Acceptable Use Policy

From CCI User Wiki
Jump to: navigation, search

CCNI ACCEPTABLE USE POLICY

The Computation Center for Nanotechnology Innovation (“CCNI”) at Rensselaer Polytechnic Institute (“Rensselaer”) was established to promote the innovation and implementation of design-to-manufacture simulation methodology for nanotechnology devices. The purpose of CCNI is for the founding parties - RPI, IBM, and the State of New York - to collaborate together and with other Members to foster and support education, research, and development which will together catalyze conception and development of revolutionary technologies, advances in industrial systems, enhance national economic competitiveness, and better educate students for work in the 21st century.

I. GENERAL

A. Purpose

The purpose of this policy is to explain the rights and responsibilities that Authorized Users share in sustaining the computing resources made available to them by the CCNI. This policy will provide a reference for Authorized Users of the CCNI, and will communicate the roles and responsibilities of those Authorized Users of the CCNI. Each CCNI Authorized User will have differing purposes for accessing the facility; however, each person also has a shared responsibility to utilize the facility in a manner consistent with CCNI policies, procedures and codes of conduct. In addition, Authorized Users are bound by the requirements of local, state, and federal laws. By striving for compliance, the CCNI can assure its ability to provide, maintain and protect the confidentiality, integrity and availability of its data, systems, services and facilities.

B. Scope

This policy applies to all persons accessing or using the CCNI facility. This includes Rensselaer students, faculty and staff, Member employees, New York State Users, Non- Member Participant employees, and all other persons authorized for access or use privileges to the CCNI facility, hereafter referred to as “Authorized Users”.

II. USE OF FACILITIES

A. CCNI User Responsibility Agreement

Before receiving an allocation, all Authorized Users must read, sign and return the CCNI User Responsibility Agreement. The signed form constitutes that Authorized User’s agreement to abide by the terms outlined therein. All Authorized Users must notify Rensselaer administrative staff with changes to their mailing address, phone number, or e-mail address.

CCNI computing facilities are a vital but limited resource for the user community. Failure to use these resources properly may jeopardize an Authorized User’s current allocation and the ability to qualify for future allocations. In addition, misuse of CCNI computing resources is subject to local, state and federal laws and can result in criminal liability.

B. Authorized Use

As a condition of use of the CCNI facilities, every Authorized User agrees:

  1. To respect the privacy of other Authorized Users; for example, Authorized Users shall not intentionally seek information on, obtain copies of, or modify files, tapes, or passwords belonging to other Authorized Users unless explicitly authorized to do so by those Authorized Users.
  2. To respect the intended usage for which access to computing resources was granted; for example, Authorized Users shall use accounts authorized for their use by the principal investigator responsible for these accounts only for the purposes specified by the principal investigator and shall not use any other Authorized User’s account unless explicitly authorized to do so by the principal investigator.
  3. To respect the integrity of computing systems; for example, Authorized Users shall not intentionally develop or use programs that harass other Authorized Users or infiltrate a computer or computing systems or damage or alter the software components of a computing system.
  4. To respect the financial structure of computing systems; for example, Authorized Users shall not intentionally develop or use any unauthorized mechanisms to alter or avoid charges levied by the CCNI for computing services.
  5. To use computing resources in a manner consistent with the objectives of the specified project for which such use was authorized. All uses inconsistent with these objectives are considered to be inappropriate use and may jeopardize further authorization.
  6. To refrain from copying, installing or using software on the CCNI facility or related resources except as permitted by the owner of the software and by law. Software subject to licensing must be properly licensed and all license provisions (including installation, use, copying, number of simultaneous Authorized Users, terms of the license, etc.) must be strictly adhered to.
  7. To use all copyright information, such as text and images, retrieved from the CCNI facility or related resources or stored, transmitted or maintained with the CCNI facility or related resources in conformance with applicable copyright and other laws. Copied material used legally must be properly attributed in conformance with applicable legal and professional standards.
  8. To use the CCNI facility in accordance with law.

