USER RESPONSIBILITIES You have been assigned a user account on LYNX, a MicroVAX 3200 computer owned and maintained by the Computer and Communications Security Group. As a user of this system, you are required to assume the following computer security-related responsibilities: OWNERSHIP OF INFORMATION AND COMPUTING RESOURCES This computer and all information contained therein is the property of the University of California, not of users of this system. Your account, all files existing within this account, and computer resources are for official Department of Energy use only. Use for personal purposes such as conducting personal business activities is prohibited. PASSWORDS 1. Choose a sound password, i.e., a password that is not easy to guess. You are not allowed to use any password in which your password is the same as your username (e.g., USERNAME = DSMITH, PASSWORD = DSMITH) consisting of any surname (yours or someone else's), first name, middle name, or any combination of a surname and initials consisting of the make of any automobile, found in Webster's dictionary, consisting of repeated strings or numbers (e.g., ababab or 123456), or less than six characters long. 2. Do not share your password with anyone else. 3. Do not change your password to a password specified in an electronic mail message or any other form of written communication, over the telephone, or in a similar manner. 4. Do not store your password in any electronic file. 5. It is better to remember your password rather than to write it on a piece of paper. If you choose to write your password down, you must write it on a piece of paper rather than on your computer terminal, desktop, etc. You are responsible for ensuring that the piece of paper containing your password is not lost, visable to others, or otherwise shared with others. If you cannot remember your password, contact your system manager. PROTECTING INFORMATION 1. Do not create or store sensitive, restricted, or classified information on this system. 2. If there is a possibility that individual data may aggregate into sensitive/restricted/classified information, do not create or store such information on this system. 3. Set file permissions such that others may not change (write to) programs you are developing or storing in your account(s), and may not read files for which you do not wish to allow read access. USE OF SYSTEM AND SOFTWARE 1. You are authorized the following privileges: TMPMBX and NETMBX and no others (e.g., you are not authorized SYSPRV and SETPRV). You are not allowed additional privileges unless the system manager specifically authorizes them in writing. 2. You are not allowed without the written permission of the system manager to use this system to alter yours or any else's privileges in this or any other system, alter system or network software and any associated files (e.g., RIGHTSLIST.DAT) in this or any other system or network, attempt to gain unauthorized access to this or any other system or network, or monitor other users' activity in this or any other system or network. This restriction includes using any software you may create and/or obtain to perform any of the non-authorized functions described in the previous sentence. 3. You are not authorized to defeat file protection mechanisms to access (read, write, etc.) files in any another users' account. 4. You are responsible for ensuring that all new software you intro- duce to the system does not contain malicious code such as trojan horse programs. 5. You may not copy or use copyrighted programs or source files if a license for the system and/or written permission from the vendor or developer has not been obtained in advance of any use. COMPLIANCE Failure to comply with one or more of these provisions will result in administrative action. This action ranges from 1) a warning for a first failure to comply with no malicious intent on your part to 2) revocation of your account and a written reprimand for repeated failure to comply or one failure to comply with malicious intent to 3) criminal prosecution for violation of the Computer Fraud and Abuse Act of 1986. For questions or advice concerning compliance with these provisions contact Randy Futor, System Manager (423-4337), or Charles Cole, Computer Security Manager (422-3772). I have read the above provisions, and agree to abide by them. ________________________________________ (Signed)