SlideShare a Scribd company logo

Rules of Behavior

Download as DOCX, PDF
GovCloud Network
GovCloud Network

This document provides Rules of Behavior for the internal and external users of the <Information System Name> system. The Rules of Behavior describe security controls associated with user responsibilities and expectations for following security policies. Section 1 provides an overview of Rules of Behavior. Section 2 describes recommended Rules of Behavior for internal users, such as complying with copyright, reporting security incidents, and safeguarding resources. Section 3 describes recommended Rules of Behavior for external users, such as maintaining credential confidentiality, reporting security incidents, and using encryption. Both sections require users to sign acceptance of the Rules of Behavior.

1 of 12
Rules of Behavior <Information System Name>, <Date> Rules of Behavior <Information System Name> <Vendor Name> Version 1.0 May 2, 2012
Rules of Behavior Version 0.1 / Date Table of Contents 1. Overview...........................................................................................................................................................6 2. Rules of Behavior for Internal Users .................................................................................................................7 3. Rules of Behavior for External Users ..............................................................................................................10 Page 2
Rules of Behavior Version 0.1 / Date Document Revision History Date Description Version Author 05/02/2012 Document Publication 1.0 FedRAMP Office Page 3
Rules of Behavior Version 0.1 / Date ABOUT THIS DOCUMENT This document has been developed to provide guidance on how to participate in and understand the FedRAMP program. Who should use this document? This document is intended to be used by Cloud Service Providers (CSPs), Third Party Assessor Organizations (3PAOs), government contractors working on FedRAMP projects, government employees working on FedRAMP projects, and any outside organizations that want to make use of the FedRAMP Contingency Planning process. How this document is organized This document is divided into ten sections. Most sections include subsections. Section 1 describes and overview of the Rules of Behavior. Section 2 describes recommended Rules of Behavior for internal users. Section 3 describes recommended Rules of Behavior for external users. Conventions used in this document This document uses the following typographical conventions: Italic Italics are used for email addresses, security control assignments parameters, and formal document names. Italic blue in a box Italic blue text in a blue box indicates instructions to the individual filling out the template. Instruction: This is an instruction to the individual filling out of the template. Bold Bold text indicates a parameter or an additional requirement. Constant width Constant width text is used for text that is representative of characters that would show up on a computer screen. <Brackets> Bold blue text in brackets indicates text that should be replaced with user-defined values. Once the text has been replaced, the brackets should be removed. Notes Notes are found between parallel lines and include additional information that may be helpful Page 4
Rules of Behavior Version 0.1 / Date to the users of this template. Note: This is a note. Sans Serif Sans Serif text is used for tables, table captions, figure captions, and table of contents. How to contact us If you have questions about FedRAMP or something in this document, please write to: info@fedramp.gov For more information about the FedRAMP project, please see the website at: http://www.fedramp.gov. Page 5
Rules of Behavior Version 0.1 / Date 1. OVERVIEW Rules of Behavior describe security controls associated with user responsibilities and certain expectations of behavior for following security policies, standards, and procedures. Security control PL-4 requires Cloud Service Providers to implement Rules of Behavior. It is often the case that different Rules of Behavior apply to internal and external users. Internal users are employees of your organizations, including contractors. External users are anyone who has access to a system that you own that is not one of your employees or contractors. External users might be customers or partners, or customer prospects that have been issued demo accounts. CSP employees who have access to the <Information System Name> must sign Internal Rules of Behavior. If the CSP provisions accounts for customers, including management accounts, it is the CSP’s responsibility to ensure that whoever the CSP provisions an account to signs an External Rules of Behavior. If the CSP provisions a management account to an individual customer, and then that manager in turn provisions subsequent customer accounts, it is the responsibility of the customer manager to ensure that users that he/she has provisioned sign the CSP provided Rules of Behavior. Ultimately, whoever provisions the account owns the responsibility for getting users to sign the Rules of Behavior for the accounts that they have provisioned. Rules of Behavior may be signed on paper or electronically at first login. Either way, the organization must retain artifacts to enable an independent assessor to verify that Rules of Behavior have been signed for all users. Instruction: A sample set of Rules of Behavior have been provided for both Internal Users and External Users on the pages that follow. The CSP should modify these sets of rules to match the Rules of Behavior that are necessary to secure the system. You do not need to use these exact rules per se – they have been provided as examples. Please keep in mind that certain rules that apply to internal users may not apply to external users and vice versa. Page 6
Rules of Behavior Version 0.1 / Date 2. RULES OF BEHAVIOR FOR INTERNAL USERS You must comply with copyright and site licenses of proprietary software. You must process only data that pertains to official business and is authorized to be processed on the system. You must report all security incidents or suspected incidents to the IT department. You must discontinue use of any system resources that show signs of being infected by a virus or other malware and report the suspected incident. You must challenge unauthorized personnel that appear in your work area. You must use only the data for which you have been granted authorization. You must notify your <Company Name>manager if access to system resources is beyond that which is required to perform your job. You must attend computer security awareness and privacy training as requested by <Company Name>. You must coordinate your user access requirements, and user access parameters, with your <Company Name>manager. You must ensure that access to application-specific sensitive data is based on your job function. You must safeguard resources against waste, loss, abuse, unauthorized users, and misappropriation. You must ensure that access is assigned based on your <Company Name>manager’s approval. You must familiarize yourself with any special requirements for accessing, protecting, and utilizing data, including Privacy Act requirements, copyright requirements, and procurement of sensitive data. You must ensure electronic official records (including attachments) are printed and stored according to <Company Name> policy and standards. You must ensure that sensitive, confidential, and proprietary information sent to a fax or printer is handled in a secure manner, e.g., cover sheet to contain statement that information being faxed is Confidential and Proprietary, For Company Use Only, etc. You must ensure that hard copies of Confidential and Proprietary information is destroyed (after it is no longer needed) commensurate with the sensitivity of the data. You must ensure that Confidential and Proprietary information is protected against unauthorized access using encryption, according to <Company Name> standards, when sending it via electronic means (telecommunications networks, e-mail, and/or facsimile). Page 7
