INTERNET ACCESS REQUIREMENTS - 4985.2

As part of the Internet Access Policy, agencies/state entities shall ensure the following requirements are met:

1. Internet Access

   To ensure the minimum baseline security safeguards are in place, agencies/state entities must use California Government Enterprise Network (CGEN) supplied services where direct access to the Internet or cloud service is possible.

2. Use of Cloud Services

   Applications or services using cloud services will use CGEN as the transport between the cloud provider and departmental supported locations. Communications between cloud services and system components located at California Department of Technology (CDT) facilities will use CGEN as the transport network.

3. Public access to Cloud Services

Public hosted services located in Cloud Service Provider environments may be accessed directly from Internet services provided outside of CGEN if the following requirements are met:

• The information being accessed is not confidential or sensitive
• The security logs are provided directly to the CDT Security Operations Center through a direct interface
• The cloud environment being accessed is in compliance with all the following policies and standards:
  • Cloud Computing Policy, SAM Sections 4983-4983.1
  • Cloud Security Standard, SIMM 5315-B and Cloud Security Guide, SIMM 140