If supported, system or systems may utilize password controlled remote access, provided the following requirements are met:
- (1) A remote access user activity log is maintained depicting logon name, time/date, duration, activity while logged in;
- (2) No unauthorized remote user administration functionality (adding users, changing permissions, etc.);
- (3) No unauthorized access to database other than information retrieval using existing functions;
- (4) No unauthorized access to operating system; and
- (5) If remote access is to be continuous basis then a network filter (firewall) should be installed to protect access.