Policy 13 - Remote Access Policy
1.0 Purpose
The purpose of this policy is to provide guidelines for remote access connections to the Murray State University network. Any questions or comments about this policy should be directed to Information Systems.
2.0 Scope
This policy applies to students, faculty, staff, or individuals external to MSU that utilize remote access connections to the MSU internal network.
3.0 Policy
Approved Murray State University employees and authorized third parties (customers, vendors, etc.) may use Murray State University's VPN or other approved remote access tools, which is a "user managed" service. This means that the user is responsible for selecting an Internet Service Provider (ISP), coordinating installation, installing any required software, and paying associated fees.
Users must also abide by the following general guidelines, as well as the VPN Standards.
It is the responsibility of employees with VPN or remote access privileges to ensure that unauthorized users are not allowed access to Murray State University internal networks.
VPN gateways and remote access technology will be set up and managed by Murray State University Information Systems staff.
Users of computers that are not Murray State University-owned equipment must configure the equipment to comply with Murray State University’s Remote Access and Network policies.
Only Information Systems-approved VPN clients and remote access software may be used.
All remote access to the Murray State University network must utilize multi-factor authentication unless otherwise authorized by Information Systems.
4.0 Enforcement
Anyone found to have violated this policy may be subject to disciplinary action according to personnel policies and procedures. A violation of this policy by a temporary worker, contractor or vendor may result in the termination of their contract or assignment with Murray State University.
5.0 Definitions
Multi-factor Authentication (MFA)
A multi-step account login process that requires users to enter more information than just a password. For example, along with the password, users might be asked to enter a code sent to their email, answer a secret question, etc. MFA always includes at least two different factors containing something you know (password), something you have (phone), something you are (biometrics).
Policy adopted: 2-25-2011
Revision adopted: 08-21-2024
Policy approval and adoption: Murray State University President's Office and Information Systems Security