Remote Access (Policy 8130)
University Policy 8130
Information Security Officer, (208) 426-5501
Scope and Audience
This policy applies to all Boise State employees, students, and third parties.
- University Policy 8000 (Information Resource Use)
- University Policy 8060 (Information Privacy and Security)
- Minimum Security Standard for Systems
1. Policy Purpose
To state the requirements for remote access to computing resources hosted at Boise State University using remote access technologies.
2. Policy Statement
Approved Boise State employees, students, and authorized third parties (entities) may use the benefits of the Boise State provided VPN technology. The VPN connection is made via a User Managed Service with appropriate university credentials. This policy aims to minimize the potential exposure to Boise State from damages which may result from unauthorized use of Boise State resources. Damages include the loss of protected data, intellectual property, damage to public image, damage to critical Boise State internal systems.
3.1 Authorized Third Party
Any individual, entity, or vendor providing services to the University that is not employed by the University.
3.2 Information Security Officer (ISO)
The individual responsible for protecting confidential information in the custody of the university; the security of the equipment and/or repository where this information is processed and/or maintained and the related privacy rights of university students, faculty and staff concerning this information.
3.3 Internet Service Provider (ISP)
A business or organization that offers user(s) access to the Internet and related services.
3.4 Log-in Credentials
University assigned username and private personal password.
3.5 Private Network Resource
A resource or service provided to on-campus clients but is not available to individuals accessing Boise State’s network from the Internet.
3.6 Remote Access
The ability to log-in to a network from a distant location.
3.7 Remote Access Connection
A secured private network connection built on top of a public network, such as the Internet.
3.8 User Managed Service
A service where the user is responsible for selecting an Internet Service Provider (ISP), coordinating installation, installing any required software, and paying associated fees.
3.9 Virtual Private Network (VPN)
A secure connection to a private network through a public network.
4. Responsibilities and Procedures
a. Authorized Boise State employees, students, and entities must use the Boise State provided VPN technology as outlined in VPN Standards.
b. Secure Remote Access must be strictly controlled. Control is enforced via Boise State’s VPN gateway.
c. No one should provide their login credentials to another person.
d. People and entities with Remote Access privileges must ensure their Boise State-owned/personal computer or device is not connected to another network while it is connected to the Boise State private network.
e. All systems connected to Boise State’s non-public networks via Remote Access must meet the requirements defined in the Minimum Security Standard for Systems.
f. Organizations or individuals who wish to implement non-standard Remote Access solutions to the Boise State production network must obtain prior approval from the Information Security Officer (ISO).
5. Related Information
Minimum Security Standards for Systems