Why should an organization have a remote access policy even if it already has an acceptable use policy (AUP) for employees?

A remote access policy contains everything that an Acceptable Use Policy states, as well as additions specific to remote access. Alongside with defining rules and regulations with the use of company assets, network connections, and organization resources, the remote access policy further addresses issues specific to remote connections and access. This can include the mandatory use of Virtual Private Networks, protecting remote access from family members, not connecting the remote host to another network when connected to the corporate network, the necessity of only using approved or company-provided hosts (laptops and mobile devices), and password policies for remote authentication (Jarko, 2015).

It is necessary for an organization to exclusively define a remote access policy to ensure compliance, system security, and to further safeguard its resources, as remote attacks are increasingly common – and letting in connections from the wild into the internal network is fraught with the risk of attacks.


Jarko, C. (2015, April 12). SANS Consensus Policy Resource Community – Remote Access Policy. Retrieved from https://www.sans.org/security-resources/policies/network-security/pdf/remote-access-policy