Acceptable Use Agreement

 

1. By signing this document, you acknowledge and consent that when you access Department of Defense (DoD) Information Systems (ISs):

 

1. You are accessing a U.S. Government (USG) IS (which includes any device attached to this IS) that is provided for U.S. Government-authorized use only.

 

2. You consent to the following conditions:

 

1)       This U.S. Government routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, communications security (COMSEC) monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CO) investigations.

 

2)       At any time, the Government may inspect and seize data stored on this IS.

 

3)       Communications using, or data stored on, this information system are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any U.S. Government-authorized purpose.

 

4)       This IS system includes security measures (e.g., authentication and access controls) to protect U.S. Government interests—not for your personal benefit or privacy.

 

5)       Notwithstanding the above, using an IS does not constitute consent to personnel misconduct, law enforcement, or counterintelligence investigative searching or monitoring of the content of privileged communications or data (including work product) that are related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Under these circumstances, such communications and work product are private and confidential, as further explained below:

 

a.       Nothing in this User Agreement shall be interpreted to limit the user's consent to, or in any other way restrict or affect, any U.S. Government actions for purposes of network administration, operation, protection, or defense, or for communications security. This includes all communications and data on an IS, regardless of any applicable privilege or confidentiality.

 

b.      The user consents to interception/capture and seizure of ALL communications and data for any authorized purpose (including personnel misconduct, law enforcement, or counterintelligence investigation). However, consent to interception/capture or seizure of communications and data is not consent to the use of privileged communications or data for personnel misconduct, law enforcement, or counterintelligence investigation against any party and does not negate any applicable privilege or confidentiality that otherwise applies.

 

c.       Whether any particular communication or data qualifies for the protection of a privilege, or is covered by a duty of confidentiality, is determined in accordance with established legal standards and DoD policy.  Users are strongly encouraged to seek personal legal counsel on such matters prior to using an IS if the user intends to rely on the protections of a privilege or confidentiality.

 

d.      Users should take reasonable steps to identify such communications or data that the user asserts are protected by any such privilege or confidentiality. However, the user's identification or assertion of a privilege or confidentiality is not sufficient to create such protection where none exists under established legal standards and DoD policy.

 

e.       A user's failure to take reasonable steps to identify such communications or data as privileged or confidential does not waive the privilege or confidentiality if such protections otherwise exist under established legal standards and DoD policy. However, in such cases the U.S. Government is authorized to take reasonable actions to identify such communication or data as being subject to a privilege or confidentiality, and such actions to not negate any applicable privilege or confidentiality.

 

f.       These conditions preserve the confidentiality of the communication or data, and the legal protections regarding the use and disclosure of privileged information, and thus such communications and data are private and confidential. Further, the U.S. Government shall take all reasonable measures to protect the content of captured/seized privileged communications and data to ensure they are appropriately protected.

 

6)       In cases when the user has consented to content searching or monitoring of communications or data for personnel misconduct, law enforcement, or counterintelligence investigative searching (i.e., for all communications and data other than privileged communications or data that are related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants), the U.S. Government may, solely at its discretion and in accordance with DoD policy, elect to apply a privilege or other restriction on the U.S. Government's otherwise-authorized use or disclosure of such information.

 

7)       All of the above conditions apply regardless of whether the access or use of an IS includes the display of a Notice and Consent Banner ("banner"). When a banner is used, the banner functions to remind the user of the conditions that are set forth in this User Agreement, regardless of whether the banner describes these conditions in full detail or provides a summary of such conditions, and regardless of whether the banner expressly references this User Agreement.

 

2.Understanding. I understand that I have the primary responsibility to safeguard the information contained within the system from unauthorized or inadvertent modification, disclosure, destruction, denial of service and use. I will use Army information systems (computers, portable electronic devices (PEDs), systems, and networks) only for authorized purposes.

 

3.Access. Access to the system is for official use and authorized purposes and as set forth in DoD 5500.7-R, "Joint Ethics Regulation" or as further limited by this policy.

 

4.Revocability. Access to Army resources is a revocable privilege and is subject to content monitoring and security testing.

