Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Guide to Enterprise Telework and Remote Access Security



Karen A. Scarfone, Paul Hoffman, Murugiah P. Souppaya


[Superseded by NIST SP 800-46 Rev. 2 (July 2016):] Many organizations employees and contractors use enterprise telework technologies to perform work from external locations. Most teleworkers use remote access technologies to interface with an organization s non-public computing resources. The nature of telework and remote access technologies permitting access to protected resources from external networks and often external hosts as well generally places them at higher risk than similar technologies only accessed from inside the organization, as well as increasing the risk to the internal resources made available to teleworkers through remote access. This publication provides information on security considerations for several types of remote access solutions, and it makes recommendations for securing a variety of telework and remote access technologies. It also gives advice on creating telework security policies. [Supersedes SP 800-46 (August 2002):]
Special Publication (NIST SP) - 800-46 Rev 1
Report Number
800-46 Rev 1


mobile device security, remote access, remote access security, telework, telework security, virtual private networking


Scarfone, K. , Hoffman, P. and Souppaya, M. (2009), Guide to Enterprise Telework and Remote Access Security, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed July 21, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created June 16, 2009, Updated November 10, 2018