R2 SUPPLEMENT 6600-94-16600 Zero Code

R2 SUPPLEMENT 6600-94-16600_Zero_Code

EFFECTIVE 5/15/94Page 1 of 5

FOREST SERVICE MANUAL

Denver, CO

TITLE 6600 - SYSTEMS MANAGEMENT

R2 Supplement No. 6600-94-1

Effective May 15, 1994

POSTING NOTICE. Supplements to this title are numbered consecutively. Post by document name. Remove entire document and replace with this supplement. Retain this transmittal as the first page of this document. The last supplement to this Title was Supplement 6600-92-1 to 6610.

Superseded
Page Code / (Number of Sheets)
6604.2--1 through 6604.2--3 / 2
6607-6607.7 / 5
Supplements Covered
R2 Supplement 4, 8/81
R2 Supplement 6, 3/89
Superseded / New
Document Name / (Number of Pages)
6600 Zero Code / 6

Digest:

Deletes obsolete material and revises security information to include new user request form.

ELIZABETH ESTILL

Regional Forester

R2 SUPPLEMENT 6600-94-16600_Zero_Code

EFFECTIVE 5/15/94Page 1 of 5

TITLE 6600 - SYSTEMS MANAGEMENT

R2 SUPPLEMENT 6600-94-1

EFFECTIVE 5/15/94

ZERO CODE

6607 - INFORMATION SYSTEMS SECURITY.

6607.3 - POLICY. Use of Forest Service Information Processing Facilities are limited to those for conducting official business, and the following other appropriate uses by employees and others:

A. AUTHORIZED ACTIVITIES. In addition to the normal official information processing, the following are authorized activities:

(1) Information Preparation and Dissemination

(a) Agency-sponsored employee wellness activities.

(b) Social and fundraising information from management-sanctioned employee organizations.

(c) With prior approval of the Forest Supervisor or Regional Office Director, information and solicitations for donations for Forest Service employees and retirees, and their immediate family members that have suffered losses from a natural disaster, serious illnesses, accidents, or death.

(d) Agency-sponsored CONCERN Programs.

(e) Combined Federal Campaign.

(f) Agency-sponsored recycling information.

(g) Information about Forest Service employee retirements, transfers, and reunions.

(h) Union (NFFE) business and information distribution as defined in the current Master Agreement between FS and NFFE.

(i) Forest Service official business-related "networking" of information.

(j) Child and dependent care information according to Region/Forest and/or local direction or policy.

(2) Use of Forest Service software, modems and other hardware on home computers for accomplishing Forest Service-related business when it is officially approved and accountability of property is transferred to the individual via Form AD-107 (REPORT OF TRANSFER OR OTHER DISPOSITION OR CONSTRUCTION OF PROPERTY).

(a) Employees must ensure that home computers are periodically checked with virus-checking software.

(3) Completion of agency-sponsored and approved school and training.

(4) Preparation and storage of an individual's SF-171.

B. UNAUTHORIZED ACTIVITIES. Any use of Government computers for the sole benefit of individuals or interest not pertaining to officially sponsored activities is prohibited. Some specific identified unauthorized activities include:

(1) Using, sending, advocating "chain" letters no matter what the purported benefits.

(2) Advocating any cause or personal opinion not sanctioned by the Forest Service without prior approval from line management.

(3) Soliciting support of causes and suggesting others write their elected representatives about an issue.

(4) Unauthorized reproducing and/or distributing of copyrighted material.

(5) Mailing applications (SF-171, resume, and so forth) to prospective employers.

(6) Soliciting donations for any cause not listed above under Authorized Activities.

(7) Providing information pertaining to political causes and/or activities.

(8) Creation of and use of personal mailing lists to conduct personal or entertainment activities which some employees may participate in.

(9) Borrowing Government personal computer software without official approval and accountability of property transferred to the individual.

C. Use of Forest Service Information Processing Facilities, including software, by non-Forest Service people (hereafter known as cooperator) may be granted provided:

(1) The cooperators' use of information processing facilities are explicitly provided for in the contract or agreement and approved by the line officer in charge or appropriate Regional Office Director.

