U09 Remote Access Policy



Similar documents
Remote Access Policy

U06 IT Infrastructure Policy

REMOTE WORKING POLICY

IT ACCESS CONTROL POLICY

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

SECURITY POLICY REMOTE WORKING

Encrypt and Send Guide for Internal Users. How to send business or personally sensitive s securely

Defender EAP Agent Installation and Configuration Guide

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

Policy Document. Communications and Operation Management Policy

BlackBerry 10.3 Work and Personal Corporate

worldpay.com Understanding the 12 requirements of PCI DSS SaferPayments Be smart. Be compliant. Be protected.

SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY

Policy Document. IT Infrastructure Security Policy

Remote Access and Mobile Working Policy. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.1. Approval. Review By June 2012

Use of tablet devices in NHS environments: Good Practice Guideline

Information Services. Accessing the University Network using a Virtual Private Network Connection (VPN), with Windows XP Professional

Policy Based Encryption Gateway. Administration Guide

1 Outlook Web Access. 1.1 Outlook Web Access (OWA) Foundation IT Written approximately Dec 2010

Securing the NetSupport Client

Use of Exchange Mail and Diary Service Code of Practice

GCSx Guide for Internal Users. How to send sensitive business and personal information securely

Data Transfer Policy. Data Transfer Policy London Borough of Barnet

University of Sunderland Business Assurance PCI Security Policy

Data Access Request Service

Policy Based Encryption Gateway. Administration Guide

Payment Card Industry Data Security Standards.

BYOD Guidance: BlackBerry Secure Work Space

Cloud Services. Cloud Control Panel. Admin Guide

End User Devices Security Guidance: Apple ios 8

McAfee One Time Password

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

Prerequisite. Getting Started. Signing and Encryption using Microsoft outlook 2007

Secure Access Portal. Getting Started Guide for using the Secure Access Portal. August Information Services

A brief on Two-Factor Authentication

Remote Access End User Guide (Cisco VPN Client)

Prerequisite. Getting Started. Signing and Encryption using Microsoft outlook 2010

Windows Phone 8 devices will be used remotely over 3G, 4G and non-captive Wi-Fi networks to enable a variety of remote working approaches such as

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

PaperClip. em4 Cloud Client. Setup Guide

Simplify Your Network Security with All-In-One Unified Threat Management

IMS Health Secure Outlook Web Access Portal. Quick Setup

External Authentication with Checkpoint R75.40 Authenticating Users Using SecurAccess Server by SecurEnvoy

Document No.: VCSATSP Restricted Data Access Policy Revision: 4.0. VCSATS Policy Number: VCSATSP Restricted Data Access Policy

SCOPE OF SERVICE Hosted Cloud Storage Service: Scope of Service

Miami University. Payment Card Data Security Policy

White Paper On. PCI DSS Compliance And Voice Recording Implications

HomeNet. Gateway User Guide

Hosted Microsoft Exchange Client Setup & Guide Book

NAS 322 Connecting Your NAS to a VPN

External authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

Network Password Management Policy & Procedures

Remote Access and Home Working Policy London Borough of Barnet

IMAP and SMTP Setup in Clients

Hosted Microsoft Exchange Client Setup & Guide Book

WatchGuard Mobile User VPN Guide

ONE Mail Direct for Mobile Devices

Managed Hosting & Datacentre PCI DSS v2.0 Obligations

How To Audit A Windows Active Directory System

Dene Community School of Technology Staff Acceptable Use Policy

Recommendations. That the Cabinet approve the withdrawal of the existing policy and its replacement with the revised document.

