Version: 2.0
Status: Approved: 04/3/08

Last update: 05/10/08
Contact: Director, Technology Services

To provide guidelines necessary to implement remote access standards and procedures to protect System Office and College IT systems and data. 

In accordance with the COV ITRM 501-01, Remote Access standards and procedures must be implemented to ensure the steps necessary for providing for the secure use of remote access to Systems Office and College IT systems and data.

The Remote Access Standard is applicable to the System Office and all Colleges.  

Simply stated, remote access is the ability to get access to a computer or a network from a remote distance.  Security measures for remote access should be implemented based on sensitivity and risk to System Office or College IT systems and data. 

 Requirement:

The System Office and College procedures must document user requirements for use of remote access and the need for remote access to sensitive data, based on agency and COV policies, standards, guidelines, and procedures.  This should include: 

• Employee procedures for requesting remote capabilities including supervisor or administrative approvals if required.
• User ID assignments (a unique user ID assigned or use of current user ID) depending on the type of remote access used and additional security measures already in place.
•  Provide security awareness and training and instruction on remote access prior to a user receiving such access. 

Requirement:

An important consideration when establishing remote access connections is encryption.  The security of remote access to the System Office or College IT systems and data must be in compliance with the Data Protection, Encryption Standard.  This includes the remote file transfer of sensitive data to and from VCCS systems. To accommodate this, a Virtual Private Network (VPN) will be used as the standard for remote access.

Requirement:

The System Office and Colleges must document the requirements for physical and logical hardening of remote access devices.

Requirement:

Remote access records must be maintained for audit purposes in accordance with current System Office and College records retention policies. Limited VPN access will be granted to those employees that have a documented and business need for it. The access will be tailored to specific levels of access to specific groups of users based on a valid business need.

Data Protection, Encryption Standard

Return to Information Security Program