Remote Access Device Standard
Download the PDF version of the Remote Access User Standard.
Standard Information
Responsible Offices
IT Security Office (ITSO)
Additional Information
- Responsible Use of Computing (University Policy Number 1301)
- Information Technology Security Program (University Policy Number 1311)
- Information Technology Security Standard (ITS.ITS-STD003)
Document Control Number
ITS.ITSO-STD007
Last Reviewed Date
3/14/2024
Applies To
This standard applies to ITS personnel who maintain the VPN system for George Mason University.
Purpose
This document lists the standards used to support the University’s VPN system.
Definitions
Remote Access Software: Examples include RDP and SSH: RDP is a remote access communications protocol available on MS Windows operating systems. Secure Shell is a remote access protocol typically used with Unix/Linux based operating systems.
Virtual Private Network (VPN): VPN is a remote access service that creates a secure tunneled connection between an internet user and a trusted network. A VPN is used to provide an additional layer of security for remote access or to provide a presence on an internal network.
Remote Access Device Standard
All remote access gateway devices shall meet the following requirements:
- VPN tunnels must use industry-standard strong encryption.
- VPN must prevent split tunneling, with an allowed exception for local network access.
- Active VPN sessions must time out after no more than 12 hours. Idle VPN sessions shall time out after no more than 60 minutes.
- Direct remote access to internal University network devices using any method other than the university enterprise VPN is prohibited unless an exception has been submitted, reviewed, and approved. Passwords shall, at a minimum, comply with the University’s password complexity requirement.
Exceptions
See exceptions and exemptions section in the University IT Security Standards: IT Security Standards – Information Technology Services (gmu.edu).
Timetable for Review
This standard will be reviewed every 2 years at minimum.
Revision History
Version | Date | Organization/Author | Description of Changes |
---|---|---|---|
2.0 | 6/26/2018 | IT Security Office | Updates |
2.1 | 1/10/2020 | IT Security Office | Annual Review; Minor Revisions (reformatting) |
2.2 | 2/15/2021 | IT Security Office | Annual Review; Minor Revisions (reformatting) |
2.3 | 3/16/2023 | IT Security Office | Annual Review; Minor Revisions (reformatting and minor clarifications) |
2.4 | 3/14/2024 | IT Security Office | Annual Review: Minor revisions to the definitions of virtual private network and remote access software have been made, along with clarification of standard requirement 4. Added exception statement. |