(2) Access is limited to those features/functions on the system required to perform the task at hand.

(3) All system resources (computer time, disk space, profiles, terminals, and so forth) and office space is provided to the cooperator from the allocation of the responsible staff.

(4) The cooperator may not be granted privileged access except where privileged access, such as that for system operator, is explicitly described in the contract or agreement.

(5) Security awareness training is provided to cooperators prior to being granted access and the sponsoring Director or Forest Supervisor accepts full responsibility for security breaches of the cooperator.

(6) If Forest Service property is to be provided to a cooperator as a part of an agreement, accountability for that property must be documented on Form AD-107 (REPORT OF TRANSFER OR OTHER DISPOSITION OR CONSTRUCTION OF PROPERTY).

(7) Adequate security measures are in place.

(8) In addition to the above items, if the use is for other than Forest Service related business, the following requirements apply:

(a) There must be a documented public and/or non-profit interest.

(b) All costs (hardware, software) must be reimbursed by the cooperator.

(9) Ownership and Access to Data/Information

6607.4 - Responsibility.

6607.41 - All Employees. All employees are authorized by the appropriate unit leader on the Profile Request Form (R2-6600-7) access to the Information System. They are then assigned a USERID/Profile and operating space in the system. This access is given to enable employees to accomplish their assigned work duties and not for personal or unofficial purposes. Each user must sign a form affirming they understand the proper system use. A copy of the form is filed for reference and another copy given to the employee.

A. Notification to Employees

(1) All employees will be notified in writing periodically that the access to the USDA, Forest Service Information Processing Facilities is restricted to OFFICIAL USE. No personal records, documents, or information should be placed, stored, or created within USDA, Forest Service Information Processing Facilities unless written permission is obtained prior to creation.

(2) System Operators/Superusers will be notified in writing periodically that it is a criminal act to exceed their computer access authorization and access unauthorized information.

B. Forest Service Data Access. The Forest Service may examine the systems and information stored in those systems at anytime for management and/or proprietary purposes as listed in the following conditions:

(1) The Line Officer at each unit may access or cause to be accessed individual employee computer files stored in the USDA-FS systems when an employee is absent from the office for an extended period because of illness, travel, leave, detail or other circumstance and the information is needed to continue government business and is in accordance with the current Master Agreement between the Forest Service and NFFE.

(2) There is an allegation of misuse or wrongdoing against the employee and examination of the computer records are necessary to resolve the allegations and complete an investigation and is in accordance with the current Master Agreement between the Forest Service and NFFE.

Access Procedures:

The procedure to gain official access of USDA Forest Service Information Processing Systems for administrative or investigative purposes will be as follows:

(1) Prior to any access of an individual employee's stored information a written justification shall be signed by the Line Officer of the unit of Director, MS&A. Only then can the records be accessed and examined. When the purpose for accessing an individual employee's stored information is for investigative purposes, the procedures outlined in FSM 5320 and/or FSM 6170 will be followed. Signed justifications shall be maintained for 5 years.

(2) Access is then gained by a System Operator/Superuser through changing the password on the individual Userid. A witness should be present when the profile is accessed.

(3) Examination of individual records shall be reasonable in the scope of the examination. For example if the justification to access an employee's individual electronic files is based on an urgent need to retrieve a particular document during the employee's extended absence, then the justification is limited to this purpose. In an instance when an employee may be accused of improperly gaining information and storing it in their individual space the scope of the examination would be greater than the first example cited above, but the examination should always be reasonable in the scope of what may be examined, weighed against that which is being sought.

6607.44 - Regional Forester. The Regional Forester delegates the authority and responsibility to grant access to non-Forest Service people (Cooperator) for the use of Forest Service Information Processing Facilities, including software, to Forest Supervisors and Directors.

Authority to grant access for non-Forest Service-related business may not be redelegated beyond Forest Supervisors and Directors.