University Policies

Page tree

Versions Compared

Old Version 9

changes.mady.by.user O'Neill, Erin E.

Saved on

compared with

New Version Current

changes.mady.by.user O'Neill, Erin E.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Refer to the Rowan University Technology Terms and Definitions for terms and definitions that are used in this policy.

V. POLICY

All University systems must comply with the following requirements:

  1. All university remote access technologies will be configured and managed by the Division of  Information Resources & Technology (IRT).
  2. All remote access must use university-approved, end-to-end encrypted protocols such as TLS x.x, IPsec, SSH, etc. 
  3. All university remote access technologies must be configured to automatically disconnect after a preset amount of inactivity and/or after a predetermined length of time.
  4. Remote access sessions will be logged and monitored in accordance with IRT standards and practices.
  5. All university remote access technologies must employ a secure multi-factor authentication mechanism in accordance with IRT standards and practices.
  6. Devices that are used to remotely connect to university administrative applications must also be managed by IRT.
  7. The following configuration requirements must be enabled on all devices that support them:
    1. Antivirus software must be installed and configured to scan on a recurring schedule.
    2. The latest antivirus definitions must be updated and installed on a recurring schedule.
    3. The latest available patches for the remote access device’s operating system and applications must be configured to automatically download and install on a recurring schedule.
  8. The deployment of new remote access technologies must be approved by the Information Security Office (ISO) and IRT management.
  9. All contractors and vendors that require remote access as part of their job requirements with the university must complete security awareness training and fill out and sign the university remote access request form and Non-Disclosure Agreement (NDR). Each request will be reviewed and approved by the ISO and IRT management.
  10. Non-Rowan-managed devices used for remote access cannot be used to store or save confidential data. (Review our data classification article for full details on data types and appropriate usage.)
  11. Remote access users must not share their login credentials and should take all reasonable efforts to avert accidental disclosure.
  12. Remote access users must ensure that their remotely connected workstation is not connected to any other external network at the same time.
  13. Students will be granted remote access privileges only from Rowan-managed systems.
  14. Affiliates that require a permanent remote access connection must be approved by the Information Security Office.

VII. NON-COMPLIANCE AND SANCTIONS

...