IT Resources Remote Access Policy
Version 1.0
Purpose
The purpose of this policy is to define standards for minimizing security risks that may result from unauthorized remote access to the University’s IT Resources.
Scope
This IT policy, and all policies referenced herein, shall apply to all members of the University community including faculty, students, administrative officials, staff, alumni, authorized guests, delegates, and independent contractors (the “User(s)” or “you”) who use, access, or otherwise employ, locally or remotely, the University’s IT Resources, whether individually controlled, shared, stand-alone, or networked.
Policy Statement
- Users must only use remote access for approved business or academic support.
- Users who need remote desktop access to their University desktop (e.g., to work from home, access from a conference) must use University approved software provided from IT Customer Care.
- Requests for the use of remote access software cannot be self-approved.
- Users requesting remote access, other than remote desktop access, need approval from the Chief Information Security Officer (CISO).
- Fordham IT manages acceptable University remote access software.
- Unless Fordham IT provides the software, installing remote access software is prohibited.
- The University's Information Security Office (UISO) may remove any unauthorized remote software installed on the University’s IT Resources.
- All remote access is subject to audit per the Log Review IT Policy and Logging Standards.
- Users must follow the password and authentication policies per the Password Management Policy and the Acceptable Uses of IT Infrastructure and Resources Policy.
- Users with remote access privileges must abide by the Dual-Homed Network Policy
- Authorized remote User access provisioning and deprovisioning must follow the Provisioning and Deprovisioning Policy.
- Remote access must be activated only when needed and must be deactivated immediately after no longer required.
Definitions
Desktop, for this policy, includes but is not limited to, laptops, notebooks, or any “personal computer” that can be accessed remotely.
IT Resources include computing, networking, communications, application, and telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and any related materials and services.
Related Policies and Procedures
- Acceptable Uses of IT Infrastructure and Resources Policy
- Dual-Homed Network Policy
- Log Review IT Policy
- Logging Standards
- Provisioning and Deprovisioning Policy
- Password Management Policy
Implementation Information
| Review Frequency | Annual |
|---|---|
| Responsible Person | Director, IT Risk and Data Integrity |
| Approved By | CISO |
| Approval Date | November 13, 2019 |
Revision History
| Version | Date | Description |
|---|---|---|
| 1.0 | 11/13/2019 | Initial document |
Policy Disclaimer Statement
Deviations from policies, procedures, or guidelines published and approved by the University Information Security Office (UISO) may only be done cooperatively between the UISO and the requesting entity with sufficient time to allow for appropriate risk analysis, documentation, and possible presentation to authorized University representatives. Willful failure to adhere to UISO written policies may be met with University sanctions.