Boise State University Policy #8130
Effective Date: December 2013
To state the requirements for remote access to computing resources hosted at Boise State University using remote access technologies.
Applies to all Boise State employees, students, and third parties.
Information Security Services, 426-5501
Authorized Third Party – Any individual, entity, or vendor providing services to the University that is not employed by the University.
Information Security Officer (ISO) – The individual responsible for protecting confidential information in the custody of the university; the security of the equipment and/or repository where this information is processed and/or maintained and the related privacy rights of university students, faculty and staff concerning this information.
Internet Service Provider (ISP) – A business or organization that offers user(s) access to the Internet and related services.
Log-in Credentials – University assigned username and private personal password.
Private Network Resource – A resource or service provided to on-campus clients but is not available to individuals accessing Boise State’s network from the Internet.
Remote Access – The ability to log-in to a network from a distant location.
Remote Access Connection – A secured private network connection built on top of a public network, such as the Internet.
User Managed Service – A service where the user is responsible for selecting an Internet Service Provider (ISP), coordinating installation, installing any required software, and paying associated fees.
Virtual Private Network (VPN) – A secure connection to a private network through a public network.
- I. Policy Statement
- Approved Boise State employees, students, and authorized third parties (entities) may use the benefits of the Boise State provided VPN technology. The VPN connection is made via a User Managed Service with appropriate university Log-In Credentials. This policy aims to minimize the potential exposure to Boise State from damages which may result from unauthorized use of Boise State resources. Damages include the loss of protected data, intellectual property, damage to public image, damage to critical Boise State internal systems.
- II. Requirements
- A. Authorized Boise State employees, students, and entities must use the Boise State provided VPN technology as outlined in the VPN Standards.
- B. Secure Remote Access must be strictly controlled. Control is enforced via Boise State’s VPN gateway.
- C. No one should provide their Log-in Credentials to another person.
- D. People and entities with Remote Access privileges must ensure their Boise State-owned/personal computer or device is not connected to another network while it is connected to the Boise State private network.
- E. All systems connected to Boise State’s non-public networks via Remote Access must meet the requirements defined in the Minimum Security Standard for Systems.
- F. Organizations or individuals who wish to implement non-standard Remote Access solutions to the Boise State production network must obtain prior approval from the Information Security Officer (ISO).