What are the Zscaler policy for auditors/contractors?  In state/out of state?  Personal machines/state owned machines?

Agencies should provision users with access to approved VPN, State email and State-owned machines according to established OIT Policy. CORE Operations staff cannot make determinations as to the validity of agency access provisioning to CORE, as the Controller for each agency is accountable for all user access for their Department, including auditors. In compliance with current best practices and policies, access to Zscaler or any other OIT-approved VPN tool should only be granted to individuals operating from an official business email address and using an official business computer.  If individuals requiring access to CORE have Colorado State Network VPN credentials administered by OIT, they will not need a Zscaler account to access CORE.