Remote Access User Standard
The purpose of this standard is to define the user’s requirements for connecting to George Mason University’s network from any host. These standards are designed to minimize the potential exposure to George Mason University from damages which may result from unauthorized use of George Mason University resources. Damages include the loss of highly sensitive or university confidential data, intellectual property, damage to public image, and damage to critical George Mason University internal systems. All remote access users are required to comply with University Policy 1301 Responsible Use of Computing and all other applicable George Mason University information security policies.
This standard applies to all remote access users.
Level One (Applies to students)
- Remote access by students is limited to the BYOD (Bring Your Own Device) network established by Information Technology Services (ITS).
Level Two (Applies to all Mason employees and contractors requiring remote access to George Mason internal networks):
- It is the responsibility of all users with remote access privileges to ensure that unauthorized users are not allowed access to George Mason internal networks.
- All hosts, including personal computers, which connect to George Mason internal networks via remote access technologies, must use the most current version of the centrally supported anti-virus program for specific operating systems.
- All hosts that connect to George Mason internal networks via remote access technologies must have current security patches applied to their operating systems and software applications.
- All hosts, including personal computers, which connect to George Mason internal networks via remote access technologies must use a host firewall.
- Two-factor authentication (2FA) is required to authenticate all remote access VPN sessions connecting to George Mason’s internal networks.
Level Three (Applies only to users accessing highly sensitive data):
In addition to Level Two requirements, the following applies to all users who require access to highly sensitive data and/or systems. For more information on what is considered highly sensitive data see the following website: https://its.gmu.edu/working-with-its/it-security-office/highly-sensitive-data/
- All hosts must be University-owned and managed systems; all Windows and Mac hosts must be centrally managed by ITS-supported enterprise endpoint management systems.
- All hosts that store highly sensitive data must utilize enterprise-managed full disk encryption where available. Where required based upon legitimate business need the user must request explicit permission to store the data. Contact the ITS Support Center to request permission to store highly sensitive data: https://its.gmu.edu/knowledge-base/how-does-someone-begin-the-process-of-obtaining-authorization-to-store-highly-sensitive-data-hsd/.
IV. Acronyms, Terms & Definitions
|Highly Sensitive Data||Data that (1) could lead to identity theft or exposure of personal health information if exposed, or (2) has been identified by a researcher, funding agency, or research partner as requiring a high level of security protection.|
|Jamf Pro||Jamf Pro is a software tool for managing Mason-owned Macs that enables ITS to inventory hardware, distribute software and fixes, improve security, and get a better understanding of the Mac community at Mason.|
|Two Factor Authentication (2FA)||2FA service is a higher-security login process, which provides a second layer of protection to a user’s identity, as well adding protection to data, systems, and services.|
|MESA Active Directory Environment||MESA Active Directory Environment|
Date of last revision: 16 February 2021