The URL can be used to link to this page

Home My WebLink AboutF13.0 Third Party Network Connections �'l3llRl�ll `Y 111CJ- 1' E A S CITY OF GRAPEVINE ADMINISTRATIVE POLICY SUBJECT: THIRD PARTY NETWORK SECTION: F NUMBER: 13.0 CONNECTIONS PREPARED BY: Information Technology REVISED DATE: 02/01/2014 PAGE: 1 of 4 PURPOSE 13.1 This purpose of the Third Party Network Connections policy is to describe the guidelines and requirements for third party connections for the purpose of transacting business related to the City of Grapevine. POLICY 13.2 Connections between third parties that require access to the City of Grapevine network fall under this policy. Connectivity to third parties, such as the Internet Service Providers (ISPs)that provide Internet access for City of Grapevine or to the public switched telephone network do NOT fall under this policy. 13.3 PRE-REQUISITES FOR THIRD PARTY REMOTE ACCESS 13.3.1 When a need arises for a third party connection to the City of Grapevine the Department/Division representing the third party needing access must review, complete and present to the IT Director: o Third Party Remote Access Agreement Terms and Conditions (see Attachment B). o Third Party Remote Access Request— Information Requirements Document — (see Attachment C). 13.3.2 Security Review All new third party remote access requests will go though a security review with IT. The reviews are to ensure that all access matches the business requirements in the best possible way and that the principle of least access is followed. 13.3.3 Third Party Remote Access Agreement All new remote access requests between third parties and the City require that the third party and the City representatives agree to and sign the Third Party Agreement. This agreement must be signed by a representative from the third party who is legally empowered to sign on �'l3llRl�ll `Y 111CJ- 1' E A S CITY OF GRAPEVINE ADMINISTRATIVE POLICY SUBJECT: THIRD PARTY NETWORK SECTION: F NUMBER: 13.0 CONNECTIONS PREPARED BY: Information Technology REVISED DATE: 02/01/2014 PAGE: 2 of 4 behalf of the third party. The signed document must be kept on file with IT. An annual review process will be initiated by IT and a new agreement will be signed annually. 13.3.4 Establishing Connectivity All connectivity established must be based on the least access principle, in accordance with the approved business requirements and the security review. In no case will the City of Grapevine rely on the third-party to protect the Cities network resources. 13.3.5 Modify or Changing Connectivity and Access All changes in access must be accompanied by a valid business justification and are subject to security review by IT. The department responsible for the application being accessed must designate a person to be the point of contact (POC)for the third party connection. The POC is responsible for keeping IT informed of problems and changes in the needs of this third party. In the event that the POC changes; IT and the third party must be informed promptly. All changes in personnel accessing our City network must be sent to IT as they occur. Old accounts will be deleted and new ones will be assigned. Third party providers are not permitted to share accounts. 13.3.6 Terminating Access When access is no longer required, the POC must notify IT which will then terminate the access. IT will conduct an audit of all remote access accounts on an annual basis to ensure that all existing accounts are still needed. Accounts that are no longer being used to conduct City of Grapevine business will be terminated immediately. 13.3.7 Allowed Connection Services The City of Grapevine only allows the following services for out connectivity to the City network: �'l3llRl�ll `Y 111CJ- 1' E A S CITY OF GRAPEVINE ADMINISTRATIVE POLICY SUBJECT: THIRD PARTY NETWORK SECTION: F NUMBER: 13.0 CONNECTIONS PREPARED BY: Information Technology REVISED DATE: 02/01/2014 PAGE: 3 of 4 o Remote office VPN (see VPN access policies) o Encrypted FTP to City provided FTP server o Remote desktop to approved application servers via VPN 13.3.8 Third Party Responsibilities It is the responsibility of providers with VPN privileges to ensure that unauthorized providers are not allowed access to City of Grapevine internal networks. 13.3.9 Password Authentication VPN use is to be controlled using either a one-time password authentication, such as a token device, or a public/private key system with a strong pass phase. 13.3.10 Security Audit An NAC security audit occurs upon initial connection. If this audit fails the remote user will not be allowed to connect to the City network. 13.3.11 Dual (Split) Tunneling This is NOT permitted; only one network connection is allowed. When actively connected to the City network, VPNs will force all traffic to and from the PC over the VPN tunnel. 13.3.12 VPN Gateways Will be set-up and managed by the City of Grapevine IT department. All computers connected to City of Grapevine internal networks via VPN or any other technology must use the most up-to-date anti-virus software that is the City standard. This includes personal computers. 13.3.13 Disconnecting Inactive VPNs Providers will be automatically disconnected from City of Grapevine's �'l3llRl�ll `Y 111CJ- 1' E A S CITY OF GRAPEVINE ADMINISTRATIVE POLICY SUBJECT: THIRD PARTY NETWORK SECTION: F NUMBER: 13.0 CONNECTIONS PREPARED BY: Information Technology REVISED DATE: 02/01/2014 PAGE: 4 of 4 network after 30 minutes of inactivity. The individual must log-in again to reconnect to the network. Pings or other artificial network processes are not to be used to keep the connection open. 13.3.14 Non-City Owned Equipment Users of computers that are not owned by the City must configure the equipment to comply with City of Grapevine's VPN and network policies. 13.3.15 Approved VPN Clients Only approved VPN clients may be used. 13.3.16 Security of Using VPN By using VPN technology with personal equipment, providers understand that their machines are a de facto extension of the City of Grapevine's network and, as such, are subject to the same rules and regulations that apply to all City of Grapevine-owned equipment (i.e., their machines must be configured to comply with security policies.