Department Of Commerce Office of Human Resources Management

ITA's Local Area Network (LAN) Security Policy

As a user of the ITA LAN, it is important that you are aware of the security controls that have been implemented for this system. The safeguards that have been instituted serve to protect the system and your data. Circumventing any of these could compromise the security of this system.

Who Can Access LAN?

Only those who have obtained permission and have attended the Network Security Briefing (which is normally a part of the New Employee Briefing) will be permitted to access the system. The network security briefing includes a description of the ITA LAN system, information to assist ITA personnel in setting up a network account, proper security procedures to follow and contacts for security concerns, general network questions, and assistance.

What the LAN May Be Used For

The LAN may be used only for official government business and is approved to process unclassified data. The LAN May Not be used to store, process, or transmit information that is classified (i.e., National Security classified information which labels such as Confidential, Secret, Top Secret, etc.).

Unclassified data may include information that is considered sensitive in nature which requires controlled distribution or access. Some examples of sensitive data are:

Privacy Act--Data that are private to an individual, including, but not limited to, education, qualifications, service data, criminal, employment history and social security number;
For Official Use Only--Data that are derived from authority or an investigative unit;
Financial--data to ensure the integrity of funds or other fiscal assets.
Management--Data requiring protection to guard against the disruption of operations or normal management practices;
Proprietary--Data which is the exclusive property of a civilian organization or individual which is on loan to the government for use in evaluating or adjudicating contracts; and,
Privileged--Data requiring protection to meet business standards or as required by law.

NOTE: Classified information can only be processed on a stand-alone PC with a removable hard drive. The system can not be tied to the network or any remote devices. Should the information being processed need to be printed, a dedicated printer will also be required.

Protecting Your Access To The LAN

Each user is issued an user ID and an initial password. Your user ID is established by the LAN administrator and will not change. Passwords are used to activate your user ID. For this reason, it is important to establish a password that is not easily compromised and to protect your password at all time. The password issued to you with your new account will expire upon the first login into the network. You will be prompted to create a new password at that time.

You are required to change your password every 90 days. The system will notify you when your password has expired and prompt you for a new password. You may elect not to change your password at that time and proceed to login using your old password. Doing so is called a "Grace Login". Each user is allowed a total of 7 grace logins. After the seventh login you must change your password or your rights as a user will be terminated. The system administrator is the only one who can reactivate your user ID after the final grace login has been used.

Your password must be, at a minimum, six character in length.
Do not use names, words, or dates that pertain to you personally, since these type of passwords are easily compromised.
Do not use repeating letters, or used numbers in succession. It is best to use a combination of both letters and numbers.

Do not share your password with anyone.
Avoid writing your password down and posting it in obvious places (i.e., attaching it to the bottom of the keyboard, on the side of the monitor, or in the Rolodex, under "P" for Password).
Change your password if you suspect that it has been compromised.

To prevent any unauthorized access under your user ID and password, always logout of the network when leaving your workstation and at the end of every business day.

A Note About E-Mail Privacy

ITA has no intention of reading employees' electronic mail out of idle curiosity; However, Government employees should have no expectation of privacy when using the electronic mail system. Although system security measures will protect against casual intrusion, electronic mail is not inherently confidential. System administrators with special access privileges are expressly prohibited from reading the electronic mail of others unless authorized by senior management officials. However, there is no guarantee that technical or administrative problems may not create a situation in which it is necessary for an administrator or system manager to read message text. ITA views electronic mail messages to be government property, and ITA officials may have access to those messages whenever there is a legitimate purpose for such access. Users should consider the electronic mail system as similar to the inter-office mail system.

Please direct questions or comments to Janet Clark, Information Technology Security Officer, Office of Information Resources Mangement, ext. 1489.