Vpn Remote Access Security User Form

VPN REMOTE ACCESS SECURITY USER FORM

Please check the box below that represents your security request:

VPN: If checked, please complete the VPN Section below.

VPN MODIFICATION: Please advance to page 3 - VPN MODIFICATION section.

Agency Name

What Application/Service do you wish to access?

VPN Justification

Are you a NM state employee? YES (If yes, please skip to CONTACT INFORMATION on Page 2)

NO

VPN SECTION

Contractor, with permission from Agency, the State of New Mexico (sponsor), has been given authorization by the Department of Information Technology to remotely assess

, System by means of VPN connection. The connection has been authorized by

, Chief Information Officer of your Agency. (Substituting authorization by a person with equal or greater authority than the CIO is acceptable as well.)

The will assume full liability for ensuring the contractor staff who have VPN access have been approved by the , sponsor.

The Project Director and approved contractors understand that the State of New Mexico has no current mechanism in place to validate and maintain the security level of the remote host (workstation) that the contractor uses to initiate a VPN tunnel. As a result, there is an elevated risk of virus attack to network and server resources. The State of New Mexico is also unable to monitor and control untrusted user compliance with the State of New Mexico computer usage policies and procedures.

The Department of Information Technology policies are in accordance with the following State of New Mexico Architectural Configuration Requirements:

1. Authentication and Directory Services: http://cio.state.nm.us/content/rulesACRs/2005/S-STD-001-002.pdf

2. Account Management: http://cio.state.nm.us/content/itcCommittees/ac/dt/S-STD-004-001.pdf

3. Personal Security: http://cio.state.nm.us/content/itcCommittees/ac/dt/S-STD-011-001.pdf

4. Internet, Intranet, E-mail and Digital Network Usage http://cio.state.nm.us/content/rulesACRs/TITLE%201.12.10_GENERAL%20GOVERNMENT%20ADMINISTRATION.pdf

5. Remote Access Security Policy N-Std-019

The following policies shall be adhered to by the Contractor and their Sponsor:

1. The duration of these accounts will be set for a limited period of time. The requested Contractor accounts will
be set to expire ninety days from the time of initialization.

2. Clients will be disconnected from the network after 30 minutes of inactivity.

3. A VPN connection will be immediately disconnected and disabled if any suspicious activity is observed within
that connection.

4. Strong passwords will be used.

5. Remote workstation will be scanned for updated virus software. A TEAM TRACK request will be submitted to
the Department of Information Technology help desk for tracking purposes. Please call (505) 827-2121 if you
have any questions.

VPN USER CONTACT INFORMATION

It is required that the Requestor provides the following contact information:

Name Email Address Phone #

Supervisor Name Title Phone #

Sponsoring Agency Contact Person Phone #

CIO/Tech Lead at Sponsoring Agency Phone #

Once the account is created, a Department of Information Technology Security representative will contact the user with a login name and password.

Approved Signature Today’s Date

VPN DESTINATION INFORMATION

Please provide the following information.

Service Port # or Name

Server Name IP Address Example: Telnet and/or Port 23 Application Name

VPN MODIFICATION

Mod

VPN User Name

Description of Change

Effective State Date

1.  Click “FILE”

2.  Click “ATTACH TO EMAIL” to for processing

John F. Simms Jr. Bldg. / 715 Alta Vista Street, Santa Fe New Mexico 87505 / www.doit.state.nm.us / 505-827-0000