Grants Information System( GIS) Rules of Behavior

Why are GIS Rules of Behavior Needed?

Within Grants Information System (GIS), as within all commercial-off-the self (COTS) software packages, technical controls alone are inadequate in ensuring the proper separation of duties and security controls needed in federal applications. Management controls must be used to supplement the technical controls. Accordingly, the Office of Management and Budget (OMB) has established security requirements for agencies that supplement technical controls with management controls. Those requirements are published in OMB Circular No. A-130, Management of Federal Information Resources, Appendix IV, Security of Federal Automated Information Systems, dated December 12, 2000 -  see l A-130 states: “Establish a set of rules concerning use of and behavior within the application. The rules shall be as stringent as necessary to provide adequate security for the application and the information in it. Such rules shall clearly delineate responsibilities and expected behavior of all individuals with access to the application. In addition, the rules shall be clear about the consequences of behavior not consistent with the rules.”

To Whom Do They Apply?

The rules of behavior presented here apply to all Department of Transportation (DOT) employees, contractors, and to all personnel developing and using GIS information resources. Because written guidance cannot cover every possible contingency, you are asked to exceed the stated principles, and are referred to the Code of Federal Regulations (CFR), Title 5, Administrative Personnel, Volume 3, Chapter XVI, Office of Government Ethics, Part 2635, Standards of Ethical Conduct for Employees of the Executive Branch, dated 1 January 1999, for additional information.

User Responsibility

All users of GIS information resources have a responsibility to assess the sensitivity of their data, and to be aware that computer security is their responsibility. Every user must be alert to possible breaches in security and adhere to all security regulations that have been established with the DOT and GIS. The responsibilities listed below are not all inclusive, but are designed to make the users’ aware of their responsibility in securing GIS resources and supporting applicable separation of duties.

General Responsibilities

• Comply with all applicable federal, DOT, GIS, and agency security policies and procedures. • Protect your unattended terminal by always logging out or locking the keyboard with a screen-saver before leaving your terminal unattended. • Protect sensitive unclassified information from unauthorized access, disclosure, modification, misuse, damage or theft. • Protect all passwords issued to you and do not disclose them to anyone. Understand that password sharing or the use of another user’s ID and password is prohibited in GIS. Change passwords when required by the system and whenever you suspect that they may have compromised. Do not embed passwords in log-on scripts. • Report all security incidents, including password compromises, violations of software licensing agreements, and computer viruses, to the Security Official and/or your government project manager. • Immediately notify the Security Official for your area when you no longer require access to the GIS application, its servers, and the networks used to access the GIS system because of transfer, completion of project, etc., and of any changes in your work location or phone number. • Do not knowingly introduce any malicious code into the GIS application, its servers, and the networks used to access the GIS system, nor attempt to bypass or circumvent the security features or mechanisms of the GIS application, its servers, and the networks used to access the GIS system. • Upon final checkout or departure from DOT, you will not have in your possession or in your home any sensitive unclassified information in any form, nor any government owned equipment, software, storage media (e.g. diskettes), user manuals, or system documentation.

Remote Access Off-Site

• Adhere to all DOT and OA provisions or agreements related to off-site work. • Use virus protection software on all off-site systems used to access GIS, and keep the virus protection software up-to-date. • Change remote access passwords frequently. • Protect remote access passwords from access by other individuals, and do not store passwords in login scripts, batch files, or elsewhere on the computer.

Receipt Acknowledgement

I have read the GIS Rules of Behavior in their entirety, and I recognize that it is my responsibility to ensure that I comply with all DOT policies, regulations, guidelines, and rules regarding the protection, handling, processing, transmission, distribution, and destruction of sensitive unclassified information. I understand that failure to comply with any or all of the above security requirements could result in the loss of my system privileges, disciplinary action by DOT, and/or civil or criminal penalties.

By clicking this link you acknowledge all rules stated above.

----------------------------------------------------------------------------------------------