Remote Access Technology Policy

Last updated: 2023-08-08

In order to facilitate business goals, MoveIt allows employees remote access to it’s systems. This policy covers only the technical requirements for remote access - specifics about an individual’s working arrangements are to be worked out with management.

Goals

The primary goal of this policy is system security and integrity.

MoveIt has a variety of systems that may be accessed remotely. There are general requirements for all connections, and specific requirements for specific services. Generally speaking, these requirements are that all software is kept up to date and basic best practices are followed.

Non-Compliant Systems

Systems that cannot be updated to a compliant version, or that the user refuses to upgrade to a compliant system, may not connect remotely to MoveIt systems.

Proof of Compliance

Each user with remote access will provide proof of compliance every 6 months to the IT Manager in order to continue remote access. Proof will consist of screenshots showing compliance.

General Requirements

Supported Operating System

Any device connecting to MoveIt must be using an up to date, supported operating system. This is important to ensure that security fixes are available and applied. As of last update, these are, at minimum:

  • Windows 10, 10.0.19044
  • iOS 15.7.8 on iPhone
  • iPadOS 15.7.8 on iPad
  • macOS 11.7.9
  • Android 11 ‘Red Velvet Cake’

Version expectations will be updated as vendor support changes.

Proof of compliance for mobile devices shall consist of a screenshot of the version screen on the device.

Windows Updates

Windows users must have Windows Update enabled and set to automatically install updates - the default in Windows 10. They shall check the status of windows update regularly.

Proof of compliance for Windows users shall consist of a current screenshot that shows the Windows Update screen showing no updates available, along with the system date.

Proof of compliance for Apple users shall consist of a screenshot of the “Software Version” in the settings app.

Malware Protection

Windows users must have windows Defender installed, up to date, and have realtime protection enabled. No other antivirus software is required. Users should perform a full system scan at least every 6 months.

Proof of compliance shall consist of a screenshot of Windows Defender showing:

  • A current date for “Virus & threat protection updates” as well as “Last scan”.
  • The last scan should be of type “full scan” - perform a full scan and then take the screenshot after it finishes.
  • 0 threats found

Remote Access to Email

Desktop users of email shall use Thunderbird, as is done in the office. Thunderbird should have automatic updates enabled (the default) and be allowed to run on the most current version. Proof of compliance shall consist of a screenshot of the Help -> About window in Thunderbird, showing the version.

Mobile users of email shall use the Fastmail email client or OS provided Email app. Proof of compliance is not required.

Remote Access to Chat

Remote access to chat shall be provided via Slack. Proof of compliance is not required.

Remote Access to Indigo

Remote access to Indigo is provided over the VPN and only through the VPN. Remote users are required to use Two-Factor Authorization (2FA) when logging into the VPN and will disconnect the VPN while they are not actively using Indigo for business purposes. Remote users will never allow non-employees to use the device while the VPN is connected.

Most users then use Microsoft’s Remote Desktop Connection to access their office computer. Some users do not and run Indigo on their local computer. Proof of compliance for those users shall consist of a screenshot of the Indigo screen, showing it’s version in the title bar.