Restrictions

Authorized Users may not do the following:

  • Use, or attempting to use, CCNI computing resources without authorization or for purposes other than those stated on your application for computer time.
  • Tamper with or obstruct the operation of the facilities.
  • Read, change, distribute or copy data or software of others without authorization.
  • Provide access codes to any non-Authorized User.
  • Provide access codes to any Authorized User not authorized for such access.
  • Make use of accounts, access codes, or privileges without authorization.
  • Tamper with, modify or alter restrictions, or protection placed on accounts, the CCNI system, or related facilities.
  • Make unauthorized use of another Authorized User’s account.
  • Tamper with other Authorized User’s files.
  • Breech or disclose confidential information of another Authorized User.
  • Introduce, create or propagate computer viruses, worms, Trojan Horses, or other malicious code to CCNI or related resources.
  • Use knowledge of security or access controls to damage computer and network systems, obtain extra CCNI resources or gain access to accounts for which they are not authorized.
  • Eavesdrop or intercept transmission not intended for them.
  • Physically damage or vandalize CCNI or related resources.
  • Attempt to degrade the performance of the system or to deprive authorized CCNI Authorized Users access to any CCNI or related resources.
  • Engage in activities that harass, degrade, intimidate, demean, slander, defame, interfere with or threaten others.
  • Violate any local, state of federal law.

Violations of these conditions will result in immediate revocation of permission to use the CCNI facility and, as warranted, additional penalties. When Rensselaer becomes aware of possible violations of these conditions, it will initiate an investigation. At the same time, in order to prevent further possible unauthorized activity, Rensselaer may suspend the authorization of computing services to the individual or account in question. All Authorized Users are encouraged to report to Rensselaer authorized personnel any suspected violations of CCNI policies, such as unauthorized access attempts. Users are expected to cooperate with system administrators during investigations of system abuse. Failure to cooperate may be grounds for disciplinary action.

If a Rensselaer administrator has persuasive evidence of the misuse of the CCNI facility or related resources and that evidence points to a particular individual, the administrator must notify the Office of the Vice President for Information Services and Technology and Chief Information Officer. That Office shall review the evidence and pass the matter on to the appropriate area of the Institute for possible disciplinary action, if appropriate. During the investigation, the Authorized User’s CCNI privileges may be restricted or suspended. Rensselaer retains final authority to define what constitutes proper use and may prohibit or discipline use the Institute deems inconsistent with this or other Institute policies, contracts and standards.

D. University Rights

Rensselaer reserves the right to access, monitor and disclose the contents and activity of an individual Authorized User’s account(s) and to access any CCNI resources and any non-CCNI resources on Rensselaer property connected to the CCNI facility. This action may be taken to maintain the CCNI facility integrity and the rights of others authorized to access the CCNI network. Additionally, this action may be taken if the security of the CCNI facility is threatened, other misuse of CCNI resources is suspected or Rensselaer has a legitimate business need to review such files.

III. CCNI OPERATION, MAINTENANCE AND OVERSIGHT

A. Physical Access Control

Direct physical access to certain CCNI resources such as servers, data networking devices, and telecommunications switches is restricted. Rooms containing critical CCNI resources or other controlled items (e.g., export controlled items or technology) will be secured at all times, and Authorized Users will abide by all applicable access limitations regarding such facilities. Entrances to such rooms will be closed and locked at all times, and Authorized Users must not tamper with or disengage alarms, sensors or other types of physical security systems that are used to secure these facilities or detect and report emergency conditions that might occur. Equipment should not be left logged on while unattended. Visitors must be escorted at all times.

Authorized Users may be granted access to server or network equipment rooms through the issuance of ID cards or keys or through the use of passwords or other access codes. These access controls may not be shared with any other personnel. If an authorized person is leaving his or her current role and should no longer have access to systems, his or her access must be revoked immediately upon the termination of duties. All accesses to server and network equipment rooms made by authorized personnel; escorted visitors and vendors must be logged when entering the room. Logs must be reviewed on a regular basis. Vendors must supply the names of all authorized personnel that will be performing on-site work and must keep the list up-to-date at all times. If Rensselaer personnel believe that an unauthorized person gained or attempted to gain access to a server or network equipment room, they must contact the Rensselaer Department of Public Safety immediately.

IV. POLICY AMENDMENTS

Rensselaer reserves the right to change the policies, information, requirements and procedures announced in this policy at any time. Changes shall be effective and binding immediately. All Authorized Users shall be deemed to have accepted and be bound by any change in Rensselaer policies, information, requirements or procedures if such Authorized User uses CCNI resources at any time following such change.