Rules of Behavior Notice

NIH IPMS Acceptable Use Policy:

The following rules of behavior and acceptable use policy apply to all users of the NIH IPMS whether NIH employees or contractors. Because written guidance cannot cover every contingency, you are asked to go beyond the stated rules, using your best judgment and highest ethical standards to guide your actions. These rules are based on Federal laws and regulations and DHS/NIH policies. As such there are consequences for non-compliance.

Users of the NIH IPMS must comply with the following rules:

• Users are given access to this system based on a need to perform specific work. Users shall work within the confines of the access allowed and shall not attempt to access systems or applications to which access has not been authorized.
• Users shall protect any deemed sensitive information from disclosure to unauthorized individuals or groups. Classified information is not authorized for this system.
• Users shall protect hardcopy reports or documents from the IPMS commensurate with the categorization of the general support system, application, or security program included in the NIH IPMS.
• All users shall protect passwords from disclosure and shall not divulge them to anyone.
• Users shall not circumvent or attempt to circumvent any security countermeasures or safeguards.
• Users shall report any observed weaknesses in countermeasures or procedures to the IPMS  Information System Security Officer (ISSO).
• Users shall not attempt to circumvent or change system permission levels for the NIH IPMS.
• Any security violations or suspicions of security violations shall be reported immediately to the NIH IPMS System Administrator.
• All questions or problems concerning security shall be forwarded to the IPMS ISSO or System Administrator.
   

Non-Compliance

Any violation of the rules of behavior shall be considered a security incident. If the incident is deemed willful, it will be escalated to a security violation. Depending on the number of security violations and the specific information involved, disciplinary action for the violation may consist of a letter or warning/caution, revocation of access to the NIH IPMS, suspension, or removal. The individual may also be subject to criminal prosecution.

Acknowledgement

By logging into and accessing the NIH IPMS, you acknowledge that you understand and will comply with these rules of behavior when using the NIH IPMS. Non-compliance or behavior inconsistent with these rules can result in immediate suspension from the NIH IPMS or disciplinary action, which my lead to investigation, as appropriate.