United States Department of Transportation -  Federal Highway Administration  

FHWA Information Systems - UPACS Terms and Conditions of Use/Rules of Behavior



Revised on November 4, 2010
 
Terms and Conditions of Use
You are attempting to access a Federal computer system, which is the property of the United States Government. It is for authorized use only.

Unauthorized access to this United States Government computer system is prohibited by Title 18, "Crimes and Criminal Procedure", United States Code, Section 1030, "Fraud and Related Activity in Connection with Computers." Knowingly or intentionally accessing the computer system without authorization or with intent to defraud could result in a fine, imprisonment, or both.

To protect the system from unauthorized use, system administrators monitor this system. Anyone using this system expressly consents to such monitoring and is advised that if monitoring reveals possible evidence of criminal activity, such evidence may be provided to law enforcement officials.

Unauthorized or improper use of this system will result in administrative disciplinary action and civil and criminal penalties.

By continuing to use this system you indicate your awareness of and consent to the following "Rules of Behavior".

Rules of Behavior For a User
I will not knowingly introduce any malicious code into DOT computer systems nor will I attempt to bypass or circumvent its security features.

I will protect all passwords issued to me and will not disclose them to anyone. I will change my password immediately when I suspect that my password may have been compromised. I will not store any User-Id or Passwords in the Internet Explorer AutoComplete feature or in any file on my workstation.

I will immediately notify the appropriate system administrator or other designated access control manager when I no longer require access to FHWA systems because of transfer, completion of project, retirement, or termination of employment.

I will protect sensitive unclassified information from unauthorized access, disclosure, modification, misuse, damage, or theft regardless of where it is processed or stored.

I understand that as a user of FHWA systems, I may have access to sensitive information including but not limited to passwords, PINs, financial account names/numbers and must protect that information from unauthorized disclosure. This includes not only securing information printed from FHWA systems but ensuring that sensitive information displayed on my computer monitor is not visible to unauthorized individuals. I further understand that to protect sensitive information, I may have to locate my computer monitor or workstation screen away from doors, windows, or other openings in my work environment.

I will not disclose confidential data obtained through FHWA systems to anyone other than personnel who are authorized to view this data.

I will not try to access systems or data to which access has not been authorized and I understand that I will be held accountable for my actions on FHWA systems.

I will immediately notify the FHWA Information System Security Officer (ISSO) and appropriate system owner of any security incident or violation.

Personnel accessing social media/networking sites from organizational information systems will ensure that no confidential data/information obtained through the UPACS application will be shared external to the organization.

Federal law provides for punishment consisting of a fine under Title 18, U.S. Code and up to 10 years in jail for intentionally accessing a government information system without authorization, and altering, damaging, or destroying information, or preventing authorized use of the system.

System Sponsor Rules Of Behavior
I will adhere to all rules of behavior for users.

I will initiate each of my user's system access rights. I understand that for some FHWA systems, users will include State government employees and/or other FHWA business partners.

I will assign appropriate system rights to my users (e.g., read only, update, create documents and sign) and will submit user applications to the System Owner for approval or denial.

I will immediately delete users system access rights who no longer require access rights ( e.g., they terminate employment, change job assignments) once I am notified that access is no longer required.

I will only perform system functions assigned to me as a system sponsor for my user community and for the FHWA systems for which I am a sponsor and only those permitted by the FHWA system software.

I will in no way attempt to override security controls to allow me to perform functions other than what has been subscribed to me.

* System Owners must accept "System Sponsor Rules of Behavior" even if their system does not employ system sponsors.

System Owner Rules Of Behavior
I will adhere to all rules of behavior for users and system sponsors.

I will register and approve sponsors according to established procedures and standards and will apprise them of their responsibilities. I also agree to limit the number of sponsors to what is sufficient for adequate operation of the system.

I understand that I have the ultimate responsibility for the system and as such must enforce compliance with system and security requirements.

I understand that I am responsible for review and approval/disapproval of new user access requests and modifying submitted information as necessary.

I understand that I am responsible for review and approval/disapproval of all user access change requests.

