The Bureau of the Fiscal Service (Fiscal Service) Security Rules of Behavior (Rules of Behavior) for Internal Users
PURPOSE:
The Rules of Behavior define responsibilities and procedures for the secure use of Fiscal Service data, equipment, information technology (IT) systems, and facilities. By reading and signing the Rules of Behavior, Users (defined below) acknowledge their responsibility for complying with the Rules of Behavior.
SCOPE:
The Rules of Behavior apply to Users (not public users) who access or maintain any Fiscal Service data, equipment, IT systems, or facilities, regardless of location, e.g., at regular duty station, at telework, or on travel. Users are individuals who have access to Fiscal Service data, equipment, IT systems or facilities for the purpose of performing work on behalf of Fiscal Service. Examples of Users include, but are not limited to, Fiscal Service employees, employees of contractors, sub-contractors, and agents. At Fiscal Service's discretion, certain individuals who have access to Fiscal Service data, equipment, IT systems, or facilities may not be considered Users under this definition and as such may not be required to sign these Rules of Behavior. In addition to the rules and requirements contained within this document, Users should note that other federal laws and regulations apply when accessing Fiscal Service resources (e.g., licensing agreements and copyright laws), but are considered outside the scope of this document.
Users SHALL:
Follow these rules regarding Fiscal Service facilities:
- Use facilities properly and follow laws, regulations, and policies governing the use and entrance to such facilities.
- Not threaten any person or organization.
- Not commit acts of violence against any person, organization, equipment, or facility.
- Not bring prohibited items (for example weapons) into a Fiscal Service facility.
- Comply with facility entrance and exit security screening procedures.
Follow these rules regarding Fiscal Service data, equipment, and IT systems:
- Use Fiscal Service data, equipment, and IT systems properly; following laws, regulations, and policies governing the use of such resources (BLSRs, TD-P 85-01, TD-P 15-71, Email and Instant Messaging Policy).
- Protect Fiscal Service equipment, software, and data in their possession from loss, theft, damage, and unauthorized use or disclosure.
- Secure mobile media (paper and digital) based on the sensitivity of the information contained.
- Use appropriate sensitivity markings on mobile media (paper and digital).
- Promptly report any known or suspected security breaches or threats, including lost, stolen, or improper/suspicious use of Fiscal Service data, equipment, IT systems, or facilities to the Service Desk at 304-480-7777.
- Not attempt to circumvent any security controls.
- Logoff, lock, or secure workstation/laptop from unauthorized access to Fiscal Service IT systems or services when leaving a workstation/laptop unattended.
- Not read, alter, insert, copy, or delete any Fiscal Service data except in accordance with assigned job responsibilities, guidance, policies, or regulations. The ability to access data does not equate to authority to access data. In particular, Users must not browse or search Fiscal Service data except in the performance of authorized duties.
- Not reveal any data processed or stored by Fiscal Service except as required by job responsibilities and within established procedures.
- Dial-in or other remote access to Fiscal Service is prohibited, unless specifically authorized by Fiscal Service's Chief Information Officer (CIO) or designee.
- Not install or use unauthorized software on Fiscal Service equipment.
- Retrieve all hard copy sensitive printouts in a timely manner.
- Take reasonable precautions to prevent unauthorized individuals from viewing screen contents or printed documents.
- Not open e-mail attachments, or click links, from unknown or suspicious sources.
- Be responsible for all activities associated with their assigned user IDs, passwords, access tokens, identification badges, Personal Identity Verification cards, or other official identification device or method used to gain access to Fiscal Service data, equipment, IT systems, or facilities.
- Use only equipment and software provided by Fiscal Service or that has been approved for use by Fiscal Service's CIO or designee to conduct Fiscal Service business.
- Comply with Fiscal Service social media policy, including restrictions on publishing Fiscal Service information to social media and public websites.
Follow these rules regarding access credentials:
- Protect passwords from improper disclosure. Do not reveal passwords, PINs, or other access credentials. Password or PIN disclosure is considered a security violation and is to be reported as such.
- Do not share passwords with anyone else or use another person's password or other access credential such as, but not limited to, someone else's PIV card.
- Change passwords as required by expiration dates.
- Choose hard to guess, non-dictionary passwords that use a minimum of eight alphanumeric characters containing at least one numeric character and two alpha characters, both UPPER and lower case, and include a special character.
Violation of these rules may be grounds for legal and/or administrative action by the Fiscal Service and may result in actions up to and including disciplinary action, termination of access, termination of employment, contract termination, and/or prosecution under federal law.
