Topic List (click to go to topic):
Use of Information Technology in the NanoFab
The CNST provides access to information technology resources, including computers, network, and peripheral devices to support the operations of the NanoFab Facility. The guidelines in the CNST NanoFab Facility User Computer Security and Usage Policy (see section 220.127.116.11)_and the NIST Access and Use Policy apply to all who use and access the information technology resources.
NIST systems and any information on those systems are Government property. Therefore, users of NIST systems should be aware that information transmitted by or stored on NIST systems is not private. In addition, NIST users should also be aware that it is often necessary to monitor network traffic or computer activity to ensure integrity, security or reliable operation of NIST systems. However, any other monitoring is against NIST policy.
Unacceptable User of Information Technology in the NanoFab
- Any use of information technology resources in order to obtain access to any network or system at NIST, or elsewhere, for which the person has not been authorized, or in a manner that knowingly violates the policies of the owner of the network or system;
- Any activity that interferes with the legitimate activities of anyone using any NIST systems or networks, or any other network or system which may be accessed from NIST;
- Unauthorized use of a system for which the user has authorized access, including use of privileged commands on a system by a user not authorized to use such commands and unauthorized access to information owned by someone else. For example, no user may access the root account on a Unix system or attempt to become root on the system unless he or she is authorized to do so;
- Deliberate unauthorized destruction of NIST data or other resources;
- Any use of NIST information technology resources to engage in illegal or unethical activities;
Access to the internet is not enabled on computers on the NanoFab Domain.
*Portions of document excepted from the NIST Policy on Information Technology Resources Access and Use at http://www-i.nist.gov/cio/itsd/pp_nist/policy/policy_accnuse.html.
Summary/Overview of IT Infrastructure in NanoFab
The NanoFab IT infrastructure is composed of four unique parts: the NanoFab Research Network, the NIST Gaithersburg Network, the Visitor Network, and the Public Network. While working in the cleanroom, all NanoFab users will interact with the NanoFab Research Network. NIST employees will also interact with the NIST Gaithersburg Network. The Visitor Network is used to provide Internet Access for external users. The Public Network hosts the external reservation system (NLRS) that is used by external users not off the NanoFab network to make tool reservations.
NanoFab Research Network
The CNST NanoFab Research Network domain (CNSTNANOFAB) which is administered by the CNST IT staff. This domain has a trust relationship with the NIST CAMPUS domainto allow internal to log into tools using their NIST credentials instead of having to be issued an additional username and password. External users are issued accounts on the NanoFab Research network at the request of the NanoFab Facility User Coordinator. The NanoFab Toolbox (a web site with helpful links that can be used inside the NanoFab) as well as a networked printer are also available on this network.
Users can use their NIST credentials or their NanoFab credentials to log into three different classes of computers on the NanoFab Research Network. The first class of computers are the SunRay thin clients. These computers allow a user to bring up a NEMO session and to activate tool interlocks. A smart card is required to unlock the screen of these types of computers. The second class of computers are the tool computers. Users log into these computers to run their processes or to collect data. Data can be transferred to the file server that is available to all NanoFab users. The final class of computers are the file-retrieval computers. These are the only computers on the NanoFab Research Network that have the ability to accept USB flash media. Users can copy their data to USB, CD, DVD using one of these computers.
The NIST Gaithersburg Network
The next part of the NanoFab IT infrastructure is the NIST Gaithersburg network. This network hosts the NIST domain controllers, which authenticate NIST users that log onto any of the three classes of computers on the NanoFab Research Network, as well as the servers that run NEMO. NIST employees’ (internal users) computers are also connected to this network. They are allowed to map a their share drive on the NanoFab network through the firewall in order to upload/retrieve data. One other important items on this network are the wireless access points that service NIST users. If a NIST employee has a NIST-owned laptop and has been authorized by his/her division chief, they can use these access points in order to connect to NISTNet.
The third part of the NanoFab IT infrastructure is the Visitor network. This network is set up to allow access to the Internet but block all access to internal NIST resources. An external user can bring in their laptop and connect to the Internet via the wired or wireless visitor network. External users should contact the NanoFab User Office to gain access to either of these networks.
Kiosk computers that automatically log in and provide access to the Internet have been placed on the wired network.
The final part of the NanoFab IT infrastructure is the public network. The servers that run the external NEMO reservation system application reside on this network. External users that are not currently on the NanoFab network can be issued an account by the NanoFab User Office to log into this system and remotely request tool reservations. The NanoFab website is also on this network.
Consequences of misuse
Unauthorized or improper use of NanoFab IT resources by Commerce employees is punishable by penalties as provided in the Department's Table of Offenses and Penalties, which are incorporated into the NIST Administrative Manual as Appendix A to Subchapter 10.11, Adverse Actions. Unauthorized or improper use by other users will result in notifications to their management and NIST sponsor (if applicable) and can result in similar penalties and possible termination of agreements with NIST. Individuals involved with misuse will also be subject to having all computer account access indefinitely suspended at the discretion of CNST management.
Access and Use Agreement
The access and use agreement is distributed to users with title “CNST NanoFab Computer Security and Usage Policy”
, see below. It outlines policies specific to the NanoFab Facility computers, acceptable use, and expectations for security.
CNST NanoFab Facility User Computer Security and Usage Policy
contains policies specific to NanoFab facility computer systems, and should be considered a supplement to official NIST Information Technology Security Policies. It does not supersede those documents, although important information will be duplicated for emphasis. All NIST-wide computer policies apply to our computer systems in addition to those outlined in this document.
Individuals wishing to use the NanoFab facility computer systems are required to have read and agree to abide by the “CNST Computer Security and Usage Policy” and all other related NIST IT security policies.