Computer Use & Security Agreement

U. S. Department of Energy

Oak Ridge Office

Computer Use & Security Agreement

I have read and understand the COMPUTATIONAL RESOURCES USERS’ RESPONSIBILITIES to which this COMPUTER USE & SECURITY AGREEMENT is attached. I understand that users of site computers, networks and information systems are an integral part of the overall Department of Energy (DOE) computer security program (unclassified and classified). I also understand that this grant of access to the DOE’s computing resources indicates a level of trust bestowed upon me by my management and the DOE. I agree that I am responsible for my actions, and I am aware of and acknowledge the following principles:

ACCEPTED USER PRINCIPLES

At a minimum, I am responsible for abiding by these principles:

 Ensuring that the DOE Oak Ridge Office (ORO) Federal computing resources are used for authorized use only. Any other use must be approved in writing by my line manager.

 Knowing how to contact the Computer Security Personnel by calling 576-1600.

 Knowing the level of sensitivity of the information processed on my Federal computing resource (e.g., non-sensitive unclassified, sensitive unclassified, or classified).

 Ensuring that all software I use is being used in compliance with applicable licensing agreements.

 Ensuring that no unauthorized software will be installed on my personal computer (PC).

 Protecting the information I am processing from access by or disclosure to, unauthorized personnel.

 Immediately reporting all security incidents and potential threats and vulnerabilities involving Federal computing resources to the designated computer security personnel.

 Reporting any loss/stolen/damage/destruction of Information Technology (IT) equipment to the IT Help Desk Support at 576-2482 (between the hours of 7:30 – 5:00 Eastern Standard Time). If after hours, the report must be filed with the Oak Ridge Operations Center (OROC) at 576-1005 as soon as possible.

 Reporting loss/stolen/damage/destruction of any IT equipment containing any data or information should be made in the same manner noted above to the IT Help Desk at 576-2482. However, IT equipment containing Personally Identifiable Information (PII) must be reported IMMEDIATELY upon discovery of the loss of IT equipment. If after hours, the report must be filed with the Oak Ridge Operations Center (OROC) at 576-1005 IMMEDIATELY.

 Breaches of PII protections (in electronic or physical form) must be reported to the IT Help Desk at 576-2482 IMMEDIATELY. If after hours, the report must be filed with the Oak Ridge Operations Center (OROC) at 576-1005 IMMEDIATELY.

 Protecting my authenticators, such as passwords, RSA tokens, or smartcards.

 Reporting any compromise or suspected compromise of an authentication to the Computer Security Personnel by sending an encrypt email or at 576-1600.

 Ensuring that my user name or password will not be used on an outside website.

 Ensuring that all suspicious email is reported to the DOE ORO Help Desk (576-2482) immediately.

ACCEPTED USER PRINCIPLES (Cont.)

 Accessing only systems, networks, data, control information, and software for which I am authorized.

 Ensuring that system media and system output is marked according to the DOE ORO/system requirements and is properly controlled and stored.

 Ensuring the disposal of PC disks (including hard drive disks) that contain sensitive information by erasing sensitive data, degaussing, shredding, or other procedure, which renders any residual information inaccessible. If not sure how to effectively perform this task, a call will be placed to the ORO Help Desk (576-2482) for assistance.

 Knowing and ensuring required system storage sanitization procedures are carried out before relinquishing the system for service, or releasing it for any other reason except an audit, investigative action, or court order.

 Informing management when access to a particular DOE ORO Federal computing resource is no longer required, such as when I complete a project, transfer to another position, retire, resign from employment, etc.

 Avoiding the introduction of malicious code (e.g., viruses, worms, trojan horses) into any computing resource.

 Preventing physical damage to the system.

 Obtaining management approval and notifying other appropriate personnel (e.g., property management, inventory control, computer security) before relocating any DOE ORO Federal computer resources.

The Cyber Security Awareness Training is required before approval will be granted. The training can be found at the below location:

http://ssd1.oro.doe.gov/unclassified/unclassified_cyber_awareness_2009.ppsx

By signing this agreement, I also acknowledge that I have taken the Cyber Security Awareness Training.

Signatures Required:

To be completed by the user:

I, ______have read the COMPUTATIONAL RESOURCES

(print full name)

USERS’ RESPONSIBILITIES and understand my responsibilities as a user of Federal computing resources.

Signed: ______Date: ______

To be completed by the designated or cognizant computer security official:

I, ______, certify that the above name employee has been provided

(print full name)

computer security orientation.

Signed: ______Date: ______

Version 1, Revision 4Page 1 of 2As of 6/4/08