Rules of Behavior Version 0.1 / Date You must not process U.S. classified national security information on any system at <Company Name> for any reason. You must not install <Company Name>unapproved software onto the system. Only <Company Name>designated personnel are authorized to load software. You must not add additional hardware or peripheral devices to the system. Only designated personnel can direct the installation of hardware on the system. You must not reconfigure hardware or software on any <Company Name> systems, networks, or interfaces. You must follow all <Company Name> wireless access policies. You must not retrieve information for someone who does not have authority to access that information. You must not remove computer resources from the facility without prior approval. Resources may only be removed for official use. You must ensure that web browsers check for a publisher’s certificate revocation. You must ensure that web browsers check for server certificate revocation. You must ensure that web browsers check for signatures on downloaded files. You must ensure that web browsers empty/delete temporary Internet files when the browser is closed. You must ensure that web browsers use Secure Socket Layer (SSL) version 3.0 (or higher) and Transport Layer Security (TLS) 1.0 (or higher). SSL and TLS must use a minimum of 128-bit, encryption. You must ensure that web browsers warn about invalid site certificates. You must ensure that web browsers warn if the user is changing between secure and non-secure mode. You must ensure that web browsers warn if forms submittal is being redirected. You must ensure that web browsers do not allow access to data sources across domains. You must ensure that web browsers do not allow the navigation of sub-frames across different domains. You must ensure that web browsers do not allow the submission of non-encrypted critical form data. You must ensure that your <Company Name>Web browser window is closed before navigating to other sites/domains. You must not store customer information on a system that is not owned by <Company Name>. Page 8
Rules of Behavior Version 0.1 / Date You must ensure that sensitive information entered into systems is restricted to team members on a Need-To-Know basis. You understand that any person who obtains information from a computer connected to the Internet in violation of her employer’s computer-use restrictions is in violation of the Computer Fraud and Abuse Act. ACCEPTANCE AND SIGNATURE I have read the above Rules of Behavior for Internal Users for<Company Name> systems and networks. By my electronic acceptance and/or signature below, I acknowledge and agree that my access to all <Company Name> systems and networks is covered by, and subject to, such Rules. Further, I acknowledge and accept that any violation by me of these Rules may subject me to civil and/or criminal actions and that <Company Name> retains the right, at its sole discretion, to terminate, cancel or suspend my access rights to the <Company Name> systems at any time, without notice. User’s Legal Name: _________________________________ (printed) User’s Signature: _________________________________ (signature) Date: _________________________________ Comments here: Page 9
Rules of Behavior Version 0.1 / Date 3. RULES OF BEHAVIOR FOR EXTERNAL USERS You must conduct only authorized business on the system. Your level of access to systems and networks owned by <Company Name> is limited to ensure your access is no more than necessary to perform your legitimate tasks or assigned duties. If you believe you are being granted access that you should not have, you must immediately notify the <Company Name> Operations Center <phone number>. You must maintain the confidentiality of your authentication credentials such as your password. Do not reveal your authentication credentials to anyone; a <Company Name> employee should never ask you to reveal them. You must follow proper logon/logoff procedures. You must manually logon to your session; do not store you password locally on your system or utilize any automated logon capabilities. You must promptly logoff when session access is no longer needed. If a logoff function is unavailable, you must close your browser. Never leave your computer unattended while logged into the system. You must report all security incidents or suspected incidents (e.g., lost passwords, improper or suspicious acts) related to <Company Name> systems and networks to the <Company Name> Operations Center <phone number>. You must not establish any unauthorized interfaces between systems, networks, and applications owned by <Company Name>. Your access to systems and networks owned by <Company Name> is governed by, and subject to, all Federal laws, including, but not limited to, the Privacy Act, 5 U.S.C. 552a, if the applicable <Company Name> system maintains individual Privacy Act information. Your access to <Company Name> systems constitutes your consent to the retrieval and disclosure of the information within the scope of your authorized access, subject to the Privacy Act, and applicable State and Federal laws. You must safeguard system resources against waste, loss, abuse, unauthorized use or disclosure, and misappropriation. You must not process U.S. classified national security information on the system. You must not browse, search or reveal information hosted by <Company Name> except in accordance with that which is required to perform your legitimate tasks or assigned duties. You must not retrieve information, or in any other way disclose information, for someone who does not have authority to access that information. You must ensure that Web browsers use Secure Socket Layer (SSL) version 3.0 (or higher) and Transport Layer Security (TLS) 1.0 (or higher). SSL and TLS must use a minimum of 256-bit, encryption. Page 10
Rules of Behavior Version 0.1 / Date You must ensure that your web browser is configured to warn about invalid site certificates. You must ensure that web browsers warn if the user is changing between secure and non-secure mode. You must ensure that your web browser window used to access systems owned by <Company Name> is closed before navigating to other sites/domains. You must ensure that your web browser checks for a publisher’s certificate revocation. You must ensure that your web browser checks for server certificate revocation. You must ensure that web browser checks for signatures on downloaded files. You must ensure that web browser empties/deletes temporary Internet files when the browser is closed. By your signature or electronic acceptance (such as by clicking an acceptance button on the screen) you must agree to these rules. You understand that any person who obtains information from a computer connected to the Internet in violation of her employer’s computer-use restrictions is in violation of the Computer Fraud and Abuse Act. You agree to contact the <Company Name> Chief Information Security Officer or the <Company Name> Operations Center <phone number> if you do not understand any of these rules. Page 11
Rules of Behavior Version 0.1 / Date ACCEPTANCE AND SIGNATURE I have read the above Rules of Behavior for External Users of <Company Name> systems and networks. By my electronic acceptance and/or signature below, I acknowledge and agree that my access to the <Company Name> systems and networks is covered by, and subject to, such Rules. Further, I acknowledge and accept that any violation by me of these Rules may subject me to civil and/or criminal actions and that <Company Name> retains the right, at its sole discretion, to terminate, cancel or suspend my access rights to the <Company Name> systems at any time, without notice. User’s Legal Name: _________________________________ (printed) User’s Signature: _________________________________ (signature) Date: _________________________________ Comments Here: Page 12

