What kind of security things do they require? Stuff like using two factor authentication? (Not storing passwords in a spreadsheet would also be good, but they clearly don't require that ;)
Oh no, they require that. but thats difficult to enforce.
Strick AD password, account lockouts after n attempts, password rotations every 90 days.
The internet must have an air gap between it and the "production" network. So that means internet in terminal server clients. (we used to be able to get away with VLANs, and just have a clientside VM on a different VLAN)
No automated mechanism to move data between the "production" network and the outside world. Any data that needs transporting must be accounted for (and that's literally terabytes a day.)
Strick AD password, account lockouts after n attempts, password rotations every 90 days.
The internet must have an air gap between it and the "production" network. So that means internet in terminal server clients. (we used to be able to get away with VLANs, and just have a clientside VM on a different VLAN)
No automated mechanism to move data between the "production" network and the outside world. Any data that needs transporting must be accounted for (and that's literally terabytes a day.)