Remote Access Configuration Requirements
On this page
1. Devices
1.1 Implement GC-approved endpoint management configurations for all remote access devices.
2. Authentication
2.1 Multi-factor authentication is used to authenticate all users of remote access solutions. Refer to the following guidance from the Canadian Centre for Cyber Security:
- 2.1.1 Secure Your Accounts and Devices With Multi-Factor Authentication (ITSAP.30.030)
- 2.1.2 User Authentication Guidance for Information Technology Systems (ITSP.30.031 v3)
3. Remote access services
3.1 Employ remote access services that provide a secure, encrypted connection through which information is sent, in order to protect the confidentiality and integrity of informationFootnote 1 as it travels over an untrusted network such as the Internet or other external network to the GC enterprise network. Leverage centrally managed remote access services such as those available from SSC.
3.2 Configure remote access services to use GC-approved pathways to the Internet. A GC approved pathway to the Internet enforces security measures including network-based cyber defense services and protective Domain Name System (DNS) services from the Canadian Centre for Cyber Security.
4. Systems management
4.1 Actively patchFootnote 2 all software applications, hardware and firmware installed on IT assets that enable remote access, including endpoint devices such as tablets, laptops, mobile devices and supporting infrastructure services to mitigate known software flaws and vulnerabilities.
4.2 Configure logging-on IT assets that enable remote access, in alignment with the GC Event Logging Guidance to improve the ability to detect and identify anomalous behaviours and for subsequent forwarding to an approved GC centralized security event and information log system to support incident response and forensic analysis.
Page details
- Date modified: