General Rules and Guidelines Governing
The Use of BLM Computer Systems
Violations of the following rules are considered security incidents. According to the Department of Interior Manual 375 DM 19, "all suspected, actual, or threatened incidents involving the destruction, physical abuse or loss of technological resources shall be reported to the appropriate authorities." BLM employees shall report observed security incidents to their supervisors. The BLM installation Information Technology Security Managers (ITSM) may recommend the removal of any individual's User ID and password from any BLM computer system and/or automated information resources system in the event of a security incident.
- No classified National Security information will be entered into any BLM computer system.
- Computer hardware, software, and data of the BLM are considered to be the property of the U.S. Government. BLM computer systems shall be used for official business only. No games personal software, private data, unlicensed proprietary software, or otherwise non-government information will be used on or entered into any Government-owned computer system. Any use of computers, software or data for other than official business is expressly prohibited.
- Commercially developed and licensed software shall be treated as proprietary property of its developer. Title 17 of the U.S. Code states that "It is illegal to make or distribute copies of copyrighted material without authorization." The only exception is the user's right to make a backup for archival purposes, assuming one is not provided by the manufacturer. It is illegal to make copies of software for any other purpose without the permission of the publisher. Unauthorized duplication of software is a Federal crime. Penalties include fines of up to $100,000 per infringement and jail terms of up to 5 years.
General business practices which, if not followed can lead to security incidents, are listed below. Noncompliance with these practices may result in a security incident.
- Individual User IDs and passwords are assigned to each person having a valid requirement to access mainframe, mini, microcomputer systems, and local/wide area networks. All activity accomplished under this User ID is directly attributable to the user to whom it is assigned. It is, therefore, to be used only by the individual owner.
- Do not attempt to access any data contained on BLM computer systems for which you do not have authority to access or do not have a specific need-to-know. If the need to access a computer system has been established through the appropriate supervisory channel, the request to grant access shall be made to the system owner.
- User IDs and passwords are not to be shared with or disclosed to anyone. If you believe your User ID and password has been compromised, immediately change your password and notify the appropriate authority. Passwords should be changed at required intervals or any time you feel the possibility exists that it may have been compromised.
- Never use personal information (e.g., telephone numbers, names of family members, pets., etc) for your passwords. Passwords must be eight characters in length and must incorporate at least one capitalized letter, one numeric character, and one special character.
- User IDs and passwords should not be written down, except on the original assignment document. This document should then be destroyed or, at a minimum, be kept in a locked safe or cabinet. Under no circumstances should User IDs and passwords by posted, ANYWHERE! Nor should they be kept in accessible location - they probably will be found if someone is intent on gaining access to your files.
- When not actively working on the computer system, LOG OFF the computer terminal. This procedure frees the communications network port for others to use and prevents the system from being disconnected due to a "time-out" inactive session. A time-out disconnect transaction may provide the opportunity for another user to unintentionally connect to a "still active" port, and that user will then be on the system under your User ID. Remember, you are responsible for all activity logged under your User ID.
For technical assistance & password resets, please contact the BLM National Help Desk at 1-800-BLMHELP. For additional information regarding the services listed on this page, contact Karen Collins at 303-236-2246.