Skip Main Navigation
Official Nebraska Government Website
Skip Side Navigation
Standards and Guidelines Icon

NITC 8-303: Remote Access Standard

Category: Security Architecture
Applicability: Applies to all public entities, state agencies, boards, and commissions, excluding higher education
History: Adopted on February 22, 2007. Amended on March 4, 2008 (by NITC 1-103).
Attachment A: Approved Remote Access Products (Attachment A: Approved Remote Access Products PDF)

1. Standard

It is the responsibility of all State of Nebraska agencies to strictly control remote access from any device that connects from outside of the State of Nebraska network to a desktop, server or network device inside the State of Nebraska network and ensure that employees, contractors, vendors and any other agent granted remote access privileges to any State of Nebraska network utilize one of the approved secure remote access products listed in Appendix A. (Approved Remote Access products).

2. Purpose and Objectives

As employees and organizations utilize remote connectivity to the State of Nebraska networks, security becomes increasingly important. Accompanying and contributing to this trend is the explosive growth in the popularity of broadband connections and other technologies for remote access. These standards are designed to minimize the potential exposure from damages which may result from unauthorized use of resources; which include loss of sensitive or confidential data, intellectual property, damage to public image or damage to critical internal systems, etc. The purpose of this document is to define standards for connecting to any State of Nebraska agency from any host.

Objectives include:

  • Provide guidance to State of Nebraska agencies for employees, contractors, vendors andany other agent that requests remote access to any State of Nebraska network.
  • Provide a high level of security that uses standardized technology and remains adaptable in the face of changing technology products.
  • Ensure a solution that is scalable to meet the current and future needs of state agencies, their employees, clients and customers, and business partners.
  • Meet federal security requirements for remote access control.

3. Applicability

3.1 State Government Agencies

All State agencies, boards, and commissions are required to comply with the standard listed in Section 1. All existing Agencies utilizing non-standard remote access applications must convert to the standard listed in Section 1 as soon as fiscally prudent.

4. Responsibility

4.1 NITC

The NITC shall be responsible for adopting minimum technical standards, guidelines, and architectures upon recommendation by the technical panel. (Neb. Rev. Stat. ยง 86-516(6))

4.2 State Agencies

Each state agency will be responsible for developing a policy that ensures that secure remote access to State resources is maintained, and/or implemented, including but not limited to selecting appropriate technologies, software, and tools in a manner consistent with this standard and other state agency security policies.

Each state agency will be responsible for ensuring that the computers connected to State resources contain an Anti-Virus program with current signatures and that the computer is free from Spyware, Adware, and rootkits that would place State resources in jeopardy.

4.2.1 Remote Access from Non-State Owned and/or Managed Devices

All Remote Access Users must sign and renew annually an agreement with the agency which addresses at a minimum the following:

  • Remote access users are responsible for all actions incurred during their sessionin accordance with all State of Nebraska and agency standards and policies.
  • All home networks connected to the Internet via a broadband connection should have a firewall installed, updated and operational.
  • Web browsers settings should be selected or disabled as appropriate to increase security and limit vulnerability to intrusion.
  • Operating systems should contain the most current security patches.
  • All home computers must contain an Anti-Virus program with current signatures and that the computer is free from Spyware, Adware, and rootkits.

5. References