VPN Access Request Approval Process

VPN Access Request Approval Process

When the digital VPN Access Request Form is completed online it will generate an automated email containing a case number for each request, please retain this for your records.

Once the VPN Access Request Form is completed:

If you are making the request for yourself or a subordinate:

  1. A Service Desk ticket will be generated and sent to the requestor* by email.
  2. The Information Security and Network groups will evaluate the form and confer with the requestor, departmental IT systems administrators and others as necessary.
  3. Vulnerability scans of the internal systems will be performed.
    • Detected vulnerabilities designated as critical or high-level must be remediated immediately by the requestor in order for the request to be approved
    • Medium and low-level vulnerabilities should be remediated as soon as possible, approval may be granted on a case-by-case basis
    • Campus-wide vulnerabilities scans are performed with some regularity throughout the year, any subsequent reported detections must be remediated by the requestor
  4. An email will be sent to the requestor’s supervisor for their approval unless the submission is for a subordinate. Once approved, the VPN access will be provisioned, the requestor will be notified, and the Service Desk ticket closed.

* The Requestor is the person who fills out the VPN Access Request Form. The requestor may be requesting VPN Access for themselves, a subordinate or a non-CCNY user.

If you are making the request for a non-CCNY user:

  1. A Service Desk ticket will be generated and sent to the requestor by email.
  2. 2. The Information Security and Network groups will evaluate the form and confer with the requestor, departmental IT systems administrators and others as necessary.
  3. Vulnerability scans of the internal systems will be performed
    • Detected vulnerabilities designated as critical or high-level must be remediated immediately by the requestor in order for the request to be approved
    • Medium and low-level vulnerabilities should be remediated as soon as possible, approval may be granted on a case-by-case basis
    • Campus-wide vulnerabilities scans are performed with some regularity throughout the year, any subsequent reported detections must be remediated by the requestor.

      Note: The OIT needs administrative access to internal systems to perform a full vulnerability scan. Vulnerability scans without the proper access may result in false positive results.
       
  4. An email will be sent to the requestor’s supervisor for their approval unless the submission is for a subordinate. Once approved, the VPN access will be provisioned, the requestor will be notified, and the Service Desk ticket closed.

Please take time to explore information security resources on the CCNY Information Security website.