1. Background
The purpose of this document is to outline the policy for vendor remote access to client servers, services, and/or infrastructure as part of a support arrangement on clients’ systems. Clearview Technologies will make every effort possible for an efficient and secure remote access connection to our clients networks.
Due to the rising risk of infection, ransomware and cryptoware and the rapid rate of vulnerabilities being exposed – Clearview Technologies will be facilitating remote access tools and configurations for vendors/partners.
2. Policy
2.1 Policy Outline
Clearview Technologies provides mechanisms to secure vendor access from non-client systems. Because proper configuration is important for secure use of remote access, mandatory configurations procedures and software will be provided by Clearview Technologies. Since our standard application may change at any time, the following requirements are configured for all remote access:
- Multi-Factor Authentication must be configured. Supported methods: E-Mail, Google/MS Authenticator, Duo, etc.
- Remote access is provided via application layer proxy and not a direct connection through the firewall(s).
- Remote Access sessions will be automatically recorded and full audit logs will be available to Clearview Technologies staff and clients (if requested).
- Strong password requirements will be mandated to include stringent complexity baselines.
- All remote access for vendors must be provided by Clearview Technologies and approved by the client.
2.2 Provided Software and Configuration
Currently, Clearview Technologies utilizes ConnectWise Control (previously: ScreenConnect) to facilitate remote access to client systems. As part of our arrangement, we will provide access to vendors using these same tools.
Our current security configuration(s):
- Multi-Factor authentication is required. At a minimum, MFA code will be emailed to the email address on file for the account at time of remote access.
- Passwords must be 12 characters in length or larger.
- Password complexity requirements: At last 1 capital letter, at least 1 lower case letter, at least 1 number, and at least 1 special character.
- Password may not be reused more than once.
- At 10 invalid attempts, account will be locked and will require assistance from Clearview Technologies staff.
3. Policy Compliance
3.1 Compliance Measurement
Our staff will verify compliance through various methods. Any attempt to bypass or circumvent Clearview Technologies access methods and requirements will result in loss of vendor access to client networks and any server/network related access will be facilitated through Clearview Technologies staff at the time of the support request.
3.2 Exceptions
Any exception to this policy must be requested to and approved by Clearview Technologies in advance. Vendor may be asked to show proof of compliance with policy guidelines prior to approving any exceptions.
3.3 Non-Compliance
Any vendor found to have violated this policy may result in loss of vendor access to client networks. If so, any vendor required remote access to client networks/servers (except for end-user support sessions) will be facilitated through Clearview Technologies staff.
How to Request Access
Vendors may request access using the following form: <PLACEHOLDER>