91ֱ��

Purpose

UMGC understands the need of its Users to access 91ֱ�� Information Resources from remote environments. The purpose of this Policy is to protect 91ֱ�� Information and Information Resources by providing the standards for remote access to computing resources as well as protect the 91ֱ�� from inappropriate use and unauthorized disclosure.

Scope

This Policy applies to all Users who remotely connect with or to 91ֱ�� Information Technology Resources to access 91ֱ�� Information and Information Resources.

Definitions

Defined terms are capitalized throughout this Policy and can be found in the Information Governance Glossary.

1. When remotely accessing 91ֱ�� Information or Information Resources, Users must follow 91ֱ�� Information Security policies at all times including the UMGC X-1.12 Acceptable Use Policy.
2. Users must only connect remotely to 91ֱ�� Information Resources for approved business use.
3. Users must follow the password and authentication requirements per the UMGC X-1.10 Identity and Access Management Policy.
4. All remote Information Technology Resources regardless of ownership must have the following appropriate security protections:
   1. Up-to-date anti-virus software,
   2. Up-to-date operating system and relevant security patches, and
   3. Firewall software, if technically feasible.
5. Only 91ֱ�� authorized software shall be used. The 91ֱ�� may remove any unauthorized software installed on the 91ֱ��'s Information Technology Resources.
6. Remote access through VPN must be activated only when needed and must be deactivated immediately after it is no longer required.
7. Any User who suspects or becomes aware of a device used for remote access is lost, stolen, or otherwise removed from the Users' control must contact the UMGC technical support service desk as soon as possible by calling��1-888-360-8682, or emailing��servicedesk@umgc.edu, or contacting Information Security.
8. Any method of re-routing 91ֱ�� traffic beyond the intended endpoint is prohibited unless authorized.
9. Users are not permitted to download or store Information considered Confidential or containing PII on their personal remote Information Technology Resources. This includes the transfer of such data to a personal (i.e., non-UMGC managed) cloud storage or any mobile storage device.
10. All remote access is subject to monitoring and audit.

Exceptions

Exceptions to this Policy should be submitted to Information Security for review and approval. If an exception is requested a compensating control should be documented and approved.

1. Suspected violations will be investigated and may result in disciplinary action in accordance with 91ֱ�� codes of conduct, policies, or applicable laws. Sanctions may include one or more of the following:
   1. Suspension or termination of access
      
   2. Removal of devices determined to be using the 91ֱ��'s networking resources inappropriately or in violation of the Acceptable Use Policy.
   3. Termination of employment
   4. Student discipline in accordance with applicable 91ֱ�� policies
   5. Civil or criminal penalties
2. Report suspected violations of this Policy to��infosec@umgc.edu, or to the appropriate Data Steward. Reports of violations are considered Confidential Data until otherwise classified.
3. The 91ֱ�� reserves the right to disconnect any resource from 91ֱ�� networks until suspected Security Incidents are resolved.

1. Most recent versions:
   1. USM IT Security Standards
   2. NIST SP 800-171 “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations”
   3. Cybersecurity Maturity Model Certification (CMMC)

1. UMGC Policy X-1.02 Data Classification
2. UMGC Policy X-1.04 Information Security
3. UMGC Policy X-1.05 Information Security Awareness and Training��
4. UMGC Policy X-1.06 Information Security Incident Response��
5. UMGC Policy X-1.12 Acceptable Use
6. UMGC Policy X-1.19A Account Management (UMGC Learner Community)
7. UMGC Policy X-1.19B Account Management (UMGC Workforce)