Recommended

E authentication template 050212
E authentication template 050212E authentication template 050212
E authentication template 050212
GovCloud Network
 
Plan of Action and Milestones (POA&M)
Plan of Action and Milestones (POA&M)Plan of Action and Milestones (POA&M)
Plan of Action and Milestones (POA&M)
GovCloud Network
 
Control Implementation Summary (CIS) Template
Control Implementation Summary (CIS) TemplateControl Implementation Summary (CIS) Template
Control Implementation Summary (CIS) Template
GovCloud Network
 
DHS 4300A Sensitive System Handbook Attachment E
DHS 4300A Sensitive System Handbook Attachment EDHS 4300A Sensitive System Handbook Attachment E
DHS 4300A Sensitive System Handbook Attachment E
David Sweigert
 
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
James W. De Rienzo
 
Resouce management system1
Resouce management system1Resouce management system1
Resouce management system1
Guni Sonow
 
Ch15-Software Engineering 9
Ch15-Software Engineering 9Ch15-Software Engineering 9
Ch15-Software Engineering 9
Ian Sommerville
 
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
IJERA Editor
 

Recommended

E authentication template 050212
E authentication template 050212E authentication template 050212
E authentication template 050212
GovCloud Network
 
Plan of Action and Milestones (POA&M)
Plan of Action and Milestones (POA&M)Plan of Action and Milestones (POA&M)
Plan of Action and Milestones (POA&M)
GovCloud Network
 
Control Implementation Summary (CIS) Template
Control Implementation Summary (CIS) TemplateControl Implementation Summary (CIS) Template
Control Implementation Summary (CIS) Template
GovCloud Network
 
DHS 4300A Sensitive System Handbook Attachment E
DHS 4300A Sensitive System Handbook Attachment EDHS 4300A Sensitive System Handbook Attachment E
DHS 4300A Sensitive System Handbook Attachment E
David Sweigert
 
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
James W. De Rienzo
 
Resouce management system1
Resouce management system1Resouce management system1
Resouce management system1
Guni Sonow
 
Ch15-Software Engineering 9
Ch15-Software Engineering 9Ch15-Software Engineering 9
Ch15-Software Engineering 9
Ian Sommerville
 
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
IJERA Editor
 
Microservices
MicroservicesMicroservices
Microservices
Rajesh Kumar
 
Ch4
Ch4Ch4
Ch4
Ahmed Alaaeldin
 
Ch4-Software Engineering 9
Ch4-Software Engineering 9Ch4-Software Engineering 9
Ch4-Software Engineering 9
Ian Sommerville
 
Ch11-Software Engineering 9
Ch11-Software Engineering 9Ch11-Software Engineering 9
Ch11-Software Engineering 9
Ian Sommerville
 
Ch12-Software Engineering 9
Ch12-Software Engineering 9Ch12-Software Engineering 9
Ch12-Software Engineering 9
Ian Sommerville
 
Software Requirement Specification
Software Requirement SpecificationSoftware Requirement Specification
Software Requirement Specification
Dr Sukhpal Singh Gill
 
Engineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacyEngineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacy
software-engineering-book
 
Online auction system srs riport
Online auction system srs riportOnline auction system srs riport
Online auction system srs riport
Dilip Prajapati
 
Ch20-Software Engineering 9
Ch20-Software Engineering 9Ch20-Software Engineering 9
Ch20-Software Engineering 9
Ian Sommerville
 
Ch20 systems of systems
Ch20 systems of systemsCh20 systems of systems
Ch20 systems of systems
software-engineering-book
 
Enterprise Broadband Business Appications
Enterprise Broadband Business AppicationsEnterprise Broadband Business Appications
Enterprise Broadband Business Appications
Infosys
 
Ch10 dependable systems
Ch10 dependable systemsCh10 dependable systems
Ch10 dependable systems
software-engineering-book
 
Ch12 safety engineering
Ch12 safety engineeringCh12 safety engineering
Ch12 safety engineering
software-engineering-book
 
Ch13 security engineering
Ch13 security engineeringCh13 security engineering
Ch13 security engineering
software-engineering-book
 
Ch9 evolution
Ch9 evolutionCh9 evolution
Ch9 evolution
software-engineering-book
 
Ch18-Software Engineering 9
Ch18-Software Engineering 9Ch18-Software Engineering 9
Ch18-Software Engineering 9
Ian Sommerville
 
Ch14 resilience engineering
Ch14 resilience engineeringCh14 resilience engineering
Ch14 resilience engineering
software-engineering-book
 
Ch19 systems engineering
Ch19 systems engineeringCh19 systems engineering
Ch19 systems engineering
software-engineering-book
 
Management in healthcare
Management in healthcareManagement in healthcare
Management in healthcare
Other Mother
 
Security Assessment Plan (Template)
Security Assessment Plan (Template)Security Assessment Plan (Template)
Security Assessment Plan (Template)
GovCloud Network
 
Sample Incident Response Plan
Sample Incident Response PlanSample Incident Response Plan
Sample Incident Response Plan
Matthew J McMahon
 
What's New In CompTIA Security+ - Course Technology Computing Conference
What's New In CompTIA Security+ - Course Technology Computing ConferenceWhat's New In CompTIA Security+ - Course Technology Computing Conference
What's New In CompTIA Security+ - Course Technology Computing Conference
Cengage Learning
 

More Related Content

What's hot

Microservices
MicroservicesMicroservices
Microservices
Rajesh Kumar
 
Ch4
Ch4Ch4
Ch4
Ahmed Alaaeldin
 
Ch4-Software Engineering 9
Ch4-Software Engineering 9Ch4-Software Engineering 9
Ch4-Software Engineering 9
Ian Sommerville
 
Ch11-Software Engineering 9
Ch11-Software Engineering 9Ch11-Software Engineering 9
Ch11-Software Engineering 9
Ian Sommerville
 
Ch12-Software Engineering 9
Ch12-Software Engineering 9Ch12-Software Engineering 9
Ch12-Software Engineering 9
Ian Sommerville
 
Software Requirement Specification
Software Requirement SpecificationSoftware Requirement Specification
Software Requirement Specification
Dr Sukhpal Singh Gill
 
Engineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacyEngineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacy
software-engineering-book
 
Online auction system srs riport
Online auction system srs riportOnline auction system srs riport
Online auction system srs riport
Dilip Prajapati
 
Ch20-Software Engineering 9
Ch20-Software Engineering 9Ch20-Software Engineering 9
Ch20-Software Engineering 9
Ian Sommerville
 
Ch20 systems of systems
Ch20 systems of systemsCh20 systems of systems
Ch20 systems of systems
software-engineering-book
 
Enterprise Broadband Business Appications
Enterprise Broadband Business AppicationsEnterprise Broadband Business Appications
Enterprise Broadband Business Appications
Infosys
 
Ch10 dependable systems
Ch10 dependable systemsCh10 dependable systems
Ch10 dependable systems
software-engineering-book
 
Ch12 safety engineering
Ch12 safety engineeringCh12 safety engineering
Ch12 safety engineering
software-engineering-book
 
Ch13 security engineering
Ch13 security engineeringCh13 security engineering
Ch13 security engineering
software-engineering-book
 
