Security Policy, Rules of Behavior, and Penalties for Misuse

Employees or contractors entrusted with responsibilities for administering information You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.

By using this IS (which includes any device attached to this IS), you consent to the following conditions:

• The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.
• At any time, the USG may inspect and seize data stored on this IS.
• Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG authorized purpose.
• This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.

Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential.

Employees or contractors entrusted with responsibilities for administering information systems, or other privileged access to information systems, have a particularly important role in protecting the systems they access or administer and the Forest Service (FS) General Support System (GSS). FS employees and contractors with privileges access must understand and agree to their information security Responsibilities to be allowed privileged access or to administer FS information Systems.

I acknowledge that I understand and agree to comply with user responsibilities as stated in the Forest Service Manual (FSM) Chapter 6680, Security of Information, Information Systems, and Information Technology, and Interim Directives that supplement this chapter. If I do not understand a requirement, I will ask my supervisor for clarification. I understand that I also must comply with United States Department of Agriculture policies and procedures, and with federal, state, and local laws.

I will comply with Law Enforcement & Investigation (LEI) direction regarding the protection, handling, processing, transmission, distribution, and destruction of sensitive classification information designated as "restricted" and/or "Law Enforcement Sensitive".

I understand that I must complete a Computer Security Awareness course every year, and that I am required to take additional role-based security training.

I understand that I have been granted enhanced privileges in order to perform specific functions on systems that are part of a FS GSS, and that these privileges are to be used only to perform my assigned job responsibilities.

I will not use my privileges to grant myself or any other person unauthorized privileges, or to modify any access accounts, privileges, system configuration, or data in an unauthorized manner.

I understand that I have a special duty to safeguard FS information resources and will implement and operate enterprise measures to protect those resources, as instructed by Technical Information Bulletins (TIB), Standard Operating Procedures, or other directive.

I will exercise maximum care in protecting the enhanced access credentials with which I have been entrusted.

I understand that privileged access to FS information systems may be changed or revoked at the discretion of management, and maybe modified as roles and responsibilities change.

In the event that Personal Identification Information (PII) must be downloaded, physical transported out of Forest Service's secured, physical perimeters, or physically stored on personal devices, permission must be obtained in writing in advance from Law Enforcement and Investigation.

Any PII data downloaded will not be stored on any portable storage device including laptop, PDAs, flash drives, or external hard drives unless it is encrypted.

I will promptly report all suspected security incidents to be FS Computer Incident Response Team (CIRT) and/or my supervisor or other appropriate management officials(s) (FSM 6683.04f).