COVID-19 Guidance For Working Remotely

Due to the impact of COVID-19 we are suggesting best practices for working remotely and meeting compliance through this time period. The guidance below is to ensure employees act safely with GT Owned and personally owned devices and information when working remote.

VPN Use

Be sure to connect to VPN at all times to ensure your connection is secure. For information on how to do so, please click here.

 

Encryption

Be sure to encrypt your machine and drives whenever possible.

 

Sharing Protected Student Information

When sharing protected student information, Georgia Tech Approved File Sync & Storage​ solutions must be used.

  • Approved File Sync & Storage solutions are Microsoft Office 365 OneDrive, Microsoft Office 365 SharePoint, Dropbox, Box, and departmental file shares.
    • ​​Discuss with your local IT professional to ensure data is being shared via an Approved File Sync & Storage location.
  • When sharing on an approved solution, ensure you are setting file permissions appropriately.
  • When using cloud-based solutions (i.e. Office 365 Suite, Box, Dropbox), use Authenticated Links. 
Authenticated Links

An authenticated link is a link shared with collaborators that requires them to use a username and password to access the shared data. Sharing of protected student information should be done through authenticated links. Unauthenticated links are not to be used when sharing protected data. Information on sharing using authenticated links for each solution can be found below:

Approved Tools, Services and Endpoint Software

When using a Georgia Tech Issued System, be sure the system has the Approved Endpoint Software loaded.

Should you be remoting into a system here on campus using a personal machine, be sure to use VPN as well as ensure that you have antimalware software loaded onto your system.

For a list of approved tools and services for Remote Instruction, please click here.

 

Communications

Be sure to communicate using approved campus services for teleconferencing. Information about approved campus services for teleconferencing can be found here.

Services Available:

  • WebEx
  • BlueJeans
  • Teams

 

Remote Research

In general, if you are performing research remotely, please follow the guidance above.
NIST 800-171
If you are performing research remotely that requires compliance to the NIST 800-171 controls, please be sure that you have an SSP Exception Form on file.
Should you have any questions about complying with NIST 800-171 remotely, please contact compliance@security.gatech.edu.
We understand that you may be using computers not listed in the SSP to perform remote work for projects requiring an SSP. Please be sure to save your data in approved cloud storage services.
The SSP Exception Form document temporarily allows use of GT-Owned and Personal Devices to maintain research continuity as campus reacts to COVID-19. Any data that is stored, processed, or transmitted must be removed from the devices temporarily allowed, and PI will need to sign an attestation form of destruction when they are back to normal function.
Physically protecting systems while offsite when complying with NIST 800-171 is required. All systems whether in or out-of-scope should be secured using one of the following when not in use:
  • Non-public secure area (preferably behind lock and key)
  • Cable lock
  • Full Disk Encryption

 

If you have additional questions on the options above, please visit this page.