Differences

This shows you the differences between two versions of the page.

--- wiki:policies:access [2023/11/15 22:38]
katcow
+++ wiki:policies:access [2024/01/24 19:42] (current)
katcow [Revision History]
@@ Line 48: / Line 48: @@
 Individuals who are not employees, contractors, consultants, or business partners must not be granted a user-ID or otherwise be given privileges to use Nested Knowledge internal information systems unless the written approval of a Department Lead has been obtained. Before any third party or business partner is given access to this Nested Knowledge computers or internal information systems, a confidentiality, non-disclosure, or other similar agreement defining the terms and conditions of such access must have been signed by a responsible manager at the third party organization.
-**Access for Law Enforcement and Authority:**
+=== Access for Law Enforcement and Authority: ===
 Nested Knowledge will not disclose information unless:
@@ Line 72: / Line 72: @@
   * Social media accounts
   * Company-issued devices (laptops)
+=== Network Devices ===
+Nested Knowledge does not manage network devices in its production environment, which are handled by AWS. See Remote Working Environmental Controls for internal systems.
 ===== IV. Audit Trails and Logging =====
@@ Line 109: / Line 113: @@
 === Remote Working Environmental Controls: ===
-Equipment should be located and/or protected to reduce the risks from environmental threats and hazards, and opportunities for unauthorized access.
+Equipment should be located and/or protected to reduce the risks from environmental threats and hazards, and opportunities for unauthorized access. At a minimum, remote employees must:
+  * Update default router administrator password
+      * Following our [[:wiki:policies:password|]]
+  * Disable remote access to the router
+  * Enable wireless encryption (WPA2/3) on their home network
+  * Store company devices behind locked doors
-For cloud-related access protocols, please refer to our [[:wiki:policies:cloud|Cloud Security Policy]].
+Employees will be trained upon hire and updated on an annual basis. For cloud-related access protocols, please refer to our [[:wiki:policies:cloud|Cloud Security Policy]].
 ==== Compliance Statement ====
@@ Line 120: / Line 130: @@
 ^Author^Date of Revision/Review^Comments|
-|K. Holub|9/28/2023|Annual Review|
+|K. Holub|12/18/2023|Remote working controls added|
+|K. Cowie|01/24/2023|Review and minor revisions to workstation policy|
 |K. Kallmes|1/20/2022|Approved; removed chain of trust language|
 |P. Olaniran|10/6/2022|Minor revisions|
-|K. Cowie|01/24/2023|Minor revisions to workstation policy|
 [[:wiki:policies|Return to Policies]]

Nested Knowledge

User Tools

Site Tools

Differences

Page Tools