Payment Card Industry - Data Security Standard (PCI-DSS) Security Policy

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

Rule 4-004G Payment Card Industry (PCI) Remote and Mobile Access Security (proposed)

SAS Agent for Outlook Web Access

Two-Factor Authentication (2FA) Registration Instructions Symantec VIP Access

How To Audit Health And Care Professions Council Security Arrangements

Guidance End User Devices Security Guidance: Apple ios 7

Setting Up on Your Palm. Treo 700wx Smartphone

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

Hosted Microsoft Exchange 2013 Service. Getting Started Guide

Remote Access Policy

Connecting an Android to a FortiGate with SSL VPN

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014

LINCOLNSHIRE COUNTY COUNCIL. Information Security Policy Framework. Document No. 8. Policy V1.3

BlackShield ID Best Practice

Transcription:

Plymouth City Council U09 Remote Access Policy December 2008 This document is copyright to Plymouth City Council and should not be used or adapted for any purpose without the agreement of the Council. Target Audience: Manager

Contents Document Control 3 Document Amendment History 3 1 Purpose 4 2 Scope 4 3 Governance factors 4 4 Remote Access Methods 4 5 Use of Remote Access methods 5 6 Usage Restrictions 6 7 Netilla Remote Administration 7 8 Methods of compliance with the controls 8 Only current as an electronic version in the document library Page 2 of 8

Document Control Organisation Plymouth City Council Title Remote Access Policy Creator John Finch Source Approvals Distribution Filename Owner Information Security Manager Subject Protective Marking Review date October 2008 Document Amendment History Revision Originator of Date of Change Description No. change change 0.1 John Finch 1/10/2007 Initial release for comment to ICT Team Leaders 0.2 Simon Hurrell 19/10/2007 Addition of remote connections 0.3 Mel Gwynn 24/10/2007 Minor changes to whole document 0.4 Richard 18/11/2007 Major rewording of whole document. Woodfield 0.5 Damean Miller 12/2/2008 Minor changes to wording 1.0 Release 1.1 John Finch 18/7/2008 Integration of PIM devices 1.2 John Finch 7/06/2011 Change of ICT terminology Only current as an electronic version in the document library Page 3 of 8

1 Purpose Remote access is connecting to the corporate computer system by any computer that is not connected to the Corporate Network using the Council infrastructure. The provision of Remote Access must be controlled in order to protect Council systems. The controls determine who can access Council systems, how they can access and what can be accessed. 2 Scope Council systems can be accessed remotely by various people: 2.1 Councillors and Staff whilst out of the office. 2.2 Staff to provide support for systems 2.3 Suppliers to provide Remote Administration on systems 2.4 Third Parties requiring approved access to Council systems 3 Governance factors Controls on remote connections to the corporate network arise from the rules predefined in the Codes of Connections required to allow the Council to use secure networks. Examples of secure networks include, but are not limited to: 3.1 Government Connect 3.2 Payment Card Industry Data Security Standard (PCI DSS) 3.3 Contact Point 3.4 Criminal Justice Board Remote connections must not be allowed to compromise compliance with a secure network Code of Connection. 4 Remote Access Methods The following methods provide remote access: 4.1 Virtual Private Network (VPN) 4.1.1 This uses an approved client installed on a computer which provides direct encrypted connectivity into the corporate network. 4.2 Netilla 4.2.1 Netilla provides secure remote access via a council hosted web portal. It utilises two factor authentication to prevent unauthorised access. 4.3 Outlook Web Access (OWA) 4.3.1 Council provided portal for remote access of Microsoft Outlook corporate email and other services. Only current as an electronic version in the document library Page 4 of 8

4.4 Fixed link i.e. National Health Service (NHS), or Southern Electric Contracting (SEC), (always outside the firewall). 4.5 Site-to-site VPN i.e. Devon County Pensions system 4.6 Dial up 4.6.1 Dial-up is only provided in limited circumstances to provide support when there is no other available option. 4.7 Third party remote support tools from the internet. 4.7.1 This option is not provided by the council; however they are used by some suppliers to provide support. 4.8 Personal Information Management (PIM) devices 4.8.1 The council approved PIM device is the BlackBerry. 5 Use of Remote Access methods The methods of remote access are only to be used in the following circumstances. 5.1 VPN 5.2 Netilla 5.1.1 Approved Councillors and Staff whilst out of the office using Council computers. 5.1.2 Suppliers to provide remote administration on systems. 5.2.1 Staff to provide support for systems. 5.2.2 Access to email and files whilst out of the office. 5.2.3 Suppliers to provide remote administration on systems. 5.2.4 Third parties requiring access to Council systems. 5.3 Outlook Web Access 5.3.1 Councillors and Staff whilst away from their dedicated computer. 5.4 Remote Access web tools 5.4.1 Essential support for systems that cannot be provided by other means. 5.5 PIM Devices Only current as an electronic version in the document library Page 5 of 8

