BGSU Remote Access Standards

Purpose

The purpose of this standard is to establish guidelines and procedures for remote access to Bowling Green State University's (BGSU) network and computing resources to ensure the security and confidentiality of university information.

Scope

This standard applies to all employees, contractors, and vendors who use remote access to access BGSU's network and computing resources.

Standard

  1. Authorized remote access: Remote access to BGSU's network and computing resources is authorized for employees, contractors, and vendors who have a business need to access university information while working remotely. Remote access must be approved by the appropriate supervisor or department head.  In the event of a non-standardized request, IT Security will review the request for remote access.
  2. Remote access methods: Remote access methods that exist at BGSU include virtual private network (VPN), remote desktop protocol (RDP), and Secure Shell (SSH). All other remote access methods are prohibited.
  3. Authentication and authorization: All remote access users must authenticate and authorize themselves using BGSU's multi-factor authentication system from a BGSU owned and managed device. Remote access users are responsible for keeping their authentication credentials confidential and secure.
  4. Security requirements: Remote access users must adhere to the following security requirements and University security controls: 
    1. Computing devices must be updated with the latest security patches and anti-virus software. 
    2. Use strong and unique passwords for their authentication credentials. 
    3. Keep their authentication credentials confidential and secure. 
    4. Disconnect from remote access when not in use. 
    5. Report any security incidents or suspicious activity to the IT Security Team.
  5. Prohibited remote access: Undergraduate students and undergraduate student workers are prohibited from using VPN for remote access.
  6. Non-compliance: Non-compliance with this standard may result in disciplinary action.
  7. Review: This standard will be reviewed annually by the Director of Information Security and updated as necessary.

Conclusion

Remote access to BGSU's network and computing resources is a privilege that must be granted and managed carefully. By adhering to this standard, BGSU can ensure the security and confidentiality of university information.

Last Updated 5/22/23

Updated: 05/22/2023 09:33AM