myDRI
 
for Secure donations
DRI website logo        Wounded Warrior Project        VA Research and Development logo
» Home » Rules of Behavior
Website Rules of Behavior (RoB)

June 17, 2014

The Rules of Behavior for Use of the Denver Research Instititue (DRI) website only, denver-research.org (and all aspects within the site) provides the rules that govern the appropriate use of any images, documents, or information resources presented on the DRI website to users, including public viewers, DRI employees, federal employees, contractors, and other system users. This RoB in no way replaces the Denver Research Instititue employment Rule of Behavior bad adds explicit information related to using denver-research.org website.

All new users of DRI website should read this agreement before accessing the non-public aspects of the DRI website. After reading this rules of behavior document if users continue to visit and use the DRI website they acknowledge and agreement to adhere to, the DRI RoB. The DRI website RoB may be presented in hardcopy to the DRI employee free of charge yet 3rd party non-DRI users must attain their own hardcopy as DRI does not provide to the public.

The DRI RoB cannot account for every possible scenario so refere to the DRI employee RoB which should provide explicit guidance for all other situations. Else, users must use their best judgment to apply best practices when using the public and non-public aspects of DRI's website.

As privacy and security are critical, the contents within this RoB can change without any notification so please visit frequently or speak with a DRI representative.

Everyone

Non-compliance with this DRI website RoB may be cause for disciplinary actions. Depending on the severity of the violation and management discretion, consequences may include one or more of the below:

  • Suspension of DRI website access privileges
  • Revocation of access to DRI information, DRI information systems, and/or DRI facilities
  • Verbal or Written Reprimand
  • Removal or disbarment from work on federal contracts or projects;
  • Termination of DRI employment (or contract)
  • Monetary fines
  • Criminal charges that may result in imprisonment.

DRI website information and system visitors and users must acknowledge the following statements:

I assert my understanding that:

  • Use of DRI website information and systems must be for non-malicious purpose
  • Use of DRI website information and systems must be for non-intrusive purpose
  • Unauthorized access to information or information systems is prohibited; and
  • Users must prevent unauthorized disclosure or modification of sensitive information presented within


I must: - General Security:
  • Denver Research Insititue is not liable for any damages or issues that come from visitin denver-research.org
  • Follow DRI RoB website rules while accessing the DRI website whether in the United States or abroad
  • Accept that I will be held accountable for my actions while accessing and using DRI website information and information systems
  • Never leave a computer unattended while logged into the non-public area of the DRI website
  • Use assigned unique identification and authentication mechanisms, User login name and login password, to access DRI website systems and will never share the login information
  • Permit only authorized DRI employees to access non-public DRI areas
  • Take all necessary precautions to protect DRI website and its containined information assets (including but not limited to hardware, software, DRI sensitivie information, and federal records [media neutral]) from unauthorized access, use, modification, destruction, theft, disclosure, loss, damage, or abuse
  • Immediately report to the denver-research.org or to local DRI employment representative all known or suspected security incidents (or issues), known or suspected information security policy violations or compromises; or suspicious activity
  • Never visit the DRI website (or sub-pages of website) from a computer that is infected with Viruses, Trojans, or Maclicous softwares (maintain anti-virus and anti-intrusion software on client computer)
I Must - Privacy
  • Understand and consent to having no expectation of privacy while accessing the denver-research.org website (or sub-pages within website)
  • Release information to members of the public including individuals or the media only as allowed by the scope of my DRI duties and the guidance from the DRI board
  • Refrain from accessing information about individuals unless specifically authorized and required as part of my assigned DRI duties
  • Ensure the accuracy, relevance, timeliness, and completeness of all content I provide, as is reasonably necessary and to the extent possible, to assure fairness in making determinations about an individual.
I Must - Sensitive Information
  • Treat computer, network and web application account credentials as private sensitive information and refrain from sharing accounts
  • Secure sensitive information, regardless of media or format or geographic location
  • Keep sensitive information out of sight when visitors are present;
  • Sanitize or destroy electronic media and papers that contain DRI sensitive data when no longer needed
  • Access sensitive information only when necessary to perform job functions; and
  • Properly protect DRI sensitive information at all times while stored or in transmission
I MUST NOT
  • Violate, direct, or encourage others to violate DRI website policies or procedures
  • Circumvent security safeguards, including violating security policies or procedures or reconfiguring systems or reverse engineering to gain access
  • Use another person’s account, identity, password/passcode/PIN, or PIV card or share my password/passcode/PIN
  • Use DRI website information, systems, and hardware to send or post threatening, harassing, intimidating, or abusive material about others
  • Exceed authorized access to sensitive information
  • Share or disclose sensitive information except as authorized and with formal agreements that ensure third-parties will adequately protect it per DRI requirements
  • Transport, transmit, e-mail, remotely access, or download sensitive information unless such action is explicitly permitted by the DRI manager or owner of such information
  • Use sensitive information for anything other than the purpose for which it has been authorized
  • Access information for unauthorized purposes
  • Use sensitive DRI data for private gain or to misrepresent myself or DRI or for any other unauthorized purpose
  • Store sensitive information in public folders or other insecure physical or electronic storage locations
  • Knowingly or willingly conceal, remove, mutilate, obliterate, falsify, or destroy information
  • Copy or distribute intellectual property including research results, music, software, documentation, and other copyrighted materials without written DRI permission or license from the copyright owner
  • Access the DRI website and all sub-pages for unethical or illegal purposes
  • Sending or posting obscene or offensive material
  • Conducting any commercial or for-profit activity utilizing DRI website information without written DRI permission or license from the copyright owner
  • • Allowing personal use of DRI resources to adversely affect DRI website systems, services, and DRI co-workers
  • Posting DRI sensitive or propriatary information to external newsgroups, social media and/other other types of third-party website applications, or other public forums without written DRI permission, including information which is at odds with DRI's mission. This includes any use that could create the perception that the communication was made in my official capacity as a DRI employee, unless I have previously obtained appropriate approval.