Ch9 evolution
Ch9 evolutionCh9 evolution
Ch9 evolution
software-engineering-book
 
Ch18-Software Engineering 9
Ch18-Software Engineering 9Ch18-Software Engineering 9
Ch18-Software Engineering 9
Ian Sommerville
 
Ch14 resilience engineering
Ch14 resilience engineeringCh14 resilience engineering
Ch14 resilience engineering
software-engineering-book
 
Ch19 systems engineering
Ch19 systems engineeringCh19 systems engineering
Ch19 systems engineering
software-engineering-book
 

What's hot (18)

Microservices
MicroservicesMicroservices
Microservices
 
Ch4
Ch4Ch4
Ch4
 
Ch4-Software Engineering 9
Ch4-Software Engineering 9Ch4-Software Engineering 9
Ch4-Software Engineering 9
 
Ch11-Software Engineering 9
Ch11-Software Engineering 9Ch11-Software Engineering 9
Ch11-Software Engineering 9
 
Ch12-Software Engineering 9
Ch12-Software Engineering 9Ch12-Software Engineering 9
Ch12-Software Engineering 9
 
Software Requirement Specification
Software Requirement SpecificationSoftware Requirement Specification
Software Requirement Specification
 
Engineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacyEngineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacy
 
Online auction system srs riport
Online auction system srs riportOnline auction system srs riport
Online auction system srs riport
 
Ch20-Software Engineering 9
Ch20-Software Engineering 9Ch20-Software Engineering 9
Ch20-Software Engineering 9
 
Ch20 systems of systems
Ch20 systems of systemsCh20 systems of systems
Ch20 systems of systems
 
Enterprise Broadband Business Appications
Enterprise Broadband Business AppicationsEnterprise Broadband Business Appications
Enterprise Broadband Business Appications
 
Ch10 dependable systems
Ch10 dependable systemsCh10 dependable systems
Ch10 dependable systems
 
Ch12 safety engineering
Ch12 safety engineeringCh12 safety engineering
Ch12 safety engineering
 
Ch13 security engineering
Ch13 security engineeringCh13 security engineering
Ch13 security engineering
 
Ch9 evolution
Ch9 evolutionCh9 evolution
Ch9 evolution
 
Ch18-Software Engineering 9
Ch18-Software Engineering 9Ch18-Software Engineering 9
Ch18-Software Engineering 9
 
Ch14 resilience engineering
Ch14 resilience engineeringCh14 resilience engineering
Ch14 resilience engineering
 
Ch19 systems engineering
Ch19 systems engineeringCh19 systems engineering
Ch19 systems engineering
 

Viewers also liked

Management in healthcare
Management in healthcareManagement in healthcare
Management in healthcare
Other Mother
 
Security Assessment Plan (Template)
Security Assessment Plan (Template)Security Assessment Plan (Template)
Security Assessment Plan (Template)
GovCloud Network
 
Sample Incident Response Plan
Sample Incident Response PlanSample Incident Response Plan
Sample Incident Response Plan
Matthew J McMahon
 
What's New In CompTIA Security+ - Course Technology Computing Conference
What's New In CompTIA Security+ - Course Technology Computing ConferenceWhat's New In CompTIA Security+ - Course Technology Computing Conference
What's New In CompTIA Security+ - Course Technology Computing Conference
Cengage Learning
 
Cloud application architecture with sql azure and windows azure
Cloud application architecture with sql azure and windows azureCloud application architecture with sql azure and windows azure
Cloud application architecture with sql azure and windows azure
Eduardo Castro
 
research paper 2012
research paper 2012research paper 2012
research paper 2012
Samara Heller
 
Writing a Zoom Introduction
Writing a Zoom IntroductionWriting a Zoom Introduction
Writing a Zoom Introduction
Angela Astuto
 
Temario taller 4
Temario taller 4Temario taller 4
Temario taller 4
Martín Ortiz
 
E-Signature in Document Management - Megan Smale
E-Signature in Document Management - Megan SmaleE-Signature in Document Management - Megan Smale
E-Signature in Document Management - Megan Smale
Joshua Tree Internet Media, LLC
 
Creating Email Campaigns that Work: A Focus on Design Elements
Creating Email Campaigns that Work: A Focus on Design ElementsCreating Email Campaigns that Work: A Focus on Design Elements
Creating Email Campaigns that Work: A Focus on Design Elements
Email on Acid
 
MCH Curricula: Strategies for Developing Materials_Hanold_5.11.11
MCH Curricula: Strategies for Developing Materials_Hanold_5.11.11MCH Curricula: Strategies for Developing Materials_Hanold_5.11.11
MCH Curricula: Strategies for Developing Materials_Hanold_5.11.11
CORE Group
 
Chistesvarios6
Chistesvarios6Chistesvarios6
Chistesvarios6
josemorales
 
Natureza Maravilhosa
Natureza MaravilhosaNatureza Maravilhosa
Natureza MaravilhosaAnjovison .
 
Understanding the Essential Nutrition Actions Framework_Jennifer Nielsen_5.5.14
Understanding the Essential Nutrition Actions Framework_Jennifer Nielsen_5.5.14Understanding the Essential Nutrition Actions Framework_Jennifer Nielsen_5.5.14
Understanding the Essential Nutrition Actions Framework_Jennifer Nielsen_5.5.14
CORE Group
 
Moje poczatki-w-programie-partnerskim darmowy ebook pdf
Moje poczatki-w-programie-partnerskim darmowy ebook pdfMoje poczatki-w-programie-partnerskim darmowy ebook pdf
Moje poczatki-w-programie-partnerskim darmowy ebook pdf
mazur16111
 

Viewers also liked (17)

Management in healthcare
Management in healthcareManagement in healthcare
Management in healthcare
 
Security Assessment Plan (Template)
Security Assessment Plan (Template)Security Assessment Plan (Template)
Security Assessment Plan (Template)
 
Sample Incident Response Plan
Sample Incident Response PlanSample Incident Response Plan
Sample Incident Response Plan
 
What's New In CompTIA Security+ - Course Technology Computing Conference
What's New In CompTIA Security+ - Course Technology Computing ConferenceWhat's New In CompTIA Security+ - Course Technology Computing Conference
What's New In CompTIA Security+ - Course Technology Computing Conference
 
Cloud application architecture with sql azure and windows azure
Cloud application architecture with sql azure and windows azureCloud application architecture with sql azure and windows azure
Cloud application architecture with sql azure and windows azure
 
research paper 2012
research paper 2012research paper 2012
research paper 2012
 
Writing a Zoom Introduction
Writing a Zoom IntroductionWriting a Zoom Introduction
Writing a Zoom Introduction
 
