IT-10 – Remote Access

What is this control really about?

This control is ensuring that your organization has implemented secure measures for remote access to your organization’s sensitive information. This is particularly important in the age of telecommuting.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, because we haven’t personally used them. 

Available templates

TrustCloud has a curated list of templates internally or externally sourced to help you get started. Click on the link for a downloadable version:

• Externally sourced Remote access policy template

What is required to implement this control?

First, you would need to document in your IS policy the secure practices that all your employees need to observe for a secure remote work access.

Then, you need to implement some secure practices to enforce the security of the remote access. Some tools to consider implementing are:

• VPNS
• Zero trust network access
• Endpoint security
• Privileged access management

What evidence is the auditor looking for?

• Documented remote access policy
• Remote access tool configuration settings

An example of what an artifact can look like

1. Documented remote access policy

• Externally sourced Remote access policy template

2. Remote access tool configuration settings

Source

This is an example of VPN configuration. There may be many other ways to evidence remote access tool. This is visual representation of what the evidence can look like.