History

2008

Agencies should consider the following additional controls when implementing remote access systems: a. appropriate use policies and procedures b. system user training and education c. encryption of data at rest and in transit d. application white listing e. host intrusion detection systems f. network access control g. host-based personal firewalls h. device-level authentication i. user-level authentication j. hardened standard operating environment.