This agreement is issued under the authority of the Federal Information Security Management Act of 2002 (Pub. L. No. 107-347, Title III).
By checking the "I ACCEPT" check box and clicking on the "SUBMIT" button, I signify my understanding and acceptance of these policies and practices concerning access to INTEGRITY. I also understand that I may be held accountable for any breach of these policies and practices.
INTEGRITY is a U.S. Government information system used to conduct official Government business. Business conducted on INTEGRITY will be conducted in a manner above reproach and in accordance with the highest ethical standards to ensure the public's confidence in the Government, its employees, and its systems.
The following Rules of Behavior (ROB) describe security and privacy controls associated with user responsibilities and certain expectations of behavior for following security and privacy policies, standards, and procedures.
In exchange for access to INTEGRITY:
- I agree to access INTEGRITY only to conduct official Government business.
- I will treat my MAX.gov User ID, password and any other information related to my access and use of INTEGRITY as sensitive and use a high level of care to protect against disclosure.
- I will not share or authorize the sharing of my MAX.gov User ID, password or any other information related to my access and use of INTEGRITY with any other person(s).
- I will NOT enter classified information into INTEGRITY.
- I will log off of or otherwise restrict access to any INTEGRITY session when I am not personally attending to it.
- I will contact my agency INTEGRITY manager or administrator to ensure that my INTEGRITY access is properly revoked as soon as I have terminated my official Government-related duties that involve using INTEGRITY.
- I will immediately report all security or privacy incidents or suspected incidents (e.g., lost passwords, improper or suspicious acts) related to INTEGRITY use to my agency supervisor, agency INTEGRITY manager, or INTEGRITY staff.
- I acknowledge that with my MAX.gov User ID I will have access to Government information which may be of a technical and/or sensitive nature, and:
- I will protect and safeguard that information in the strictest confidence, and use it only to support the Government task(s) which I have been assigned.
- I will strive to observe the Golden Safeguard Rule; protecting sensitive personal financial information to which I have access in the same manner I safeguard my own similar information.
- Unless authorized by my duties or lawful authority, I agree that:
- I am specifically prohibited from publishing, reproducing, or otherwise divulging any information to which I have access through the system in whole or in part, in any manner or form, including on social media sites, or posting organizational or other information on public websites; and
- I am prohibited from authorizing or permitting others to publish, reproduce, or otherwise divulge information to which I have access in the system, and will take such reasonable measures as are necessary to restrict access to the information while in my possession.
- I understand and agree that using another user’s sensitive financial information for an unauthorized purpose may subject me to criminal sanctions, including fines or imprisonment, or both, imposed pursuant to the Computer Fraud and Abuse Act, 18 U.S.C. § 1030.
- I understand and agree that authorized INTEGRITY security or agency personnel may review my conduct or actions concerning INTEGRITY information and take appropriate action. Authorized agency personnel include my supervisory chain of command as well as my agency's INTEGRITY manager or administrators and agency information security officers and privacy officials. Appropriate action may include monitoring, recording, copying, inspecting, restricting access, blocking, tracking, and disclosing information to authorized agency and law enforcement personnel. Further:
- I understand and agree that the following actions are prohibited: unauthorized access or sharing, uploading, downloading, changing, circumventing, or deleting of information on INTEGRITY; modifying INTEGRITY; unauthorized denying or granting access to INTEGRITY; using agency resources for unauthorized use on INTEGRITY; or otherwise misusing INTEGRITY. I also understand that attempting to engage in any of these unauthorized actions is also prohibited.
- I understand that such unauthorized attempts or acts may result in disciplinary or other adverse action, as well as criminal or civil penalties. Depending on the severity of the violation, disciplinary or adverse action consequences may include: suspension of access privileges, reprimand, suspension from work, demotion, or removal. Theft, conversion, or unauthorized disposal or destruction of Federal property or information may also result in criminal sanctions.
- I will comply with any directions from my agency supervisor, agency INTEGRITY manager or administrator, and agency information security officer concerning my access to and use of INTEGRITY or matters covered by this agreement and the ROB.
- I understand that the ROB are in addition to my agency’s policies and rules that may provide higher levels of protection to my agency's information or information systems.
- I understand that I am responsible for the security of INTEGRITY information, regardless of my location, and:
- I understand that these ROB take precedence over any conflicting agency information security and privacy policies while I am using INTEGRITY, and will be enforced when I telework in the same manner as when I am in the office.
- I will keep INTEGRITY information safe and secure regardless of my location.
- I will ensure that all printouts of any INTEGRITY information that I work with as part of my official duties are physically secured when not in use.
- When in an uncontrolled environment such as a public access work area, airport, or hotel, I will protect against the disclosure of a filer's information which could occur by overlooking (shoulder surfing) from unauthorized persons. I will also follow a clear desk policy that requires me to remove INTEGRITY information from view when not in use.
- I will safeguard a filer's personal information from unauthorized access. I will only provide access to this information to authorized recipients. For questions regarding who is an authorized recipient, and other safeguards, I will obtain guidance from my agency supervisor, agency Chief Information Officer, agency Privacy Officer, and/or my information security officer before providing access.
- I will properly dispose of a filer's personal information when no longer needed whether in hardcopy, softcopy, or in INTEGRITY, in accordance with my agency’s records retention policies and the General Records Schedule.
- I agree to follow my agency’s restrictions on the use of social media/networking sites and posting organizational information on public websites.
- I will not attempt to override, circumvent, or disable INTEGRITY’s operational, technical, or management security and privacy controls unless expressly directed to do so by authorized INTEGRITY personnel or agency staff. I will not attempt to alter the security configuration of INTEGRITY or Government equipment provided to me unless so directed.
- I will complete any role-based security and privacy training required based on my INTEGRITY roles and responsibilities, as my agency determines.
- By using INTEGRITY, I consent to these conditions:
- The U.S. Government routinely intercepts and monitors communications on this information system for purposes including, but not limited to, penetration testing, communications security monitoring, network operations and defense, personnel misconduct, law enforcement, and counterintelligence investigations.
- At any time, the U.S. Government may inspect and seize data stored on this information system.
- This U.S. Government information system includes security and privacy measures (e.g., authentication and access controls) to protect U.S. Government interests.
- I will stop using INTEGRITY when so directed or, if it shows signs of being infected by a virus or other malware and report the suspected incident.
- I will access only the INTEGRITY data for which I have been granted authorization, and:
- I will notify my agency INTEGRITY manager if I have access to system resources that are beyond those required to perform my job.
- I will not retrieve information for someone who does not have authority to access that information.
- I will use a recent or the latest available version of a modern Internet browser to better ensure system security.
- I agree to contact my agency INTEGRITY manager, my agency Privacy Officer, Information Security Officer or CIO, or INTEGRITY staff if I do not understand any of these rules.
- I understand that if I refuse to agree to this user agreement and ROB, I will be denied further access to and use of INTEGRITY.
- I understand that to continue using INTEGRITY I may be asked to review and agree to this user agreement and ROB annually when updating my contact information.