Remote Access | AC-17

Description

• All forms of remote access must have appropriate safeguards to protect the confidentiality, integrity, and availability of the information Example safeguards include encrypted communication channels, and multi-factor authentication.
• Remote access to an information resource must be approved by the Chief Information & Technology Officer's designee and the Cybersecurity Manager before access is made
• Information Resource Owners or their designees are responsible for documenting usage restrictions, configuration/connection requirements and implementation guidance if remove access to systems under their control is allowed. At a minimum:
  • Remote access to MCC-owned information resources must be conducted using a MCC controlled, encrypted point-to-point tunnel. Examples include the MCC Virtual Private Network (VPN), SSH, Microsoft Remote Desktop Protocol (RDP) over TLS, TN3270 over TLS and HTTPS over TLS.
  • RDP must be configured to require appropriate network encryption such as TLS.
  • RDP and SSH connections must initiate within the MCC network or through a secure Public access for these services is not allowed.

Last updated: 5/8/2026