be used for personal gain, commercial purposes, or any illegal activities. Users should refrain from engaging in activities that could compromise the integrity or ...

Licensed software should only be used in  accordance with any license terms and conditions. Avoid violating the license terms and conditions, such as making or distributing unauthorized copies, modifying or reverse engineering the software, exceeding the numbe...

Software use should be respectful of the intellectual property rights of the software authors and publishers.

Software should be kept updated and secure. Each institution should establish guidelines for updating software and users informed of their role.

There should be a mechanism for reporting any software user violations to the appropriate authority within the institution. This should be included in training and awareness sessions for users.

Government software and related data should only be installed and stored on Government provided devices or storage locations.

Users should be made aware of software security risks and how to avoid behavior that exposes software to malware or other security risks such as recognizing phishing emails or clicking on links from unknown sources.

Software installed in employee work devices should be centrally managed as much as possible to ensure it is obtained from legitimate sources, used within license terms and regularly updated.

Only authorized users should be granted access to Government software applications. User access permissions should be based on a user's role and responsibilities in the institution.

User accounts should be terminated or disabled when a user leaves the institution. There should be a process to inform IT when an employee leaves the institution for their accounts to be removed or disabled. Regular audits should be performed to check for any ...

Third parties should not be provided access to software in a production/live environment unless the access is required for them to perform an authorized service. Such access should be monitored and provided only for the period of time it is required.

User accounts should not be generic or shared but traceable to specific individuals for purposes of accountability.

Users should be made aware to keep login credentials such as User IDs and Passwords confidential and not share them.

Appropriate password policies should be defined covering password expiration period, password complexity and allowed login attempts. Adoption of the NIST password policy guidelines is recommended.

Multi-Factor Authentication (MFA) is strongly recommended as the primary authentication method for government institutions in Rwanda. It provides a high level of security by requiring users to present multiple independent factors for identity verification, sig...

Biometrics can be considered as an additional layer of authentication where it is available and where it is cost effective. Government institutions may explore the use of biometrics, such as fingerprint or facial recognition, for situations where high-security...

This guideline shall come into force on the date of its signature by the Chief Executive Officer of RISA.