Temario taller 4
Temario taller 4Temario taller 4
Temario taller 4
 
Nice Hawaii
Nice HawaiiNice Hawaii
Nice Hawaii
 
E-Signature in Document Management - Megan Smale
E-Signature in Document Management - Megan SmaleE-Signature in Document Management - Megan Smale
E-Signature in Document Management - Megan Smale
 
Gold, серебро
Gold, сереброGold, серебро
Gold, серебро
 
Creating Email Campaigns that Work: A Focus on Design Elements
Creating Email Campaigns that Work: A Focus on Design ElementsCreating Email Campaigns that Work: A Focus on Design Elements
Creating Email Campaigns that Work: A Focus on Design Elements
 
MCH Curricula: Strategies for Developing Materials_Hanold_5.11.11
MCH Curricula: Strategies for Developing Materials_Hanold_5.11.11MCH Curricula: Strategies for Developing Materials_Hanold_5.11.11
MCH Curricula: Strategies for Developing Materials_Hanold_5.11.11
 
Chistesvarios6
Chistesvarios6Chistesvarios6
Chistesvarios6
 
Natureza Maravilhosa
Natureza MaravilhosaNatureza Maravilhosa
Natureza Maravilhosa
 
Understanding the Essential Nutrition Actions Framework_Jennifer Nielsen_5.5.14
Understanding the Essential Nutrition Actions Framework_Jennifer Nielsen_5.5.14Understanding the Essential Nutrition Actions Framework_Jennifer Nielsen_5.5.14
Understanding the Essential Nutrition Actions Framework_Jennifer Nielsen_5.5.14
 
Moje poczatki-w-programie-partnerskim darmowy ebook pdf
Moje poczatki-w-programie-partnerskim darmowy ebook pdfMoje poczatki-w-programie-partnerskim darmowy ebook pdf
Moje poczatki-w-programie-partnerskim darmowy ebook pdf
 

Similar to Rules of Behavior

Acceptable Use Policy
Acceptable Use PolicyAcceptable Use Policy
Acceptable Use Policy
Chase Hubbard
 
Consensus Policy Resource CommunityRemote Access Polic
Consensus Policy Resource CommunityRemote Access PolicConsensus Policy Resource CommunityRemote Access Polic
Consensus Policy Resource CommunityRemote Access Polic
AlleneMcclendon878
 
Consensus policy resource community remote access polic
Consensus policy resource community remote access policConsensus policy resource community remote access polic
Consensus policy resource community remote access polic
ARIV4
 
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docxSample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
todd331
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
phanleson
 
201810003 201750007project report
201810003 201750007project report201810003 201750007project report
201810003 201750007project report
ssuser219889
 
Internet usage policy(1)
Internet usage policy(1)Internet usage policy(1)
Internet usage policy(1)
scobycakau
 
INTRODUCTION to software engineering requirements specifications
INTRODUCTION to software engineering requirements specificationsINTRODUCTION to software engineering requirements specifications
INTRODUCTION to software engineering requirements specifications
kylan2
 
Medical facility network design
Medical facility network designMedical facility network design
Medical facility network design
nephtalie
 
software requirements specification template
software requirements specification templatesoftware requirements specification template
software requirements specification template
Azimiddin Rakhmatov
 
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docxWorksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
griffinruthie22
 
Capstone Finished
Capstone FinishedCapstone Finished
Capstone Finished
Kapricia Morris
 
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docxWeek 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
cockekeshia
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)
MHumaamAl
 
Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docx
dewhirstichabod
 
Stock Maintenance System-Problem Statement, SRS, ERD, DFD, Structured Chart
Stock Maintenance System-Problem Statement, SRS, ERD, DFD, Structured ChartStock Maintenance System-Problem Statement, SRS, ERD, DFD, Structured Chart
Stock Maintenance System-Problem Statement, SRS, ERD, DFD, Structured Chart
grandhiprasuna
 
Software engg unit 2
Software engg unit 2 Software engg unit 2
Software engg unit 2
Vivek Kumar Sinha
 
Privacy Threshold Analysis
Privacy Threshold AnalysisPrivacy Threshold Analysis
Privacy Threshold Analysis
GovCloud Network
 
Network Security Policies
Network Security PoliciesNetwork Security Policies
Network Security Policies
Aamir Sohail
 
Luis Perez ITS written report
Luis Perez ITS written reportLuis Perez ITS written report
Luis Perez ITS written report
Luis Perez
 

Similar to Rules of Behavior (20)

Acceptable Use Policy
Acceptable Use PolicyAcceptable Use Policy
Acceptable Use Policy
 
Consensus Policy Resource CommunityRemote Access Polic
Consensus Policy Resource CommunityRemote Access PolicConsensus Policy Resource CommunityRemote Access Polic
Consensus Policy Resource CommunityRemote Access Polic
 
Consensus policy resource community remote access polic
Consensus policy resource community remote access policConsensus policy resource community remote access polic
Consensus policy resource community remote access polic
 
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docxSample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
 
201810003 201750007project report
201810003 201750007project report201810003 201750007project report
201810003 201750007project report
 
Internet usage policy(1)
Internet usage policy(1)Internet usage policy(1)
Internet usage policy(1)
 
INTRODUCTION to software engineering requirements specifications
INTRODUCTION to software engineering requirements specificationsINTRODUCTION to software engineering requirements specifications
INTRODUCTION to software engineering requirements specifications
 
Medical facility network design
Medical facility network designMedical facility network design
Medical facility network design
 
software requirements specification template
software requirements specification templatesoftware requirements specification template
software requirements specification template
 
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docxWorksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
 
Capstone Finished
Capstone FinishedCapstone Finished
Capstone Finished
 
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docxWeek 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)
 
Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docx
 
Stock Maintenance System-Problem Statement, SRS, ERD, DFD, Structured Chart
Stock Maintenance System-Problem Statement, SRS, ERD, DFD, Structured ChartStock Maintenance System-Problem Statement, SRS, ERD, DFD, Structured Chart
Stock Maintenance System-Problem Statement, SRS, ERD, DFD, Structured Chart
 
Software engg unit 2
Software engg unit 2 Software engg unit 2
Software engg unit 2
 
Privacy Threshold Analysis
Privacy Threshold AnalysisPrivacy Threshold Analysis
Privacy Threshold Analysis
 
Network Security Policies
Network Security PoliciesNetwork Security Policies
Network Security Policies
 
