The following DLA General Rules of Behavior delineate the responsibilities of, and expectations for, all individuals with access to DLA systems, networks, and internal web sites.
What is the purpose of the Rules of Behavior?
The DLA Rules of Behavior summarize laws and guidelines from various DLA and Department of Defense (DOD) documents.
What are Rules of Behavior?
Rules of Behavior support accomplishing a Defense-in-Depth strategy of Information Assurance (IA) initiatives. These guidelines were established to hold users accountable for their actions and responsible for information security. Rules of Behavior establish standards of actions in recognition of the fact that knowledgeable users are the foundation of a successful security program. The Rules of Behavior highlight the need for users to understand that taking personal responsibility for the security of a computer and the data it contains is an essential part of their job.
Who is covered by these rules?
These rules are to be followed by the entire DLA workforce (civilian, military, and contractor) with access to DLA systems, networks, and internal web sites. This DLA workforce should be fully aware of, and abide by, DLA security policies as well as related DOD policies.
What are the penalties for Noncompliance?
Noncompliance to these rules will be enforced through sanctions commensurate with the level of infraction. Actions may result in removal of system access.
Misuse of Privacy Act data may result in civil and criminal charges and fines.
USER RESPONSIBILITIES
USERS WILL:
Safeguard the information contained in DLA systems from unauthorized or inadvertent modification, disclosure, destruction, denial of service, and
use. DLA systems, networks, and internal web sites are for official use and authorized purposes in accordance with DOD 5500.7-R, Joint Ethics Regulation
Information is subject to monitoring and security testing.
Screen-lock the computer or log off when leaving the work area.
Report known or suspected incidents immediately.
Use DLA computers only for lawful and authorized purposes.
Comply with safeguards, policies, and procedures to prevent unauthorized access to DLA computer systems.
Comply with terms of software licenses and only use licensed and authorized
software. Do not install single-license software on shared hard drives or
servers.
Choose strong Passwords that are at least eight characters in length that
include at least one capital letter, one lower case letter, one special
character, and one number. Change the Password at least every 90 days.
Not share Login IDs or account Passwords with anyone.
Recognize the accountability assigned to a Login ID and Password. Each user
must have a unique ID to access DLA systems. Recognize that Login IDs
identify an individual's actions on DLA systems and the Internet. Individual
user activity is recorded, including sites and files accessed on the
Internet.
Use authorized virus scanning software on the workstation or PC and the home
computer. Know the source before using diskettes or downloading files. Scan
files for viruses before opening them.
Know your data and properly classify and protect all data inputs and outputs
according to their sensitivity and value. Label sensitive media and ensure
that sensitive information is removed from hard disks that are sent out for
maintenance. Classified data shall be processed on classified systems only.
Use the email system for official Government business, ensuring email
messages are professional and accurately states DLA and DOD policies and
positions.
Not send sensitive information over the Internet unless it has been encrypted.
Not generate or send offensive or inappropriate email messages, images, or
sound files. Limit distribution of email to only those who need to receive it.
NOTE: The user is identified as a user of DLA's computer systems when logged
onto the Internet.
Learn about information security to help the Information Assurance Officer (IAO) and Terminal Area Security Officer (TASO). Numbers alone
make users the most important security asset. Compared to one IAO or TASO per DLA application or system, users offer many eyes and ears to detect
threats to DLA information systems.