Remote Access Best Practice
KCTCS limits the communication of data across remote connections with encrypted channels and protocols set up to serve remote access securely and effectively.
User ID Responsibility
All Employees, including third parties, are responsible for the activity performed with their personal user IDs, whether or not the connection is through either internal or external network facilities. User IDs should never be shared with associates, friends, family members, or others and must never be accessed by anyone other than the individuals to whom they have been issued. Employees are not to perform any activity with user IDs that belong to other individuals.
VPN/Direct Access
All connections to the sensitive data environment that originates from a location outside a KCTCS facility should be added into the approved VPN or Direct Access trusted group. The System Support Specialist can then approve or deny requests to this type of access and determine which mode of access fits the need of the user.
Third-Party Access to Internal Networks
In strictly controlled situations, a third party vendor may be authorized to access KCTCS's sensitive data environment. Both the owner of the information to which the third party will be given access and the project manager in charge of the third-party work should agree in writing to such access before it will be established. Remote-access for vendors and business partners may be activated only when needed for business purposes and must be approved by the Information Technology Manager. Vendor remote access should be deactivated after use.
Encrypted Links
Whenever a computer network connection is established between a computer and another computer at a location outside a KCTCS facility, and whenever this connection transmits or is likely to transmit Confidential KCTCS information, the link should be encrypted.