Category: Security Architecture
Applicability: Applies to all public entities, state agencies, boards, and commissions, excluding higher education
History: Adopted on February 22, 2007. Amended on March 4, 2008 (by NITC 1-103).
Attachment A: Approved Remote Access Products (Attachment A: Approved Remote Access Products PDF)
It is the responsibility of all State of Nebraska agencies to strictly control remote access from any device that connects from outside of the State of Nebraska network to a desktop, server or network device inside the State of Nebraska network and ensure that employees, contractors, vendors and any other agent granted remote access privileges to any State of Nebraska network utilize one of the approved secure remote access products listed in Appendix A. (Approved Remote Access products).
As employees and organizations utilize remote connectivity to the State of Nebraska networks, security becomes increasingly important. Accompanying and contributing to this trend is the explosive growth in the popularity of broadband connections and other technologies for remote access. These standards are designed to minimize the potential exposure from damages which may result from unauthorized use of resources; which include loss of sensitive or confidential data, intellectual property, damage to public image or damage to critical internal systems, etc. The purpose of this document is to define standards for connecting to any State of Nebraska agency from any host.
All State agencies, boards, and commissions are required to comply with the standard listed in Section 1. All existing Agencies utilizing non-standard remote access applications must convert to the standard listed in Section 1 as soon as fiscally prudent.
The NITC shall be responsible for adopting minimum technical standards, guidelines, and architectures upon recommendation by the technical panel. (Neb. Rev. Stat. § 86-516(6))
Each state agency will be responsible for developing a policy that ensures that secure remote access to State resources is maintained, and/or implemented, including but not limited to selecting appropriate technologies, software, and tools in a manner consistent with this standard and other state agency security policies.
Each state agency will be responsible for ensuring that the computers connected to State resources contain an Anti-Virus program with current signatures and that the computer is free from Spyware, Adware, and rootkits that would place State resources in jeopardy.
All Remote Access Users must sign and renew annually an agreement with the agency which addresses at a minimum the following: