This document provides Rules of Behavior for the internal and external users of the <Information System Name> system. The Rules of Behavior describe security controls associated with user responsibilities and expectations for following security policies. Section 1 provides an overview of Rules of Behavior. Section 2 describes recommended Rules of Behavior for internal users, such as complying with copyright, reporting security incidents, and safeguarding resources. Section 3 describes recommended Rules of Behavior for external users, such as maintaining credential confidentiality, reporting security incidents, and using encryption. Both sections require users to sign acceptance of the Rules of Behavior.