Acceptable Use of SLAC Information Resources

1.             OVERVIEW

SLAC information resources are U.S. government property and, as such, are subject to "appropriate use" requirements found in federal law and the provisions of the SLAC contract.  Access to and use of SLAC computer resources is conditional upon adherence to the policies established for those individual resources, and to the general Stanford policies on Computer and Network Usage.

2.             PURPOSE

The purpose of this policy is to outline the acceptable use of SLAC information resources and ensures that proper control is setup to maintain the confidentiality, integrity and availability of information processing and communication services on systems managed by SLAC.  Inappropriate use exposes SLAC to risks including virus attacks, compromise of network systems and services, and legal issues.

3.             SCOPE

This policy applies to all employees, contractors, consultants, temporaries and other workers at SLAC, including all personnel affiliated with third parties (“User”). This policy applies to all SLAC information resources, including but not limited to computers, systems and networks that are managed by SLAC and equipment not owned by SLAC or DOE but connect to the SLAC network and/or use SLAC information resources.

4.             POLICY

A.   The SLAC information resources are government assets for SLAC-related business use. Unauthorized use is prohibited. Minor incidental personal use is permitted.  See Limited Personal Use of Government Office Equipment including Information Technology

B.    Users have an affirmative duty to report suspected misuse of SLAC information resources at once. Contact the Computing Division help line (x4357 option 3) or Computer Information Security Officer (CISO).

C.    All SLAC and Stanford policies apply to User’s conduct while using SLAC information resources especially, but not exclusively, policies on intellectual property, misuse of resources, harassment, and information and data security.

D.   SLAC computer accounts are normally intended for use only by the individual assigned to that account. Each account holder is responsible for the resources used by that account and for taking necessary precautions to prevent others from using the account. Shared accounts require adequate justification and explicit authorization from the CISO. Users shall not seek to gain or enable unauthorized access to information resources.

E.    Passwords must be chosen with care and not divulged to anyone. Different classes of system, for example business systems, scientific computing systems and accelerator control systems have different requirements on user passwords. Users are responsible for following the password policies for the systems on which they have accounts.

F.    Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which SLAC or the end user does not have an active license is strictly prohibited.

G.   Before leaving a system unattended, it must be adequately protected, e.g. with a screen saver or logged off.

H.   Users must safeguard legally protected information subject to privacy laws or confidentiality requirements.

I.      Circumventing security controls is prohibited.

J.     Under no circumstance is a User authorized to engage in any activity that is illegal under local, state, federal or international law while utilizing SLAC owned resources.

K.   Use of SLAC's electronic communication facilities to send fraudulent, harassing, obscene (i.e. pornographic), threatening, racial, sexual or other unlawful messages is prohibited and illegal, as is use of SLAC information resources for lobbying of any kind.

L.    SLAC reserves the right to audit networks and systems using SLAC information resources on a periodic basis to ensure compliance with this policy.

5.             Violation of POlicy

Any SLAC employee found to have intentionally violated this policy shall be subject to disciplinary action up to and including termination.  A User violating this policy may have his/her computer removed from the network and any SLAC network or computer access disabled. Reinstatement will require the review and approval of the Chief Information Officer (CIO) with concurrence from the appropriate Associate Lab Director. Equipment may be confiscated for forensic review with concurrence or direction from Legal and/or Human Resources.

6.             Exceptions to Policy

Any exception to this policy must be in writing and approved by the CISO with concurrence from the CIO.

7.             Updating this policy

The CISO or his designee will update this policy as necessary to comply with new laws and regulations and will review it at least biennially.

8.             References

Related SLAC or Stanford Policies, Memos or Directives:

Stanford University Computer and Network Use Policy

Stanford Information Security Incident Response

Limited Personal Use of Government Office Equipment including Information Technology

Related Computer Security References:

Use of SLAC Information Resources Guidelines

Definition: The term “users” applies to all SLAC staff, contractors, assignees, visitors, and individuals that have custody of or access to SLAC information, systems, or network.

Reviewed: January 2012

Owner: SLAC Computing Division

Last updated January 19, 2012 (updated links and acronyms)

For comments or corrections contact: security @slac.stanford.edu