Remote Access Device Standard
George Mason University’s Information Technology Services (ITS) division maintains a Virtual Private Network (VPN) system that supports off-campus access to internal university networks and hosts. All remote access gateway devices shall meet the following requirements:
- VPN tunnels must use industry-standard strong encryption.
- VPN must prevent split tunneling, with an allowed exception for local network access.
- Active VPN sessions must time out after no more than 12 hours. Idle VPN sessions shall time out after no more than 60 minutes.
- Direct remote access to internal University network devices using Remote Desktop Protocol (RDP) or Secure Shell (SSH) protocol is prohibited.
- Passwords shall, at a minimum, comply with the same standards as Patriot Pass.
Last Reviewed Date: 10 January 2020
Version: 2.1
Date of last revision: 11 December 2019