Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).
NIST Policy on Information Technology Resources Access and Use
Originally Posted: October 8, 1998
All information technology users must sign a document stating that they acknowledge having read, and agree to abide by, this policy.
NIST provides access to information technology resources, including computers, networks, and peripheral devices, to support the NIST mission. The following guidelines apply to all who use and access NIST information technology resources.
Acceptable Use of NIST Information Technology Resources
This section describes uses of NIST information technology systems that are considered acceptable by NIST management. The general criteria used in deciding acceptable use are whether the application is of benefit to NIST, whether it complies with government laws and regulations, and whether it does not adversely affect others. NIST allows the personal use of the Internet as long as it does not interfere with official business, increase cost to NIST or embarrass NIST. Questions about the use of NIST information technology resources that are not explicitly mentioned in this policy should be directed to NIST management.
NIST information technology resources may be used in the conduct of NIST research, in the administration and management of NIST programs, and in the dissemination of the results of NIST work. Examples of such use of NIST information technology include, but are not limited to:
NIST information resources may be used to communicate and exchange information with others located at NIST, and elsewhere, to share information related to the NIST mission. This includes researchers at other institutions, customers in industry and elsewhere, vendors and companies with products of interest to NIST, other government agencies, and the public. Examples of acceptable communications include:
Software from the Internet and other public sources, and installing unnecessary software from any source, increases security risks to NIST networks and computers by potentially including things such as harmful viruses, back doors, and mechanisms specifically designed to defeat firewall protection. Users must follow the guidelines established by the NIST IT Security Office when downloading software from the Internet:
Acceptable Access to Information Technology Resources
NIST communications facilities may be used to provide access to NIST information technology systems and those of other organizations for authorized purposes. Examples of authorized access to systems include:
To ensure accountability of actions and resources, each person who has access to a NIST information technology system must have an individual account. Sharing of accounts and passwords or authorization methods is prohibited, except in special cases such as e-mail accounts for the operation of special services supported by a team of people. Access to NIST information technology resources requires formal written authorization by a user's manager. The authorization should specify the duration of the access to the NIST resource, acceptable use of the NIST resource, and a rationale for granting access to NIST information technology resources. A copy of the authorization and a copy of this policy should be given to the user.
General access to public NIST information technology resources, such as Web, bulletin boards, public anonymous ftp, Mosaic, gopher, or other services used by NIST to disseminate information to the public requires no special authorization. However, misuse of these services or attempts to exceed authorized access is subject to the same penalties as other unacceptable uses described below.
Unacceptable Use of NIST Information Technology Resources
The use of NIST systems and networks in a manner which is unacceptable may subject the person(s) involved to loss of all privileges to use NIST systems, may result in other disciplinary sanctions up to and including dismissal, or may result in criminal prosecution. Unacceptable uses of NIST systems and networks include, but are not limited to:
Privacy of Information
NIST systems and any information on those systems are Government property. Therefore, users of NIST systems should be aware that information transmitted by or stored on NIST systems is not private. In addition, NIST users should also be aware that it is often necessary to monitor network traffic or computer activity to ensure integrity, security or reliable operation of NIST systems. However, any other monitoring is against NIST policy. Casual reading of e-mail messages addressed to others is prohibited.
Unauthorized or improper use of NIST IT resources by Commerce employees is punishable by penalties as provided in the Department's Table of Offenses and Penalties, which are incorporated into the NIST Administrative Manual as Appendix A to Subchapter 10.11, Adverse Actions. Unauthorized or improper use by contractors, guest researchers, collaborators, and other associates, will result in notifications to their management and NIST sponsor and can result in similar penalties and possible termination of agreements with NIST. Individuals involved with misuse will also be subject to having all computer account access indefinitely suspended at the discretion of NIST management and the NIST CIO.