Explainer: Remote Access Rule (4-004H)
Note: Rule 4-004H was deleted, effective September 12, 2023. For more information, please access the Node article “President Randall approves revised information security policy” or visit the U's Regulations website.
The University of Utah’s Remote Access Rule (4-004H) supports the Information Security Policy (4-004). The U’s IT security policy, rules, and procedures aim to protect the university’s IT resources, systems, and data, including that of students, patients, faculty, staff, guests, vendors, and others.
What does it say?
Rule 4-004H outlines the requirements (e.g., user credentials, authentication, and encryption) and user responsibilities when accessing the university’s IT resources, information systems, and information assets remotely. Remote access methods include but are not limited to Citrix, remote desktop protocol (RDP), secure shell (SSH), and virtual private network (VPN).
Users must not share their remote access session with others.
Why should I care?
The rule protects university IT assets, systems, and resources from myriad threats, such as ransomware, that could compromise the university’s IT security.
If cybercriminals gain access to the university’s IT systems and resources, they could potentially steal confidential information and deploy ransomware. IT security breaches can also harm the U’s finances and reputation, and the privacy of U students, patients, faculty, and staff.
Who does it apply to?
The rule applies to all university students, faculty, staff, patients, and business partners.
Up next in the May Node 4 newsletter — Network Security Rule (4-004I)
Our monthly newsletter includes news from UIT and other campus/ University of Utah Health IT organizations, features about UIT employees, IT governance news, and various announcements and updates.