The new version of MAC OS X, 10.10 (Yosemite) is expected to be released today, Thursday October 16th, and is currently incompatible with the ClearPass registration system and potentially other services at Rowan.

University Policies

University Policies

Page tree

ROWAN UNIVERSITY POLICY


Title: Remote Access Policy
Subject: Information Security                                                     
Policy No: ISO:2013:15                                                                
Applies: University-Wide
Issuing Authority: Senior Vice President for Information Resources and Technology and Chief Information Officer
Responsible Officer: Information Security Officer
Adopted: 07/01/2013
Last Revision: 12/12/2025
Last Review: 12/12/2025

I. PURPOSE

Rowan University provides secure remote access technologies that enable authorized users to remotely access the university network and its internal resources.

The purpose of this policy is to define standards for connecting to the Rowan University network from any remote host. These standards are designed to minimize the potential exposure to the University from damages which may result from unauthorized use of university resources. Damages include the loss of sensitive or confidential data, intellectual property, damage to public image, damage to critical internal systems, etc.

II. ACCOUNTABILITY

Under the direction of the President, the Chief Information Officer and the Director of Information Security shall implement and ensure compliance with this policy.

III. APPLICABILITY

This policy applies to all University employees, students, and affiliates including vendors and agents with a university owned or personally-owned computer or workstation used to connect to the Rowan Network.

Remote access is provided for university related activity only. All devices that are used to connect to the Rowan Network through an approved remote access technology are considered to be extensions of the Rowan Network and are subject to all applicable university policies, standards and rules.

IV. DEFINITIONS

Refer to the Rowan University Technology Terms and Definitions for terms and definitions that are used in this policy.

V. POLICY

All University systems must comply with the following requirements:

  1. All university remote access technologies will be configured and managed by the Division of  Information Resources & Technology (IRT).
  2. All remote access must use university-approved, end-to-end encrypted protocols such as TLS x.x, IPsec, SSH, etc. 
  3. All university remote access technologies must be configured to automatically disconnect after a preset amount of inactivity and/or after a predetermined length of time.
  4. Remote access sessions will be logged and monitored in accordance with IRT standards and practices.
  5. All university remote access technologies must employ a secure multi-factor authentication mechanism in accordance with IRT standards and practices.
  6. Devices that are used to remotely connect to university administrative applications must also be managed by IRT.
  7. The following configuration requirements must be enabled on all devices that support them:
    1. Antivirus software must be installed and configured to scan on a recurring schedule.
    2. The latest antivirus definitions must be updated and installed on a recurring schedule.
    3. The latest available patches for the remote access device’s operating system and applications must be configured to automatically download and install on a recurring schedule.
  8. The deployment of new remote access technologies must be approved by the Information Security Office (ISO) and IRT management.
  9. All contractors and vendors that require remote access as part of their job requirements with the university must complete security awareness training and fill out and sign the university remote access request form and Non-Disclosure Agreement (NDR). Each request will be reviewed and approved by the ISO and IRT management.
  10. Non-Rowan-managed devices used for remote access cannot be used to store or save confidential data. (Review our data classification article for full details on data types and appropriate usage.)
  11. Remote access users must not share their login credentials and should take all reasonable efforts to avert accidental disclosure.
  12. Remote access users must ensure that their remotely connected workstation is not connected to any other external network at the same time.
  13. Students will be granted remote access privileges only from Rowan-managed systems.
  14. Affiliates that require a permanent remote access connection must be approved by the Information Security Office.

VII. NON-COMPLIANCE AND SANCTIONS

Violation of this policy may result in disciplinary action up to and including termination for employees and temporaries; a termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers.  Any exceptions to this policy must be approved by the Information Security Office.


By Direction of the CIO:

Mira Lalovic-Hand,
SVP and Chief Information Officer   


  • No labels