Rules of Behavior for External Users
The Bureau of the Fiscal Service (Fiscal Service) Security Rules of Behavior (Rules of Behavior) for External Users
PURPOSE:
The Rules of Behavior define
responsibilities and procedures for the secure use of Fiscal Service data, equipment, information technology (IT) systems, and facilities. By reading and signing the Rules of Behavior, External Users (defined below) acknowledge their responsibility for complying with the Rules of Behavior.
SCOPE:
The Rules of Behavior apply to External Users (not public users) who access or maintain any Fiscal Service data, equipment, IT systems, or facilities, regardless of location, e.g., at regular duty station, at telework, or on travel. External Users are considered to be any individuals who have access to Fiscal Service data, equipment, IT systems or facilities, or individuals who have an account on a Fiscal Service Information Technology (IT) system for the purpose of performing work/conducting business on behalf of an organization other than Fiscal Service. Examples of external users include, but are not limited to, employees, contractors and sub-contractors (and their employees) of: Federal Program Agencies, the legislative and judicial branches, Government Corporations (as defined by title 5 U.S.C. § 103 (1)), State and Local governments employees, and private collection agencies. At Fiscal Service's discretion, certain individuals who have access to Fiscal Service data, equipment, IT systems, or facilities may not be considered External Users under this definition and as such may not be required to sign these Rules of Behavior. In addition to the rules and requirements contained within this document, External Users should note that other federal laws and regulations apply when accessing Fiscal Service resources (e.g., licensing agreements and copyright laws), but are considered outside the scope of this document.
External Users SHALL:
Follow these rules regarding Fiscal Service facilities:
- Use facilities properly and follow laws, regulations, and policies governing the use and entrance to such facilities.
- Not threaten any person or organization.
- Not commit acts of violence against any person, organization, equipment, or facility.
- Not bring prohibited items (for example weapons) into a Fiscal Service facility.
- Comply with facility entrance and exit security screening procedures.
Follow these rules regarding Fiscal Service data, equipment, and IT systems:
- Use Fiscal Service data, equipment, and IT systems properly; following laws, regulations, and policies governing the use of such resources.
- Protect Fiscal Service equipment, software, and data in their possession from loss, theft, damage, and unauthorized use or disclosure.
- Secure mobile media (paper and digital) based on the sensitivity of the information contained.
- Use appropriate sensitivity markings on mobile media (paper and digital).
- Promptly report any known or suspected security breaches or threats, including lost, stolen, or improper/suspicious use of Fiscal Service data, equipment, IT systems, or facilities to the Service Desk at 304-480-7777.
- Not attempt to circumvent any security controls.
- Logoff, lock, or secure workstation/laptop from unauthorized access to Fiscal Service IT systems or services when leaving a workstation/laptop unattended.
- Not read, alter, insert, copy, or delete any Fiscal Service data except in accordance with assigned job responsibilities, guidance, policies, or regulations. The ability to access data does not equate to authority to access data. In particular, External Users must not browse or search Fiscal Service data except in the performance of authorized duties.
- Not reveal any data processed or stored by Fiscal Service except as required by job responsibilities and within established procedures.
- Dial-in or other remote access to Fiscal Service is prohibited, unless specifically authorized by Fiscal Service's Chief Information Officer (CIO) or designee.
- Not install or use unauthorized software on Fiscal Service equipment.
- Retrieve all hard copy sensitive printouts in a timely manner.
- Take reasonable precautions to prevent unauthorized individuals from viewing screen contents or printed documents.
- Not open e-mail attachments, or click links, from unknown or suspicious sources.
- Be responsible for all activities associated with their assigned user IDs, passwords, access tokens, identification badges, Personal Identity Verification cards, or other official identification device or method used to gain access to Fiscal Service data, equipment, IT systems, or facilities.
- Use only equipment and software provided by Fiscal Service or that has been approved for use by Fiscal Service's CIO or designee to conduct Fiscal Service business.
- Comply with Fiscal Service social media policy, including restrictions on publishing Fiscal Service information to social media and public websites.
Follow these rules regarding access credentials:
- Protect passwords from improper disclosure. Do not reveal passwords, PINs, or other access credentials. Password or PIN disclosure is considered a security violation and is to be reported as such.
- Do not share passwords with anyone else or use another person's password or other access credential such as, but not limited to, someone else's PIV card.
- Change passwords as required by expiration dates.
- Choose hard to guess, non-dictionary passwords that use a minimum of eight alphanumeric characters containing at least one numeric character and two alpha characters, both UPPER and lower case, and include a special character.
Violation of these rules may be grounds for legal and/or administrative action by the Fiscal Service and may result in actions up to and including termination of access, contract termination, and/or prosecution under federal law.