Luis Perez ITS written report
Luis Perez ITS written reportLuis Perez ITS written report
Luis Perez ITS written report
 

More from GovCloud Network

IaaS Price performance-benchmark
IaaS Price performance-benchmarkIaaS Price performance-benchmark
IaaS Price performance-benchmark
GovCloud Network
 
Cloud computing training what's right for me
Cloud computing training what's right for meCloud computing training what's right for me
Cloud computing training what's right for me
GovCloud Network
 
ViON Corporation: Surviving IT Change
ViON Corporation: Surviving IT ChangeViON Corporation: Surviving IT Change
ViON Corporation: Surviving IT Change
GovCloud Network
 
Staying Safe in Cyberspace
Staying Safe in CyberspaceStaying Safe in Cyberspace
Staying Safe in Cyberspace
GovCloud Network
 
Vets 360 Services - Military Dedication - Corporate Success
Vets 360 Services - Military Dedication - Corporate SuccessVets 360 Services - Military Dedication - Corporate Success
Vets 360 Services - Military Dedication - Corporate Success
GovCloud Network
 
GovCloud Network LLC Overview - June 25, 2014
GovCloud Network LLC Overview - June 25, 2014GovCloud Network LLC Overview - June 25, 2014
GovCloud Network LLC Overview - June 25, 2014
GovCloud Network
 
Army PEO EIS Cloud Architecture
Army PEO EIS Cloud Architecture Army PEO EIS Cloud Architecture
Army PEO EIS Cloud Architecture
GovCloud Network
 
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin JacksonICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
GovCloud Network
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
GovCloud Network
 
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
GovCloud Network
 
Agile Cloud Conference 2 Introduction - John Brennan
Agile Cloud Conference 2 Introduction - John BrennanAgile Cloud Conference 2 Introduction - John Brennan
Agile Cloud Conference 2 Introduction - John Brennan
GovCloud Network
 
DoD Business Capability Lifecycle (BCL) Guide (Draft)
DoD Business Capability Lifecycle (BCL) Guide (Draft)DoD Business Capability Lifecycle (BCL) Guide (Draft)
DoD Business Capability Lifecycle (BCL) Guide (Draft)
GovCloud Network
 
GovCloud Network Overview Presentation
GovCloud Network Overview PresentationGovCloud Network Overview Presentation
GovCloud Network Overview Presentation
GovCloud Network
 
PM ISE Information Interoperability Presentation -agile sourcing brief
PM ISE Information Interoperability Presentation -agile sourcing briefPM ISE Information Interoperability Presentation -agile sourcing brief
PM ISE Information Interoperability Presentation -agile sourcing brief
GovCloud Network
 
Intrusion Detection on Public IaaS - Kevin L. Jackson
Intrusion Detection on Public IaaS - Kevin L. JacksonIntrusion Detection on Public IaaS - Kevin L. Jackson
Intrusion Detection on Public IaaS - Kevin L. Jackson
GovCloud Network
 
A Framework for Cloud Computing Adoption in South African Government
A Framework for Cloud Computing Adoption in South African GovernmentA Framework for Cloud Computing Adoption in South African Government
A Framework for Cloud Computing Adoption in South African Government
GovCloud Network
 
NCOIC GCC OWS-10 presentation 10 7 2013
NCOIC GCC OWS-10 presentation 10 7 2013NCOIC GCC OWS-10 presentation 10 7 2013
NCOIC GCC OWS-10 presentation 10 7 2013
GovCloud Network
 
Tech gate kevin l jackson - 09-21-2013
Tech gate kevin l jackson - 09-21-2013Tech gate kevin l jackson - 09-21-2013
Tech gate kevin l jackson - 09-21-2013
GovCloud Network
 
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
GovCloud Network
 
Government cloud deployment lessons learned final (4 4 2013)
Government cloud deployment lessons learned final (4 4 2013)Government cloud deployment lessons learned final (4 4 2013)
Government cloud deployment lessons learned final (4 4 2013)
GovCloud Network
 

More from GovCloud Network (20)

IaaS Price performance-benchmark
IaaS Price performance-benchmarkIaaS Price performance-benchmark
IaaS Price performance-benchmark
 
Cloud computing training what's right for me
Cloud computing training what's right for meCloud computing training what's right for me
Cloud computing training what's right for me
 
ViON Corporation: Surviving IT Change
ViON Corporation: Surviving IT ChangeViON Corporation: Surviving IT Change
ViON Corporation: Surviving IT Change
 
Staying Safe in Cyberspace
Staying Safe in CyberspaceStaying Safe in Cyberspace
Staying Safe in Cyberspace
 
Vets 360 Services - Military Dedication - Corporate Success
Vets 360 Services - Military Dedication - Corporate SuccessVets 360 Services - Military Dedication - Corporate Success
Vets 360 Services - Military Dedication - Corporate Success
 
GovCloud Network LLC Overview - June 25, 2014
GovCloud Network LLC Overview - June 25, 2014GovCloud Network LLC Overview - June 25, 2014
GovCloud Network LLC Overview - June 25, 2014
 
Army PEO EIS Cloud Architecture
Army PEO EIS Cloud Architecture Army PEO EIS Cloud Architecture
Army PEO EIS Cloud Architecture
 
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin JacksonICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
ICH Agile Cloud Session 1-Highlights /Prospective Svc Offerings Kevin Jackson
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
 
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
@AgileCLoud_ICH Presentation - 20140521 US Navy OPNAV - Capt Christopher Page
 
Agile Cloud Conference 2 Introduction - John Brennan
Agile Cloud Conference 2 Introduction - John BrennanAgile Cloud Conference 2 Introduction - John Brennan
Agile Cloud Conference 2 Introduction - John Brennan
 
DoD Business Capability Lifecycle (BCL) Guide (Draft)
DoD Business Capability Lifecycle (BCL) Guide (Draft)DoD Business Capability Lifecycle (BCL) Guide (Draft)
DoD Business Capability Lifecycle (BCL) Guide (Draft)
 
GovCloud Network Overview Presentation
GovCloud Network Overview PresentationGovCloud Network Overview Presentation
GovCloud Network Overview Presentation
 
PM ISE Information Interoperability Presentation -agile sourcing brief
PM ISE Information Interoperability Presentation -agile sourcing briefPM ISE Information Interoperability Presentation -agile sourcing brief
PM ISE Information Interoperability Presentation -agile sourcing brief
 
