S 2.109 Assigning rights for remote access

Initiation responsibility: Head of IT

Implementation responsibility: Administrator

The external access to a public agency network or company network should be limited to the required extent with regard to the granted rights. In addition to the requirements described in S 2.8 Assignment of access rights, it should also be considered that the assignment of rights requires an even more restrictive approach for remote access.

For example, a telecommuter workplace does not necessarily require access rights for directories with software.

The rights granted for remote access should be regularly checked for necessity and up-to-dateness.

Review questions:

• Is external access to the internal network limited to the required extent?