PRRB-1

PRRB-1 Security Rules of Behavior or Acceptable Use Policy

Overview

A set of rules that describe the IA operations of the DoD information system and clearly delineate IA responsibilities and expected behavior of all personnel is in place. The rules include the consequences of inconsistent behavior or non-compliance. Signed acknowledgement of the rules is a condition of access.

MAC / CONF	Impact	Subject Area
MACI MACII MACIII	High	Personnel

Details

Threat
Sensitive and classified information stored on servers, workstations, media and documentation are at risk of access, monitoring, copying, destruction, and illegal distribution if rules are not in place to prevent such actions. Access to sensitive and classified facility access points is a risk from unauthorized personnel. Personnel performance in the work place is at risk of being non-productive due to unethical and irresponsible behavior if consequences for those actions are not defined and acknowledged by employees.

Threat

Sensitive and classified information stored on servers, workstations, media and documentation are at risk of access, monitoring, copying, destruction, and illegal distribution if rules are not in place to prevent such actions. Access to sensitive and classified facility access points is a risk from unauthorized personnel. Personnel performance in the work place is at risk of being non-productive due to unethical and irresponsible behavior if consequences for those actions are not defined and acknowledged by employees.

Guidance
1. A set of rules that describe the IA operations of the DoD information system and clearly delineate IA responsibilities and expected behavior of all personnel shall be in place. 2. The rules shall include the consequences of inconsistent behavior or non-compliance. 3. Signed acknowledgement of the rules shall be a condition of access. 4. Training or reminder of the IA operations rules and code of conduct shall be performed on an annual basis, or as frequently as in accordance with DoD policy.

Guidance

1. A set of rules that describe the IA operations of the DoD information system and clearly delineate IA responsibilities and expected behavior of all personnel shall be in place.
2. The rules shall include the consequences of inconsistent behavior or non-compliance.
3. Signed acknowledgement of the rules shall be a condition of access.
4. Training or reminder of the IA operations rules and code of conduct shall be performed on an annual basis, or as frequently as in accordance with DoD policy.

References

CJCSI - Information Assurance (IA) and Computer Network Defense (CND)