I will remove system sponsor or user access rights from the system immediately upon notification that they are no longer needed.

I will maintain system status messages to communicate with users about current or future events of the application.

I will only perform system duties for users of the FHWA systems for which I am a system owner and only those actions permitted by the FHWA application software.

I will in no way attempt to override security controls to allow me to perform functions other than what has been subscribed to me.

I understand that when granting access to an application that has been identified as having Personally Identifiable Information (PII) or sensitive data, that I have documented (i.e. a log containing email and/or phone message etc) the need of that user to have access to that type of data as well as the person requesting access for the user.

I will perform a validation of my users every 30 days to ensure that they still require access and that all user information is correct and up-to-date.

UPACS Administrator Rules Of Behavior
I will adhere to all rules of behavior for users.

I will validate and approve each prospective User, both FHWA and Non FHWA. Note: For new FHWA users or FHWA contractors only - before a new FHWA user or an FHWA contractor is added to UPACS, I will physically check the user�s ID badge before granting access to UPACS. Note that some FHWA Employees and FHWA Contractors may not have badges. Therefore, if the user does not have a permanent ID badge, I will contact HQ Human Resources Services Group (HAHR-23) and ask the Human Resource Specialist if the user is a legitimate employee or contractor and if they have completed the background screening process required of all FHWA employees and contractors. The Human Resource Specialist will concur if the user is a legitimate employee and has gone thru the initial screening process required of all FHWA employees and contractors.

I will review user access applications; update user profile information as required, and approve assignment of user Ids.

I will perform password resets for my users only in accordance with established password reset procedures and will foster the use of strong passwords among my users.

I will reset a user's PIN according to established reset procedures ensuring that the user is required to enter a new PIN at the next login.

I will immediately transfer users who are no longer located in my user community (e.g., they change job assignments and move to new location) once I am notified that they have relocated.

I will immediately delete users who no longer require access rights (e.g., they terminate employment) once I am notified that access is no longer required.

I will perform a validation of my users every 30 days to ensure that they still require access and that all user information is correct and up-to-date.

I will only perform administration functions for my user community and only those permitted by the FHWA system software. I will in no way attempt to override security controls to allow me to perform functions other than what has been subscribed to me.

I understand that when granting access to an application that has been identified as having Personally Identifiable Information (PII) or sensitive data, that I have documented (i.e. a log containing email and/or phone message etc) the need of that user to have access to that type of data as well as the person requesting access for the user.

Super UPACS Administrator Rules Of Behavior
I will adhere to all rules of behavior for UPACS Administrators.

I will validate prospective user only in the absence of a UA. I will validate and approve each prospective User, both FHWA and Non FHWA. Note: For new FHWA users or FHWA contractors only - before a new FHWA user or an FHWA contractor is added to UPACS, I will physically check the user�s ID badge before granting access to UPACS. Note that some FHWA Employees and FHWA Contractors may not have badges. Therefore, if the user does not have a permanent ID badge, I will contact HQ Human Resources Services Group (HAHR-23) and ask the Human Resource Specialist if the user is a legitimate employee or contractor and if they have completed the background screening process required of all FHWA employees and contractors. The Human Resource Specialist will concur if the user is a legitimate employee and has gone thru the initial screening process required of all FHWA employees and contractors.

I will only modify user access rights or add users in conjunction with official approved requests. The exception to this is the creation and modification of test user Ids in test or development environments, which I am authorized to create at will without an official approved request.

I will only perform administration functions consistent with the reason (e.g., job function) I was given Super Administrator capability.

I will not use my Super Administrator capability to adversely affect the security of and/or the smooth operation of FHWA systems.

I will not abuse my Super Administrator capability by performing any action I am not authorized to perform and/or using my Super Administrator capability for personal gain.

I will maintain system status messages to communicate with users about current or future events of the system.

I understand that when granting access to an application that has been identified as having Personally Identifiable Information (PII) or sensitive data, that I have documented (i.e. a log containing email and/or phone message etc) the need of that user to have access to that type of data as well as the person requesting access for the user.



Exit
FHWA
United States Department of Transportation - Federal Highway Administration