Intrusion Detection on Public IaaS - Kevin L. Jackson
Intrusion Detection on Public IaaS - Kevin L. JacksonIntrusion Detection on Public IaaS - Kevin L. Jackson
Intrusion Detection on Public IaaS - Kevin L. Jackson
 
A Framework for Cloud Computing Adoption in South African Government
A Framework for Cloud Computing Adoption in South African GovernmentA Framework for Cloud Computing Adoption in South African Government
A Framework for Cloud Computing Adoption in South African Government
 
NCOIC GCC OWS-10 presentation 10 7 2013
NCOIC GCC OWS-10 presentation 10 7 2013NCOIC GCC OWS-10 presentation 10 7 2013
NCOIC GCC OWS-10 presentation 10 7 2013
 
Tech gate kevin l jackson - 09-21-2013
Tech gate kevin l jackson - 09-21-2013Tech gate kevin l jackson - 09-21-2013
Tech gate kevin l jackson - 09-21-2013
 
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
Paving the Way to the Cloud: Cloud Services Brokerage for Highly Secure, Dem...
 
Government cloud deployment lessons learned final (4 4 2013)
Government cloud deployment lessons learned final (4 4 2013)Government cloud deployment lessons learned final (4 4 2013)
Government cloud deployment lessons learned final (4 4 2013)
 

Recently uploaded

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 

Recently uploaded (20)