 

5.Information processing.  The system is approved to process information considered as Sensitive but Unclassified (SBU) and handled and protected as For Official Use Only (FOUO).

 

6.Minimum security rules and requirements. As a system user, the following minimum security rules and requirements apply:

 

a. I understand that I have no expectation of privacy with respect to any information, either official or personal, transmitted over, or stored within any Army IS to include information stored locally on the hard drive or other media including removable media or hand-held peripheral devices.

 

b. I will participate in all training programs as required (inclusive of threat identification, physical security, acceptable use policies, malicious content and logic identification, and non-standard threats such as social engineering) before receiving system access.

 

c. I will generate, store and protect passwords, pins and pass-phases. Passwords will be in keeping with AR 25-2 with a minimum of fifteen (15) characters and will include a minimum of two each uppercase letters, lowercase letters, numbers and special characters. I am the only authorized user of this account. I will not store my passwords on any processor, microcomputer, personal digital assistant (PDA), personal electronic device (PED), or on any magnetic or electronic media. I will not use my userid, common names, birthdays, phone numbers, military acronyms, call signs or dictionary words as passwords or pass-phrases.

 

d. I will not use Internet "chat" services including, but not limited to, America Online, Google, Microsoft Outlook express or Yahoo Instant Messenger on my Government Computer. If chat services are required, I will use my AKO account.

 

e. I will use virus-checking procedures before uploading or accessing information from any system, e-mail attachment or removable media.

 

f. I will not attempt to access or process data exceeding the authorized Information System (IS) classification level.

 

g. I will not alter, change, configure or use operating systems or programs, except as specifically authorized. This includes the Firefox browser which may only be authorized on a case-by-case basis with limited capabilities. The installation of Firefox add-ons is not authorized at any time.

 

h. I will not introduce executable code (such as, but not limited to, .exe, .com, .vbs or .bat files) without authorization, nor will I write malicious code.

 

i. I will safeguard and mark with the appropriate classification level all information created, copied, stored or disseminated from the IS and will not disseminate it to anyone without a specific need to know.

 

j. I will not utilize Army- or DoD-provided ISs for commercial financial gain or illegal activities.

 

k. I understand that all maintenance will be performed by a Command-designated System Administrator (SA) only.

 

l. I will never leave my IS unattended while I am logged on unless the IS is protected by CAC removal or other screen-locking protection.

 

m. I will immediately report any suspicious output, files, shortcuts or system problems to a SA and/or Information Assurance Security Officer (IASO) and cease all activities on the system.

 

n. I understand that each IS is the property of the Army and is provided to me for official and authorized uses. I further understand that each IS is subject to monitoring for security purposes and to ensure that use is authorized. I realize that I should not store data on the IS that I do not want others to see.

 

o. I understand that monitoring of the system will be conducted for various purposes and information captured during monitoring may be used for administrative or disciplinary actions or criminal prosecution. I understand that the following activities define unacceptable uses of an Army IS:

 

1)      For personal commercial gain or illegal activity (e.g., Ebay activity or the sharing of copyrighted material)

 

2)      Use of the IS in any manner that interferes with official duties, undermines readiness, reflects adversely on the Army or violates standards of ethical conduct.

 

3)      To release, disclose or alter information without the consent of the data owner, the Original Classification Authority (OCA) as defined by AR 380-5, the individual's supervisory chain of command, Freedom of Information Act (FOIA) official, Public Affairs Office (PAO) or disclosure officer's approval.

 

4)      To attempt to strain, test, circumvent, bypass security mechanisms or perform network or keystroke monitoring. Nor attempt to mask or hide my identity, or to try to assume the identity of someone else. I will not run "sniffer" or any hacker-related software on my IS.

 

5)      Modify the system equipment or software, use it in any manner other than its intended purpose, introduce malicious software or code or add user-configurable or unauthorized software (e.g., instant messaging, peer-to-peer applications).

 

6)      Disable or remove security or protective software or mechanisms and their associated logs.

 

7.Acknowledgement. I have read the above requirements regarding use of the system. I understand my responsibilities regarding the system and the information contained within it.