Restricted Data Access from Off Campus

ISO Position Paper

Position Title: Restricted Data Access from Off Campus

Position Audience: Princeton IT Professionals

Contact: Information Security Office: [email protected]

Position Release Date: August 11, 2017


Problem Statement

The Information Security Policy1 requires the protection of University information that is
classified as Restricted or Confidential. Exposing systems that contain Restricted or Confidential
data directly to the internet significantly increases the threat to sensitive University information.

ISO Position

All University systems that store or process Restricted or Confidential data should not utilize
publicly routable internet addresses (where possible) and must require the use of SRA/VPN to
access those systems.

1Information Security Policy

Data Classification: Public