6 Usage Restrictions 6.1 VPN 6.2 Netilla 5.5.1 Only Council provided devices that have the council security profile are to be used for Council business and service provision. 6.1.1 On Council computers, VPN must only be enabled using approved software installed by ISD. 6.1.2 On suppliers computers, used to provide remote administration on systems, VPN must only be enabled using approved software and must only give access to the system being supported. 6.2.1 Users must satisfy an approval process. 6.2.2 Each approved user will be given a token to provide two-factor authentication. 6.2.3 Tokens are not to be shared without permission. 6.2.4 Tokens assigned to suppliers providing remote support are to be kept with the Council. 6.2.5 Netilla Remote Administration procedures must be followed. See section 7. 6.2.6 Once the requirement for Netilla access has finished, the token must be returned to ICT. 6.3 Outlook Web Access (OWA) 6.3.1 Provided to all individual Councillors and Council staff who have access to email 6.3.2 Removed from Council accounts with access to GCSx mail, generic, Application and non Council staff accounts. 6.3.3 All temporary files to be cleared after use. 6.3.4 Data accessed via OWA must not be saved onto non Council computers or other equipment. 6.4 Remote Access web support 6.4.1 Access to Remote Web support websites must be individually approved. Only current as an electronic version in the document library Page 6 of 8

6.4.2 Remote access sessions initiated by the supplier must have the support session start logged by ICT before continuing. 6.4.3 Access must only be allowed when all applications apart from the supported application have been closed. 6.4.4 All files transferred to the corporate network in order to facilitate the connection must be removed when the session is finished. 6.4.5 The supplier must inform ICT when the session has finished. 6.5 Use of PIM devices 6.5.1 The use of the device must be conducted in compliance with the council s health and safety policy. 6.5.2 The PIM device is only to be connected to the council email system remotely. 6.5.3 The PIM device or any storage media used with it is not to be connected to any non-council equipment. 6.5.4 Internet browsing will be provided through the filtered service provided by the council. 6.5.5 The PIM device will be configured according to CESG security guidelines. 6.5.6 The PIM device must be protected by a password that is compliant with the CESG recommended password scheme. 6.5.7 All data stored on the PIM device or associated storage card must be encrypted. 6.5.8 Bluetooth will not be enabled on the PIM device by default. Bluetooth will be enabled on the device for use with a headset with a business case only. 6.5.9 The PIM device will not be enabled as a USB data storage device to prevent the transfer of data. 6.5.10 PIM devices will only be issued to staff who have undertaken an internal training session in their use within the Council. 7 Netilla Remote Administration by Third Parties 7.1 All Staff must be individually authorised. 7.2 Suppliers must name the individuals provided with access. 7.3 Each individual person must verify their identity. Only current as an electronic version in the document library Page 7 of 8

7.4 To verify their identity, each named individual will register the answers to secure questions, which will be asked before activation. 7.5 Suppliers must only have support sessions activated by ISD. 7.6 Suppliers must inform ICT when the session has finished. 8 Methods of compliance with the controls 8.1 ICT will provide procedures to control remote access which must be followed by all those using any method of remote access. 8.2 Councillors or Staff must initiate a security incident report if there is any actual or attempted remote access to the Council corporate system that has not been approved, or may compromise a code of connection to a secure network. Only current as an electronic version in the document library Page 8 of 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information