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 

Rules of Behavior

  • 1. Rules of Behavior <Information System Name>, <Date> Rules of Behavior <Information System Name> <Vendor Name> Version 1.0 May 2, 2012
  • 2. Rules of Behavior Version 0.1 / Date Table of Contents 1. Overview...........................................................................................................................................................6 2. Rules of Behavior for Internal Users .................................................................................................................7 3. Rules of Behavior for External Users ..............................................................................................................10 Page 2
  • 3. Rules of Behavior Version 0.1 / Date Document Revision History Date Description Version Author 05/02/2012 Document Publication 1.0 FedRAMP Office Page 3
  • 4. Rules of Behavior Version 0.1 / Date ABOUT THIS DOCUMENT This document has been developed to provide guidance on how to participate in and understand the FedRAMP program. Who should use this document? This document is intended to be used by Cloud Service Providers (CSPs), Third Party Assessor Organizations (3PAOs), government contractors working on FedRAMP projects, government employees working on FedRAMP projects, and any outside organizations that want to make use of the FedRAMP Contingency Planning process. How this document is organized This document is divided into ten sections. Most sections include subsections. Section 1 describes and overview of the Rules of Behavior. Section 2 describes recommended Rules of Behavior for internal users. Section 3 describes recommended Rules of Behavior for external users. Conventions used in this document This document uses the following typographical conventions: Italic Italics are used for email addresses, security control assignments parameters, and formal document names. Italic blue in a box Italic blue text in a blue box indicates instructions to the individual filling out the template. Instruction: This is an instruction to the individual filling out of the template. Bold Bold text indicates a parameter or an additional requirement. Constant width Constant width text is used for text that is representative of characters that would show up on a computer screen. <Brackets> Bold blue text in brackets indicates text that should be replaced with user-defined values. Once the text has been replaced, the brackets should be removed. Notes Notes are found between parallel lines and include additional information that may be helpful Page 4
  • 5. Rules of Behavior Version 0.1 / Date to the users of this template. Note: This is a note. Sans Serif Sans Serif text is used for tables, table captions, figure captions, and table of contents. How to contact us If you have questions about FedRAMP or something in this document, please write to: info@fedramp.gov For more information about the FedRAMP project, please see the website at: http://www.fedramp.gov. Page 5
  • 6. Rules of Behavior Version 0.1 / Date 1. OVERVIEW Rules of Behavior describe security controls associated with user responsibilities and certain expectations of behavior for following security policies, standards, and procedures. Security control PL-4 requires Cloud Service Providers to implement Rules of Behavior. It is often the case that different Rules of Behavior apply to internal and external users. Internal users are employees of your organizations, including contractors. External users are anyone who has access to a system that you own that is not one of your employees or contractors. External users might be customers or partners, or customer prospects that have been issued demo accounts. CSP employees who have access to the <Information System Name> must sign Internal Rules of Behavior. If the CSP provisions accounts for customers, including management accounts, it is the CSP’s responsibility to ensure that whoever the CSP provisions an account to signs an External Rules of Behavior. If the CSP provisions a management account to an individual customer, and then that manager in turn provisions subsequent customer accounts, it is the responsibility of the customer manager to ensure that users that he/she has provisioned sign the CSP provided Rules of Behavior. Ultimately, whoever provisions the account owns the responsibility for getting users to sign the Rules of Behavior for the accounts that they have provisioned. Rules of Behavior may be signed on paper or electronically at first login. Either way, the organization must retain artifacts to enable an independent assessor to verify that Rules of Behavior have been signed for all users. Instruction: A sample set of Rules of Behavior have been provided for both Internal Users and External Users on the pages that follow. The CSP should modify these sets of rules to match the Rules of Behavior that are necessary to secure the system. You do not need to use these exact rules per se – they have been provided as examples. Please keep in mind that certain rules that apply to internal users may not apply to external users and vice versa. Page 6
  • 7. Rules of Behavior Version 0.1 / Date 2. RULES OF BEHAVIOR FOR INTERNAL USERS You must comply with copyright and site licenses of proprietary software. You must process only data that pertains to official business and is authorized to be processed on the system. You must report all security incidents or suspected incidents to the IT department. You must discontinue use of any system resources that show signs of being infected by a virus or other malware and report the suspected incident. You must challenge unauthorized personnel that appear in your work area. You must use only the data for which you have been granted authorization. You must notify your <Company Name>manager if access to system resources is beyond that which is required to perform your job. You must attend computer security awareness and privacy training as requested by <Company Name>. You must coordinate your user access requirements, and user access parameters, with your <Company Name>manager. You must ensure that access to application-specific sensitive data is based on your job function. You must safeguard resources against waste, loss, abuse, unauthorized users, and misappropriation. You must ensure that access is assigned based on your <Company Name>manager’s approval. You must familiarize yourself with any special requirements for accessing, protecting, and utilizing data, including Privacy Act requirements, copyright requirements, and procurement of sensitive data. You must ensure electronic official records (including attachments) are printed and stored according to <Company Name> policy and standards. You must ensure that sensitive, confidential, and proprietary information sent to a fax or printer is handled in a secure manner, e.g., cover sheet to contain statement that information being faxed is Confidential and Proprietary, For Company Use Only, etc. You must ensure that hard copies of Confidential and Proprietary information is destroyed (after it is no longer needed) commensurate with the sensitivity of the data. You must ensure that Confidential and Proprietary information is protected against unauthorized access using encryption, according to <Company Name> standards, when sending it via electronic means (telecommunications networks, e-mail, and/or facsimile). Page 7
  • 8. Rules of Behavior Version 0.1 / Date You must not process U.S. classified national security information on any system at <Company Name> for any reason. You must not install <Company Name>unapproved software onto the system. Only <Company Name>designated personnel are authorized to load software. You must not add additional hardware or peripheral devices to the system. Only designated personnel can direct the installation of hardware on the system. You must not reconfigure hardware or software on any <Company Name> systems, networks, or interfaces. You must follow all <Company Name> wireless access policies. You must not retrieve information for someone who does not have authority to access that information. You must not remove computer resources from the facility without prior approval. Resources may only be removed for official use. You must ensure that web browsers check for a publisher’s certificate revocation. You must ensure that web browsers check for server certificate revocation. You must ensure that web browsers check for signatures on downloaded files. You must ensure that web browsers empty/delete temporary Internet files when the browser is closed. You must ensure that web browsers use Secure Socket Layer (SSL) version 3.0 (or higher) and Transport Layer Security (TLS) 1.0 (or higher). SSL and TLS must use a minimum of 128-bit, encryption. You must ensure that web browsers warn about invalid site certificates. You must ensure that web browsers warn if the user is changing between secure and non-secure mode. You must ensure that web browsers warn if forms submittal is being redirected. You must ensure that web browsers do not allow access to data sources across domains. You must ensure that web browsers do not allow the navigation of sub-frames across different domains. You must ensure that web browsers do not allow the submission of non-encrypted critical form data. You must ensure that your <Company Name>Web browser window is closed before navigating to other sites/domains. You must not store customer information on a system that is not owned by <Company Name>. Page 8
  • 9. Rules of Behavior Version 0.1 / Date You must ensure that sensitive information entered into systems is restricted to team members on a Need-To-Know basis. You understand that any person who obtains information from a computer connected to the Internet in violation of her employer’s computer-use restrictions is in violation of the Computer Fraud and Abuse Act. ACCEPTANCE AND SIGNATURE I have read the above Rules of Behavior for Internal Users for<Company Name> systems and networks. By my electronic acceptance and/or signature below, I acknowledge and agree that my access to all <Company Name> systems and networks is covered by, and subject to, such Rules. Further, I acknowledge and accept that any violation by me of these Rules may subject me to civil and/or criminal actions and that <Company Name> retains the right, at its sole discretion, to terminate, cancel or suspend my access rights to the <Company Name> systems at any time, without notice. User’s Legal Name: _________________________________ (printed) User’s Signature: _________________________________ (signature) Date: _________________________________ Comments here: Page 9
  • 10. Rules of Behavior Version 0.1 / Date 3. RULES OF BEHAVIOR FOR EXTERNAL USERS You must conduct only authorized business on the system. Your level of access to systems and networks owned by <Company Name> is limited to ensure your access is no more than necessary to perform your legitimate tasks or assigned duties. If you believe you are being granted access that you should not have, you must immediately notify the <Company Name> Operations Center <phone number>. You must maintain the confidentiality of your authentication credentials such as your password. Do not reveal your authentication credentials to anyone; a <Company Name> employee should never ask you to reveal them. You must follow proper logon/logoff procedures. You must manually logon to your session; do not store you password locally on your system or utilize any automated logon capabilities. You must promptly logoff when session access is no longer needed. If a logoff function is unavailable, you must close your browser. Never leave your computer unattended while logged into the system. You must report all security incidents or suspected incidents (e.g., lost passwords, improper or suspicious acts) related to <Company Name> systems and networks to the <Company Name> Operations Center <phone number>. You must not establish any unauthorized interfaces between systems, networks, and applications owned by <Company Name>. Your access to systems and networks owned by <Company Name> is governed by, and subject to, all Federal laws, including, but not limited to, the Privacy Act, 5 U.S.C. 552a, if the applicable <Company Name> system maintains individual Privacy Act information. Your access to <Company Name> systems constitutes your consent to the retrieval and disclosure of the information within the scope of your authorized access, subject to the Privacy Act, and applicable State and Federal laws. You must safeguard system resources against waste, loss, abuse, unauthorized use or disclosure, and misappropriation. You must not process U.S. classified national security information on the system. You must not browse, search or reveal information hosted by <Company Name> except in accordance with that which is required to perform your legitimate tasks or assigned duties. You must not retrieve information, or in any other way disclose information, for someone who does not have authority to access that information. You must ensure that Web browsers use Secure Socket Layer (SSL) version 3.0 (or higher) and Transport Layer Security (TLS) 1.0 (or higher). SSL and TLS must use a minimum of 256-bit, encryption. Page 10
  • 11. Rules of Behavior Version 0.1 / Date You must ensure that your web browser is configured to warn about invalid site certificates. You must ensure that web browsers warn if the user is changing between secure and non-secure mode. You must ensure that your web browser window used to access systems owned by <Company Name> is closed before navigating to other sites/domains. You must ensure that your web browser checks for a publisher’s certificate revocation. You must ensure that your web browser checks for server certificate revocation. You must ensure that web browser checks for signatures on downloaded files. You must ensure that web browser empties/deletes temporary Internet files when the browser is closed. By your signature or electronic acceptance (such as by clicking an acceptance button on the screen) you must agree to these rules. You understand that any person who obtains information from a computer connected to the Internet in violation of her employer’s computer-use restrictions is in violation of the Computer Fraud and Abuse Act. You agree to contact the <Company Name> Chief Information Security Officer or the <Company Name> Operations Center <phone number> if you do not understand any of these rules. Page 11
  • 12. Rules of Behavior Version 0.1 / Date ACCEPTANCE AND SIGNATURE I have read the above Rules of Behavior for External Users of <Company Name> systems and networks. By my electronic acceptance and/or signature below, I acknowledge and agree that my access to the <Company Name> systems and networks is covered by, and subject to, such Rules. Further, I acknowledge and accept that any violation by me of these Rules may subject me to civil and/or criminal actions and that <Company Name> retains the right, at its sole discretion, to terminate, cancel or suspend my access rights to the <Company Name> systems at any time, without notice. User’s Legal Name: _________________________________ (printed) User’s Signature: _________________________________ (signature) Date: _________________________________ Comments Here: Page 12