Rules of Behavior

    RULES OF BEHAVIOR
    for this website

    1. Introduction

    The security of the information in this system depends upon the practices of its users. These rules delineate responsibilities and expectations for all individuals using the National Technical Training Assistance Center (NTTAC). Non-compliance of these rules will be enforced through sanctions commensurate with the level of infraction. Depending on the severity of the violation, sanctions may range from a verbal or written warning, removal of system privileges/access for a specific period of time, reassignment to other duties, or termination. Violation of these rules and responsibilities could potentially result in prosecution under local, State, and/or Federal law.

    2. Physical and Logical Security

    While connected to the NTTAC, maintain control over your computer so as to prevent theft, unauthorized use/disclosure, misuse, denial of service, or destruction/alteration of data.

    While away from your computer, do one of the following: close the browser that was used to access the NTTAC, use a password-protected screen-saver, or turn off the computer.

    Ensure that all sensitive information extracted from the NTTAC (such as print-outs and notes) is securely maintained or properly destroyed. ("Secure" handling of sensitive information is addressed in DOJ 2640.2F, which is available at http://www.justice.gov/jmd/publications/doj2640-2f.pdf)

    Read and understand the DOJ standard security warning banner that appears prior to logging onto the network.

    3. Incident Reporting

    Immediately report any violation of an explicit or implied security policy related to the NTTAC. Additionally, immediately report any notable occurrence in a computing or telecommunications system or network that may affect the NTTAC or its computing systems or network.

    Report all incidents to the Helpdesk at 1-833-872-5174.

    4. Forbidden Activities

    Do not engage in, encourage, or conceal any "hacking" or "cracking," denial of service, unauthorized tampering, or unauthorized attempted use of (or deliberate disruption of) the NTTAC or its computing systems.

    Do not purposely engage in any activity with the intent to degrade the performance of the system or deprive an authorized user access to a resource.

    Do not attempt to circumvent any security measures for the NTTAC or its computing systems. Do not attempt to put into the NTTAC or its computing systems any computer code, program, or script that is considered to be a Trojan Horse (applications that attempt to circumvent security measures) or any "back door" means of accessing the NTTAC or its computing systems.

    Any user found to introduce "Trojan Horse" type code, program, or script, will be subject to prosecution under local, State, and Federal law, and as applicable, will be subject to local department/corporate policies which enforce disciplinary action up to and including dismissal. This policy includes the use of .rhosts and .netrc files in any user's home directory for the purpose of avoiding entering keystrokes to gain access to any system.

    5. User passwords

    Protect NTTAC passwords from others so that they remain confidential, and never share a NTTAC password with any other person, regardless of the person's position or affiliation. (Note: if any unknown person asks for a password, it should be considered a security incident and reported immediately to the NTTAC helpdesk at 1-833-872-5174.)

    When choosing passwords, adhere to the guidelines stated on the Change Password and Registration pages.

    6. Management Responsibilities

    Communicate the change in status of NTTAC users under your management. Notify either the appropriate NTTAC administrator or the Helpdesk (at 1-833-872-5174) when a user is no longer associated with the effort. Because of the sensitivity of the information contained within the NTTAC, timely notification is extremely important.

    Provide employees with the resources to be compliant to these rules of behavior and successful with the operation of the NTTAC application.

    Ensure that an adequate level of education and awareness is established and maintained so as to
    a. prevent the unauthorized access to the NTTAC (i.e., user IDs and passwords are safeguarded)
    b. prevent the unauthorized disclosure of the sensitive information within the NTTAC.
    c. ensure that handling and sharing of sensitive information complies with rules stated within these rules of behavior and as set forth in your organization.

    7. Administrator Responsibilities

    A NTTAC administrator is designated for each jurisdiction, state, urban area, and Federal agency. Administrators must manage the user accounts in their control. Verify new registrations before activating accounts (e.g. ensure with management that user should have access, check for valid e-mail address, etc.). Immediately deactivate user accounts that are no longer associated with the effort, such as in the case of termination or transfer. Because of the sensitivity of the information contained within the NTTAC, timely deactivation is extremely important.

    8. Protection of software copyright licenses.

    Observe and comply with all copyright licenses associated with the NTTAC. Additionally, observe and comply with all copyright licenses associated with the software used to access the NTTAC.

    9. Work at Home

    Use of the system at home should be consistent with policies of the user's agency/organization.

    10. Other Policies and Procedures

    These rules are not to be used in place of existing policy, rather they are intended to enhance and further define the specific rules each user must follow while accessing theNTTAC. These rules are consistent with the policy and procedures described in the DHS Handbook for Sensitive Systems.

    By pressing the Sign In button, I acknowledge receipt of, understand my responsibilities, and will comply with the NTTAC Rules of Behavior.