NPP Connect Portal
Rules of Behavior
RULES OF BEHAVIOR (ROB) OVERVIEW
The following Rules of Behavior (ROB) apply to all users of NPP Connect Portal systems. Misuse, whether intentional or unintentional, or failure to comply with these rules for
program participants may result in appropriate corrective measures, including but not limited to
verbal or written warnings, revocation of privileges, and/or termination of program participation.
Where such actions appear to be criminal in nature, the matter will be referred to the appropriate jurisdictional authorities for action.
USER RULES OF BEHAVIOR
This section contains the system user ROB for NPP Connect Portal.
- I understand that I am given access to only those systems for which I require access to perform my official duties.
- I will not attempt to access systems I am not authorized to access.
PASSWORDS AND OTHER ACCESS CONTROL MEASURES
- I must protect passwords from disclosure. I must not record passwords on paper or in electronic form unless locked and secured.
- To prevent others from obtaining my password via "shoulder surfing," I must shield my keyboard from view as I enter my password.
- I must not use passwords such as dictionary words, proper nouns, names of any person, pet, child, or fictional character forwards or backwards).
- I must not use a social security number, birth date, phone number, or information about myself that could be easily guessed as a password.
- If compromise of a password is known or suspected, I must promptly change that password and report the incident.
- I must not attempt to bypass access control measures.
- I must not share passwords.
- If passphrases are used in addition to, or instead of, passwords, I must follow the same guidelines for protecting my passphrase.
- My passwords must be at least 8 characters long and must contain uppercase characters, lowercase characters and numbers. My password may also include special characters.
- My passwords must not contain any simple pattern of letters or numbers, such as "qwerty" or "xyz123."
- My passwords must not be any word, noun, or name spelled backwards or appended with a single-digit or with a two-digit "year" string, such as 98xyz123.
- I must restrict disclosure of NPP Connect Portal system information to those who have a business need and are authorized to receive the information.
- I must protect sensitive information from disclosure to unauthorized persons or groups.
- I must take every precaution to prevent unauthorized individuals from observing display output. (Use privacy screens, keep computer screens from facing windows or doors, etc.)
- I must log off or lock my workstation or laptop computer, or I must use a password-protected screensaver, whenever I step away from my work area, even for a short time.
PERSONALLY IDENTIFIABLE INFORMATION (PII) PROTECTION
- I must protect PII in all formats, including oral, paper, and electronic formats.
- I must protect PII against unauthorized access or disclosure by ensuring that only those people who have a clearly demonstrated need to know or use the PII are given access.
- I must secure paper and mobile media with PII in locked a drawer or cabinet.
- I must not leave PII on a desk, printer, fax machine, or copier.
- I must use encryption when sending PII by email.
- I must report immediately upon discovery all potential and actual privacy breaches to the program administrator:
firstname.lastname@example.org, (888) 811-1164