Each user of our Classified Computer system is required to read and sign the Code of Conduct statement. This signed statement shall be maintained by the computer user's Information Technology Department Security Officer (ITDS0) or designee, for the period that the user requires access to classified computing. The ITDS0 shall keep the original, signed Code of Conduct and the user shall be given a copy for his/her records.
Additional MPRM Group User Responsibilities
The attached document describes MPRM Group's Computer Use Policy. This policy is binding on all MPRM Group employees, and all MPRM Group contractors using MPRM Group computers.
Each user of a Classified Computer system is required to read and sign the Code of Conduct statement. This signed statement shall be maintained by the computer user's Information Technology Department Security Officer (ITDS0) or designee, for the period that the user requires access to classified computing. The ITDS0 shall keep the original, signed Code of Conduct and the user shall be given a copy for his/her records.
My signature (the user) on this Code of Conduct, acknowledges that I have read the herewith document entitled "MPRM Group Code of Conduct for Classified Computer Users".
Signature / Date
This list of computer use policies and security rules apply to all personnel using MPRM Group computers or networks. Line managers are responsible for implementing these policies and rules in their organization and ensuring that users are aware of their responsibilities. This requirement applies to both classified and unclassified operations. All personnel should retain a copy for reference and audit purposes.
Computers and network systems are inherently insecure. All personnel, and particularly users, are cautioned that in general these technologies are not "private." Therefore users should not expect privacy when using systems or networks. Take appropriate protective measures, protecting sensitive information and applications accordingly. The following represents MPRM Group minimum requirements, your management may have additional requirements. Questions concerning these rules should be addressed to your supervisor, manager, or ISSO.
Computers, software, and communications systems provided by MPRM Group are to be used only for work related purposes (as determined by the responsible manager). The use of this equipment or software for personal or non-work related activity is prohibited. The MPRM Group Incidental Computer User Policy does NOT apply to classified computers.
All cleared employees are responsible for assisting in the close supervision of the visible components of the PDS and are to report any suspicious activity.
Users are accountable for their actions and may be held liable to administrative or criminal sanctions for any unauthorized actions found to be intentional, malicious, or grossly negligent.
Users are not to access or attempt to access systems or information for which they are not authorized. Users are not to attempt to receive unintended messages or access information by some unauthorized means, such as imitating another system, impersonating another user or other person, misuse of legal user credentials (User IDs, passwords, etc.), or by causing some network component to function incorrectly. Users are not to possess or transfer information for which they are not authorized.
All software used on MPRM Group computers must be appropriately acquired and used according to the appropriate licensing. This means that any illegally copied software or use is expressly prohibited. Software used on classified systems must be approved (generically or specifically) by the appropriate ISSO.
A user identifier (name or employee number) known as a User ID and password are required of all users of a multi-user system (two or more users). Passwords are protected commensurate (equal) to the data and system they protect. Passwords must be changed at least every six months. Passwords must be at least six (6) characters long, not found in a dictionary, and cannot be the name of a person, place, or thing. Passwords for classified systems must be machine generated using a method approved by DOE. Passwords must not be shared with any other person, except when necessary with the system Information System Security Officer on your site or by authority of the MPRM Group Computer Security Manager. The password must be changed as soon as possible after an unauthorized exposure or suspected compromise.
Users must not introduce or use malicious software such as computer viruses, Trojan horses, or worms.
Users are prohibited from changing access controls to allow themselves or others to perform actions outside their authorized privileges. .
Users are not allowed to prevent others or other systems from performing authorized functions by actions that deny their access, their communications capability, deliberately suppressing their messages or generating frivolous or unauthorized traffic.
Users are prohibited from taking unauthorized actions to intentionally modify, delete information or programs.
Users are not allowed to reconstruct or recreate information or software for which they are not authorized.
All network users must be registered with their system administrator, ISSO, or as otherwise appropriate to that network's requirements.
All MPRM Group personnel, organizations, and subcontractors are responsible to address, safeguard against, and report misuse, abuse, and criminal activity. These activities should be reported to the Safeguards and Security (S&S) Department, Investigations Section. The MPRM Group Computer Security Organization initiates and participates in appropriate investigative activities. The following general definitions may be helpful in recognizing reportable issues.
Misuse--Waste (activities that negatively impact system or work performance) of computer time or resources. Examples include activities unrelated to MPRM Group, such as CHATs, shopping, generating personal letters, holiday greetings, party invitations, membership lists or playing games unrelated to the employee's work assignment or responsibilities.
Abuse--Intentional destruction, denial of service or use, unauthorized alteration of software, hardware or information, or intentional circumvention of security rules.
Criminal--Illegal activities including fraud, personal gain, or copyright violations, etc.
MPRM Group networks, as well as computers, and users, will be assessed by the MPRM Group Computer Security Assessment Teams on a periodic and "for cause" basis.