Remote Access for Employees and Contractors
Number: ENT-SEC-130
Established for: State of Montana Information Technology Enterprise
Steve Bender, Acting Director
Department of Administration
November 20, 2001
Policy - Requirements
SCOPE
This policy applies to all state employees and state contractors accessing a state computer or system that resides on the inside of the state's Internet firewall, including all state agencies as well as local government entities. This policy does not apply to colleges and universities, the Commissioner of Higher Education Office, or public access computers in libraries.
PURPOSE
The Summit Net Executive Council has the responsibility to ensure that the state's information technology resources are used in the most secure manner. The following policy relates to the access to state information technology resources through remote access for employees as well as contractors with the State of Montana. This policy outlines the requirements established for remote access to state computing resources and the appropriate use of this access.
REQUIREMENTS
ITSD will provide a secured connection via dedicated, dialup or Internet connection, to access all state information technology resources. Agencies are to use only this connection for remote access into the state's information technology resources. Any remote access mechanisms used prior to this policy will be migrated to the connection provided by ITSD by September 1, 2002.
The appropriate agency administrator must provide requests for remote access for each employee or contractor in writing to ITSD. ITSD will provide the agency with the procedures to be used so that their employee or contractor can connect to the state network.
Remote access users are obligated to abide by all computing policies of the state and the agency. Access will be granted for legitimate business uses of the State of Montana and not for personal use. Access to the state's information technology resources by unauthorized remote users will be considered a violation of state policy.
ITSD may grant exceptions to this policy to an agency if the secured remote service provided does not meet Federal or some other contract requirements. A full security review of the agency's proposed exception will be conducted by ITSD to ensure that the request and proposed solution meet enterprise security requirements.
Background - History on the creation of or changes to this policy
The Computing Technology Services Bureau of the Information Technology Services Division created this policy.
This policy was distributed to the SummitNet Executive Council for comment prior to adoption.
Guidelines - Recommendations, not requirements
There are no guidelines for this policy.
References - Laws, rules, standard operating procedures and applicable policies
2-17-512 and 2-17-532-534, MCA; ARM 2.13.102; ARM 2.13.107; MOM 1-0250; MOM 3-0130; MOM 3-0620 (now included in MOM 3-0630 ); Internet Acceptable Use Policy,SummitNet Acceptable Use Policy, Transmission Privacy Policy, User Responsibilities Policy.