SECURITY AND PRIVACY NOTICE
and
RULES of BEHAVIOR

This system has been Certified and Accredited

Cloud services and security provided by: XaaS, Inc.

SECURITY NOTICE

This web site is part of a Federal computer system and is the property of the United States Government. It is for authorized use only. This web site is monitored for security purposes to ensure it remains available and to protect information in the system. Software programs and additional equipment are used to monitor network traffic to identify unauthorized attempts to access, obtain, alter, damage or destroy information, or otherwise to interfere with the system or its operation. Any and all uses of this system and all files on this system may be intercepted, monitored, recorded, copied, audited, inspected, and disclosed to law enforcement personnel.

Unauthorized attempts to defeat or circumvent security features, to use the system for other than intended purposes, to deny service to authorized users, to access, obtain, alter, damage, or destroy information, or otherwise to interfere with the system or its operation is prohibited. Evidence of such acts may be disclosed to law enforcement authorities and result in criminal prosecution under the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act of 1996, codified at section 1030 of Title 18 of the United States Code, or other applicable criminal laws.

By continuing to use this system you indicate your awareness of and consent to these terms and conditions of use. If you do not agree to the conditions stated in this notice, Please leave this web site.

PRIVACY NOTICE

Our privacy policy is clear: We will collect no personal information about you when you visit our website unless you choose to provide that information to us.

Here is how we handle information about your visit to our website:

Information Collected and Stored Automatically

If you do nothing during your visit but browse through the website, read pages, or download information, we will gather and store certain information about your visit automatically. This information does not identify you personally. We automatically collect and store only the following information about your visit:

  1. The Internet domain (for example, "xcompany.com" if you use a private Internet access account, or "yourschool.edu" if you connect from a university's domain) and IP address (an IP address is a number that is automatically assigned to your computer whenever you are surfing the Web) from which you access our website

  2. The type of browser and operating system used to access our site; 

    3.  

  3. The date and time you access our site;

    4.  

  4. The pages you visit; and

    5.  

  5. If you linked to this site from another website, the address of that website.

    6.  

  6. If a logon identifier was required to access this site it may be used in a security processor to enhance the user's experience of this site;

  7. Some web sites require the user accept a "session cookie" to provide a more personalized browser experience. These files are temporary and will be removed from the user's computer when the web browser is closed.

We use this information to help us make our site more useful to visitors – to learn about the number of visitors to our site and the types of technology our visitors use. We do not track or record information about individuals and their visits. 

If You Send Us Personal Information

If you choose to provide us with personal information -- as in an e-mail to or by filling out a form with your personal information and submitting it to us through our website -- we use that information to respond to your message and to help us get you the information that you have requested. We do not collect personal information for any purpose other than to respond to you. We only share the information you give us with another government agency if your inquiry relates to that agency, or as otherwise required by law. Moreover, we do not create individual profiles with the information you provide or to give it to any private organizations. No information is collected for commercial marketing.

I. General Rules of Behavior

These Rules of Behavior (Rules) establish the principles for the use of (FIDO.gov) information technology (IT) resources operated within the XaaS, Inc. cloud computing environment. The purpose of these Rules is to increase individual awareness and responsibility and to ensure that all users utilize FIDO.gov IT resources in an efficient, ethical, and lawful manner. I understand that I must read and acknowledge these Rules to receive access to FIDO.gov IT resources, and I agree to comply with all FIDO.gov IT policies, practices, and procedures to include the following specific provisions:

1. I will only use user IDs for which I am authorized and will not divulge my user ID or account access procedures to any unauthorized user.

2. I consent to monitoring and security testing to ensure proper security procedures and appropriate usage are being observed for FIDO.gov IT resources.

3. I recognize that I should notify the FIDO.gov Support Team of all reportable incidents of IT security (viruses, unauthorized access, theft, inappropriate use, etc.). (A reportable incident is defined in the FIDO.gov IT Security Program Policy.)

4. I will not make or use unauthorized copies of copyrighted software, except as permitted by law or by the owner of the copyright.

5. I understand that FIDO.gov IT resources, including e-mail accounts, are for authorized Government use only and in accordance with FIDO.gov policy. I agree not to use FIDO.gov IT resources for fraudulent, harassing or sexually explicit messages and/or materials. I understand that the data and files contained on my Government computer are the property of the U.S. Government and that no right to personal privacy is guaranteed or inferred. Additionally, I will not send, retain nor proliferate any such material on any Government systems.

6. I am responsible for protecting and maintaining to the best of my ability, any information used or stored in my accounts. I will not attempt to access any data or programs contained on systems for which I am not authorized nor have explicit consent of the data/program owner.

7. When I no longer require access to FIDO.gov IT resources, I will notify my immediate supervisor, and make no further attempt to access these resources.

8. I will get a property pass from my operating unit’s property custodian or designee before I take home any government owned equipment. I only will use this equipment for government related business and in accordance with FIDO.gov policy.

9. I understand that for access to multi-user FIDO.gov IT systems, users are required to invoke a login process requiring user IDs and passwords.

10. I understand that passwords are required for accounts on FIDO.gov computers. I will manage my passwords in accordance with the FIDO.gov Policy on Password Management and any password policy in effect within my Operating Unit.

11. I will lock my personal computer (PC) when I need to be away from my office for more than 15 minutes, by logging off the network or using a password-protected screen saver or other security package that prevents unauthorized access to my PC. I will shut down the system when no longer in use during duty hours.
 

II. Software Copyright Rules of Behavior

 1. Install only software authorized by the system owner.

2. Follow all provisions of the licensing agreements issued with the software and register organizational (governmental) ownership.

3. Do not make any illegal copies of copyrighted software. Normally the license will allow a single copy to be made for archival purposes. If the license is for multiple users, do not exceed the authorized number of copies.

4. Maintain written records of software installed on each system and ensure that a license or other proof of government ownership is on file for each piece of software.

5. Store licenses, software manuals, and procurement FIDO.gov documentation in a secure location (e.g., closed file cabinet, etc.).

6. When upgrades to software are purchased, dispose of the old version in accordance with the licensing agreement to avoid a potential violation. Upgraded software is considered a continuation of the original license, not an additional license.

7. If a copy of any software is detected that may not be copied or used consistent with the license associated with that software, then the system owner and/or the system support staff should be notified immediately so that appropriate action can be taken.

8. If resources are protected by copyright or patent, they cannot be used except consistent with such copyright or patent.

9. Any data that is extracted from a sensitive database containing Personal Identifiable Information (PII) must be destroyed within 90 days. If there is still a need for the information the Security Officer must be informed of the need and the data’s location in writing immediately.

I further understand that failure to abide by these Rules may constitute grounds for termination of access privileges, administrative actions such as disciplinary actions, and/or criminal prosecution, if warranted. I acknowledge that my activities will be supervised and reviewed.