Remote Access Security Requirements

Introduction

The need to access information and perform work remotely frequently arises and presents special challenges with regard to security and privacy. In consideration of these challenges, the following requirements have been assembled to ensure a reasonable level of security and raise awareness for the need to handle sensitive information appropriately.

Scope

These requirements apply to all users and devices remotely accessing UA sensitive information.

Security Requirements

Minimum Standard Compliance

Systems and users performing work remotely must adhere to the standards outlined in the 'OIT Minimum Security Standards for Desktop Systems' document or other applicable standard published by the University.

Sensitive Data Handling

Information classified as being sensitive in nature should be handled in accordance with the security controls described in the 'UA Minimum Data Security Standards', any restrictions published by the respective MAU or data owner, and in accordance with any legal requirements pertaining to the data. For example, certain controls may require one to encrypt data while storing it, use specific encrypted/secure transmission methods, or to delete/destroy the data in a secure fashion. It is the users responsibility to be aware of any such controls and ensure their implementation.

Secure Remote Access

 Remote access of sensitive information must be performed using a supported VPN technology or other secure method approved for use by the UA Chief Security Officer. For more information on remote access, please contact the OIT Support Center (see the 'Links' section).

Inquiries & Information

 For more information, questions, and details regarding the above mentioned standards, please visit the OIT Security Administration website at the following link.

Links