Skip Navigation
small NCES header image
Weaving a Secure Web Around Education: A Guide to Technology Standards and Security
Home
  Table of Contents and Introductory Material
Chapter 1
  The Role of the World Wide Web in Schools and Education Agencies
Chapter 2
    Web Publishing Guidelines
Chapter 3
    Web-Related Legal Issues and Policies
Chapter 4
    Internal and External Resources for Web Development
Chapter 5
    Procuring Resources
Chapter 6
    Maintaining a Secure Environment
Conclusion
Appendices
Glossary
PDF File (1,119 KB)
Contact:
Ghedam Bairu
(202) 502-7304

Appendix E - 4: Policies and Procedures (Samples): Dial-In Access Policy

(Rhode Island Department of Education)

1. Purpose

The purpose of this policy is to protect [Agency Name]'s electronic information from being inadvertently compromised by authorized personnel using a dial-in connection.

2. Scope

The scope of this policy is to define appropriate dial-in access and its use by authorized personnel.

3. Policy

[Agency Name] employees and authorized third parties (customers, vendors, etc.) can use dial-in connections to gain access to the corporate, or agency, network. Dial-in access should be strictly controlled, using one-time password authentication. Dial-in access should be requested using the corporate account request process.

It is the responsibility of employees with dial-in access privileges to ensure a dial-in connection to [Agency Name] is not used by non-employees to gain access to company information system resources. An employee who is granted dial-in access privileges must remain constantly aware that dial-in connections between their location and [Company Name] are literal extensions of [Agency Name]'s corporate network, and that they provide a potential path to the company's most sensitive information. The employee and/or authorized third party individual must take every reasonable measure to protect [Agency Name]'s assets.

Analog and non-GSM digital cellular phones cannot be used to connect to [Company Name]'s corporate network, as their signals can be readily scanned and/or hijacked by unauthorized individuals. Only GSM standard digital cellular phones are considered secure enough for connection to [Agency Name]'s network. For additional information on wireless access to the [Agency Name] network, consult the Wireless Communications Policy.

Note: Dial-in accounts are considered "as needed" accounts. Account activity is monitored, and if a dial-in account is not used for a period of six months, the account will expire and no longer function. If dial-in access is subsequently required, the individual must request a new account as described above.

4. Enforcement

Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

National Center for Education Statistics - http://nces.ed.gov
U.S. Department of Education
Institute of Education Sciences
National Center for Education Statistics
U.S. Department of Education
NewsFlash | Staff | Contact | Help | RSS | Privacy Policy
Statistical Standards | FedStats.gov | ChildStats.gov