Policy Statement

The purpose of this policy is to define how the University of Florida controls Remote Access to university information systems and networks in order to prevent unauthorized use.

Applicability

This policy applies to all methods the university implements to allow remote access to its services, information systems and networks

Definitions

Information System: An individual or collection of computing and networking equipment and software used to perform a discrete business function. Examples include the eLearning System, ISIS, the EPIC electronic medical records system, a lab system and associated PC or the set of desktop computers used to perform general duties in a department.

Remote Access: Methods allowing authorized users to interact with university information systems and networks via methods or networks not controlled by the university (e.g. The Internet). Examples of remote access include Virtual Private Networks (VPN), remote desktop and terminal sessions.

University of Florida IT Support Team: Any member of the University of Florida Constituency that provides information technology support activities for a sub-set of University of Florida users.

Policy Specifics

  1. All methods the university provides to offer remote access to services and information systems must be assessed for security, approved, documented and controlled. The university will permit external network access only to approved remote access end points.
  2. Remote access methods must employ appropriate security technologies to secure the session, as well as prevent unauthorized.

Review and Adjudication

  1. All members of the University of Florida Constituency are responsible for protecting remote access methods, devices and credentials assigned to them. Users are responsible for maintaining the security of computers and devices used to remotely access university resources.
  2. Information Security Managers (ISMs) are responsible for documenting and implementing controls for all remote access methods implemented within their unit. ISMs are also responsible for monitoring of unit-implemented remote access methods for unauthorized use, and taking appropriate action upon discovery of unauthorized use, including notification of the UF Information Security Incident Response Team.
  3. The Vice President and Chief Information Officer (CIO) is responsible for approval of remote access methods and resources.
  4. The Vice President and Chief Information Officer (CIO) is responsible for implementing systems and specifications to facilitate unit compliance with this policy.

Policy Violations

Failure to comply with this policy could result in disciplinary action for employees, up to and including termination. Volunteers may have their volunteer status terminated.

History

Revision DateDescription
December 14, 2016 Policy originally adopted
  Policy updated