Accessibility Settings
Language Translation
Governor Eric J. Holcomb
  Close Menu

June 2024 IOT Connections

IOT VPN Change Update
IOTlogo

Over the last few years, IOT has been aggressively working to improve and increase the security of our environment to better protect our physical assets as well as our digital assets.  One area that we have been working on behind the scenes is ensuring that the devices (desktops, laptops, tablets) that connect to our network through VPN have a minimum level of assurance that they do not pose a threat to our environment.  To accomplish this, IOT is enabling a device verification process that checks and validates a set of security standards. These checks will help the state improve our security posture and help us meet federal regulations needed to protect the federal data within our environment.

IOT will be enabling all warnings for posture policies on July 16. The current status of posture warnings is as follows:

  • Device Lock – all devices that connect to our network, through VPN, must have a lock screen enabled after 15 minutes of inactivity. This merely locks the screen and requires a user to log back into the device to resume their work and prior session. Warnings are currently disabled. We will re-enable under this CMR.
  • Minimum Operating System (O/S) – all devices must have a minimum level of operating system installed to ensure that vulnerabilities from legacy operating systems are not exposed to our environment. Warnings currently enabled. No changes will be made.
  • Anti-virus/Anti-malware – all devices must have an antivirus/anti-malware application installed, enabled and currently updated to safely connect to our environment. Warnings are currently enabled. No changes will be made.
  • Internet Connection Sharing – Devices connected to our network can NOT have Internet Connection Sharing enabled to prevent users from sharing their computers network connection with other devices. Warnings are currently enabled. No changes will be made.
  • Device Firewall – the native firewall on the device must be enabled to protect the device from errant access/traffic. Warnings are currently enabled for VPN connections initiated off-network, but disabled for VPN connections initiated from within the network. We will enable the warnings for VPN connections regardless of source location.

We will then enable all polices in mandatory (enforcement) mode on September 4, 2024 at 10 p.m. under CMR 24964

Over the past few months, we have been reviewing our data and statistics to identify machines that are problematic. Using the data, we have changed or implemented group policies to resolve compliance issues. Periodically, warning messages have been displayed to users to notify them that their device was flagged. As the group policies take effect, the warning messages are very important for identifying computers that need additional scrutiny. Furthermore, the warnings help identify contractors' computers, not managed by IOT, that will require changes by contractor IT departments.

We have taken this information and have our Business Relationship Management (BRM/Liaison) team working with each agency with impacted devices to resolve the problems found or identify alternative solutions. As such, there is no action needed from you at this time.

Save the Date: Indiana Digital Government Summit is October 30

DGS 2024

The 2024 Indiana Digital Government Summit will bring together technology-focused public-sector professionals with leading industry partners to connect on innovative approaches, get inspired and discover new technologies.

Join us on October 30 and let’s improve the future of government together!

Register Now! 

Location:

  • Embassy Suites by Hilton Noblesville
    • 13700 Conference Center Drive South Noblesville, IN 46060

Stay up-to-date on new speakers added and everything about the summit here: https://events.govtech.com/Indiana-Digital-Government-Summit

New Citizen Engagement Portal -  Marketing Cloud trainings coming soon

After working with our pilot agencies to fully develop State-specific content, the Indiana Office of Technology is beginning to schedule trainings for the transition from GovDelivery to Marketing Cloud.

Create your Trailhead account and take the training prerequisites before your live, virtual training session.(These links and instructions were sent out to our GovDelivery administrators, now Marketing Cloud administrators).

What to expect next: 

  • An invitation for your live, virtual training will be sent out shortly.
  • Training documentation, including the training guide and any additional documents you will need, will be sent out in advance of your session.

Additional Information: 

Behind the Tech: Kevin Barthauer
Kevin Barthauer

Kevin Barthauer is the vulnerability management program coordinator for IOT, which "essentially means I look for, research, and report on vulnerabilities in our IT infrastructure."

Much of Kevin's time is spent interacting with and learning from other teams at IOT and across other agencies. Once a vulnerability is understood, he works to form consensus around mitigation.

What's his favorite thing about his job?

"I love a good mystery. I’m always curious about why things are how they are and that extends to what I do at work. My favorite part of the job is uncovering issues and helping to design processes that improve our security.

What does he hope to take away from his work at IOT?

"I get to work every day with some pretty amazing people. I learn from them every day and am inspired by their service and dedication. When I switched careers a few years ago, I decided I wanted my second act to be one of service somehow. Working for IOT allows me to fulfil that desire," he said.

IOT News

Click here to view more events

Top FAQs