- (a) remote access user-activity log is maintained depicting logon name, time, date, duration and activity while logged in;
- (b) no unauthorized remote-user administration functionality (adding users, changing permissions, etc.) shall be permitted;
- (c) no unauthorized access to the database, other than information retrieval using existing functions, shall be permitted;
- (d) no unauthorized access to the operating system shall be permitted; and
- (e) if remote access is to be continuous, then a network filter (firewall) shall be installed to protect access.
If supported, a MCS may use password-controlled remote access to a MCS so long as the following requirements are met: