Computer Use Agreement

Appropriate use of Laboratory computing resources

Print Computer Use Agreement

This agreement applies to all users of Brookhaven National Laboratory’s computer resources, which include Laboratory owned computers, computer systems, networks, storage, printers and portable/mobile devices, as well as all methods of access, whether local or remote. Computer resources are provided to support the Laboratory’s official business.

Privacy

The Laboratory monitors its computer resources to detect improper use. Investigation of detected improper use may result in confiscation of the offending device for confirmation and evidence gathering by appropriate authorities.

Use of the Laboratory's computer resources implies consent to review and disclose information and usage upon violation of this agreement or when mandated by law. Violations will result in consequences including, but not limited to, loss of access to computer resources, administrative disciplinary action, and civil and criminal penalties.

Responsibilities of Computer Users

• Be aware of, knowledgeable about, and comply with the requirements of the BNL Cyber Security Program as described in SBMS.
• Follow BNL policy regarding the use and protection of accounts and passwords.
• Protect sensitive information and Personally Identifiable Information (PII) in accordance with the requirements set forth in the Operations Security (OPSEC) and PII SBMS Subject Areas.
• Observe licensing and other computer-related contract provisions - particularly those that could expose the Laboratory to legal costs or damages if not followed.
• Ensure that computers under your control have virus-protection software installed and kept up to date.
• Keep computing systems properly configured and patched to remain compliant with current cyber security requirements. This function may be delegated to local system administrators or central IT staff.
• Participate in cyber security training and awareness.
• Report suspicious activity or known security violations to the Cyber Security Incident Response Team, security@bnl.gov or the Cyber Security Hotline at extension 8484.

Limited Personal Use

There is no inherent right for the personal use of the Laboratory's computer resources however limited use for personal purposes is allowed under the following criteria:

• Involves minimal additional expenses to the Laboratory.
• Does not interfere with the mission and operations of the Laboratory, interfere with job performance or delay or compromise the Laboratory’s projects.
• Does not compromise information security.
• Does not involve illegal activities.
• Does not involve operating a private business or supporting any political enterprise.
• Does not involve activities that could potentially embarrass the Laboratory or the DOE.
• Does not give the impression of acting in an official capacity when using computing resources for personal purposes.
• Personal use may be restricted if the above criteria are violated and personal use of classified computer resources is not permitted.

Appropriate Use

The following examples of personal use of Laboratory computer resources constitute acceptable activities that meet the criteria specified above.

• Ongoing education, self-training, and professional development.
• Personal correspondence and work on your own resume or those of family members.
• Work for charities and non-political local community groups.
• Good-taste Internet access.
• Limited use of instant messaging or internet-based phone programs.
• Research activities, such as reading newspapers and magazine articles, checking airline prices and schedules and purchasing tickets, browsing sales catalogs, comparing prices of automobiles, obtaining road maps, and checking accounts in credit unions and retirement plans.
• Occasional personal banking such as managing checking and savings accounts online or reviewing your retirement portfolio.

If you are unsure whether certain personal use of Lab computing is appropriate, contact the Cyber Security Office for clarification via email to security@bnl.gov or through the Cyber Security Hotline at x8484.

Inappropriate Use

The following are examples of inappropriate use of Laboratory computer resources and are prohibited.

• Accessing content that promotes hate language, harassments, or threats.
• Accessing content that ridicules others on the basis of race, creed, religion, sex, disability, nationality, or sexual orientation.
• Creating, downloading, viewing, storing, copying, or transmitting sexually oriented or sexually explicit material (e.g., pornography, child pornography)
• Gambling.
• Working for commercial purposes or supporting for-profit organizations that are outside the scope of your BNL appointment.
• Recommending products or services as being endorsed by BNL.
• Participating in any partisan political activity.
• Misleading someone into believing you are acting in an official capacity.
• Hosting services (such as web sites) that are not of general interest to the Laboratory.
• Using prohibited peer-to-peer (P2P) file sharing services, such as those listed at http://www.bnl.gov/cybersecurity/p2p.asp.
• Circumventing the perimeter firewall in a way that allows an internal machine to be accessed from an external, insecure network without first obtaining approval via the Cyber Security Management Information System. Example is forwarding an internal port to an external network.
• Creating and/or forwarding of chain letters and unrequested bulk email (SPAM).
• Using software, such as password-cracking tools and vulnerability scanners, without the consent of the Information Systems Security Manager (ISSM).
• Intentional use of software or techniques meant to disguise or circumvent the detection of computing activities on the BNL network.

This list should not be considered all-inclusive; please check with the Cyber Security Office about your proposed usage. Please reference DOE Order 203.1 “Limited Personal Use of Government Office Equipment Including Information Technology” for additional information and guidance.

References

• DOE Order 203.1.4.a, "Limited Personal Use of Government Office Equipment Including Information Technology"
• 10 CFR Part 727, "Computer Security; Access to Information on Department of Energy Computers and Computer Systems"
• SBMS Unclassified Cyber Security Subject Area
• SBMS Interim PII Subject Area
• Operations Security (OPSEC) SBMS Subject Area

Signature

All users are required to have a signed copy of this document on file with Human Resources prior to using BNL computer resources. By signing this form you are acknowledging that you have read, understand, and agree to comply with the above principles governing the use of Brookhaven National Laboratory computer resources.

Note: If a BNL employee, guest, or contractor does not have a signed copy of the Computer Use Agreement on file, then accounts for access to BNL computing resources will be denied and computer access will be limited to the BNL visitor network only.

Print Computer Use Agreement Form

You must have the Adobe Acrobat Reader software installed in order to view and print this file. Obtain the Reader, or troubleshoot common technical problems when trying to view these PDF files.

Computer Use Agreement (pdf)
For all users of Brookhaven’s computers and networks and all methods of access, whether local or remote.

Signed Computer Use Agreements for employees and contractors are to be sent to Human Resources.  The signed forms can be sent via inter-office mail to Bonnie Miller, Building 400B. Signed forms can also be faxed to HR at 631-344-3195 or be sent via email to cua@bnl.gov.

Signed forms for guests and visitors are handled by the RHIC and AGS Users Center.  Guest and Visitor forms can be emailed to guvcenter@bnl.gov.  For additional contact information on the Users Center click here.

Revision History

Changes to Computer Use Agreement - 3/17/2009

Changed wording in two Inappropriate Use bullets to reflect the intent to access inappropriate content instead of the inadvertent access to an inappropriate site. Wording changed from:

> Supporting or accessing sites that ...
to
> Accessing content that ...

The bullet on the use of password cracking tools was changed to require consent from the ISSM instead of express written consent from the CPPM. The new wording reflects actual operations.

> without the express written consent of the Cyber Protection Program Manager (CPPM).
to
> without the consent of the Information Systems Security Manager (ISSM).

If you have a question that is not addressed in these pages, please send an email to itdhelp@bnl.gov.

Last Modified: March 23, 2010
Please forward all questions about this site to: Web Services

One of ten national laboratories overseen and primarily funded by the Office of Science of the U.S. Department of Energy (DOE), Brookhaven National Laboratory conducts research in the physical, biomedical, and environmental sciences, as well as in energy technologies and national security. Brookhaven Lab also builds and operates major scientific facilities available to university, industry and government researchers. Brookhaven is operated and managed for DOE's Office of Science by Brookhaven Science Associates, a limited-liability company founded by the Research Foundation for the State University of New York on behalf of Stony Brook University, the largest academic user of Laboratory facilities, and Battelle, a nonprofit, applied science and technology organization.

Privacy and Security Notice  | Contact Web Services for help