BNL Home

Policies Home

Appropriate Use of Laboratory Computing Resources

This agreement applies to all users of Brookhaven National Laboratory’s computer resources, which include Laboratory owned computers, computer systems, networks, storage, printers and portable/mobile devices, as well as all methods of access, whether local or remote. Computer resources are provided to support the Laboratory’s official business. The Code of Federal Regulations 10 CFR 727 made it law that individuals utilizing DOE computers must have acknowledged in writing that there is no expectation of privacy in the use of DOE computers.

Computer Use Agreement (CUA)

All users are required to take the online Computer Use Agreement Course and digitally sign it prior to using BNL computer resources. By digitally signing this online course you are acknowledging that you have read, understand, and agree to comply with the principles governing the use of Brookhaven National Laboratory computer resources.

  1. If you are a current BNL employee or guest that already has a signed paper copy of the Computer Use Agreement (CUA) on file, a digital CUA is not required.
  2. If a BNL employee, guest, or contractor does not have a signed Computer Use Agreement (digital or paper copy), then accounts for access to BNL computing resources will be denied and computer access will be limited to the BNL visitor network only.

Take the CUA Course


The Laboratory monitors its computer resources to detect improper use. Investigation of detected improper use may result in confiscation of the offending device for confirmation and evidence gathering by appropriate authorities.

Use of the Laboratory's computer resources implies consent to review and disclose information and usage upon violation of this agreement or when mandated by law. Violations will result in consequences including, but not limited to, loss of access to computer resources, administrative disciplinary action, and civil and criminal penalties.

Responsibilities of Computer Users

  • Be aware of, knowledgeable about, and comply with the requirements of the BNL Cyber Security Program.
  • Follow BNL policy regarding the use and protection of accounts and passwords.
  • Protect sensitive information and Personally Identifiable Information (PII) in accordance with the requirements set forth in the Operations Security (OPSEC) and PII SBMS Subject Areas.
  • Observe licensing and other computer-related contract provisions - particularly those that could expose the Laboratory to legal costs or damages if not followed.
  • Ensure that computers under your control have virus-protection software installed and kept up to date.
  • Keep computing systems properly configured and patched to remain compliant with current cyber security requirements. This function may be delegated to local system administrators or central IT staff.
  • Participate in cyber security training and awareness.
  • Report suspicious activity or known security violations to the Cyber Security Incident Response Team, or the Cyber Security Hotline at 344-8484.

Limited Personal Use

There is no inherent right for the personal use of the Laboratory's computer resources however limited use for personal purposes is allowed under the following criteria:

  • Involves minimal additional expenses to the Laboratory.
  • Does not interfere with the mission and operations of the Laboratory, interfere with job performance or delay or compromise the Laboratory’s projects.
  • Does not compromise information security.
  • Does not involve illegal activities.
  • Does not involve operating a private business or supporting any political enterprise.
  • Does not involve activities that could potentially embarrass the Laboratory or the DOE.
  • Does not give the impression of acting in an official capacity when using computing resources for personal purposes.
  • Personal use may be restricted if the above criteria are violated and personal use of classified computer resources is not permitted.

Appropriate Use

The following examples of personal use of Laboratory computer resources constitute acceptable activities that meet the criteria specified above.

If you are unsure whether certain personal use of Lab computing is appropriate, contact the Cyber Security Office for clarification via email to or through the Cyber Security Hotline at 344-8484.

  • Ongoing education, self-training, and professional development.
  • Personal correspondence and work on your own resume or those of family members.
  • Work for charities and non-political local community groups.
  • Good-taste Internet access.
  • Limited use of instant messaging or internet-based phone programs.
  • Research activities, such as reading newspapers and magazine articles, checking airline prices and schedules and purchasing tickets, browsing sales catalogs, comparing prices of automobiles, obtaining road maps, and checking accounts in credit unions and retirement plans.
  • Occasional personal banking such as managing checking and savings accounts online or reviewing your retirement portfolio.

Inappropriate Use

The following are examples of inappropriate use of Laboratory computer resources and are prohibited.

This list should not be considered all-inclusive; please check with the Cyber Security Office about your proposed usage. Please reference DOE Order 203.1 “Limited Personal Use of Government Office Equipment Including Information Technology” for additional information and guidance.

  • Accessing content that promotes hate language, harassments, or threats.
  • Accessing content that ridicules others on the basis of race, creed, religion, sex, disability, nationality, or sexual orientation.
  • Creating, downloading, viewing, storing, copying, or transmitting sexually oriented or sexually explicit material (e.g., pornography, child pornography)
  • Gambling.
  • Working for commercial purposes or supporting for-profit organizations that are outside the scope of your BNL appointment.
  • Recommending products or services as being endorsed by BNL.
  • Participating in any partisan political activity.
  • Misleading someone into believing you are acting in an official capacity.
  • Hosting services (such as web sites) that are not of general interest to the Laboratory.
  • Using prohibited peer-to-peer (P2P) file sharing services.
  • Circumventing the perimeter firewall in a way that allows an internal machine to be accessed from an external, insecure network without first obtaining approval via the Cyber Security Management Information System. Example is forwarding an internal port to an external network.
  • Creating and/or forwarding of chain letters and unrequested bulk email (SPAM).
  • Using software, such as password-cracking tools and vulnerability scanners, without the consent of the Information Systems Security Manager (ISSM).
  • Intentional use of software or techniques meant to disguise or circumvent the detection of computing activities on the BNL network.

Note: Only download the paper copy of the CUA if you cannot access the online course.