MyDRI Users

The DRI website Rules of Behavior for MyDRI User Accounts is for users of the MyDRI website and provides common rules on the appropriate use of all DRI website aspects (these users are directly related to DRI including federal employees, interns, contractors, and staff). MyDRI User account roles have access to the MyDRI non-public area of the DRI website that may allow access to DRI sensitive information. Potential compromise of MyDRI User accounts carries a risk of substantial damage to the website and services it offers. Therefore MyDRI User accounts require additional safeguards. All users of MyDRI User accounts for the DRI website and any resources must read these standards and acknowledgement that they will comply with the standard rules as well as these below. As a MyDRI User, I must:

  • Protect all MyDRI account passwords/passcodes/Personal Identity Verification (PIV) personal identified numbers (PINs)
  • Comply with all system/network administrator responsibilities in accordance with DRI policy
  • Use my Privileged User account(s) for official DRI employee actions only
  • Notify system owners immediately when MyDRI website access is no longer required; and
  • Complete any specialized role-based security or privacy training as required before receiving MyDRI website access
As a MyDRI User, I must not:
  • Share Privileged User account(s) or password(s)/passcode(s)/PIV PINs
  • Remove or destroy system audit, security, event, or any other log data fro website
  • Acquire, possess, trade, or use hardware or software tools that could be employed to evaluate, compromise, or bypass DRI and MyDRI website (or sub-pages)
  • Introduce unauthorized code, Trojan horse programs, malicious code, or viruses into DRI or MyDRI website (or sub-pages)
  • Knowingly write, code, compile, store, transmit, or transfer malicious software code, to include viruses, logic bombs, worms, and macro viruses
  • Use Privileged User account(s) for day-to-day communications
  • Use privileged access to circumvent DRI website or employment policies or security controls

MyDRI Privileged Users

The DRI website Rules of Behavior for MyDRI Privileged User Accounts is for Users of the MyDRI website with the ability to change other aspects of the website beyond their own profile and provides common rules on the appropriate use of all MyDRI Privileged Users (including federal employees, interns, and contractors). MyDRI Privileged User account roles have elevated privileges above those in place for general visitors and the standard MyDRI user accounts regardless of account scope. The potential compromise of a MyDRI Privileged User accounts carries a risk of extreme damage to the website as well as DRI's reputation and therefore MyDRI Privileged User accounts require additional safeguards past those of the standard MyDRI users.

All MyDRI Privileged User accounts for the DRI website must read these standards and acknowledgement that by using the DRI and MyDRI website areas that they concur with all said DRI employement and DRI website RoB.

As a MyDRI Privileged User, I must:

  • Protect all Standard and Privileged MyDRI User account passwords/passcodes/Personal Identity Verification (PIV) personal identified numbers (PINs)
  • Comply with all DRI system/network administrator responsibilities in accordance with DRI policy
  • Use my MyDRI Privileged User account(s) for official DRI administrative actions only
  • Notify system owners immediately when MyDRI Privileged User Access is no longer required
  • Complete any specialized role-based security or privacy training as required before receiving MyDRI Privileged system access
As a MyDRI Privileged User, I must not:
  • Share Standard or Privileged MyDRI User account(s) or password(s)/passcode(s)/PIV PINs
  • Remove or destroy DRI website system audit, security, event, or any other log data
  • Acquire, possess, trade, or use hardware or software tools that could be employed to evaluate, compromise, or bypass DRI website information systems security controls
  • Introduce unauthorized code, Trojan horse programs, malicious code, or viruses into the DRI website (or sub-pages)
  • Knowingly write, code, compile, store, transmit, or transfer malicious software code, to include viruses, logic bombs, worms, and macro viruses
  • Elevate the privileges of any MyDRI user without prior approval from the system owner
  • Use privileged access to circumvent DRI employement or website policies or security controls
I have read the DRI Rules of Behavior for MyDRI Privileged User Accounts and understand and agree to comply with its provisions. I understand that violations of the DRI website Rules of Behavior for MyDRI Privileged User Accounts or information security policies and standards may lead to disciplinary action and that these actions may include termination of employment; removal or disbarment from work on federal contracts or projects; revocation of access to federal information, information systems, and/or facilities; criminal penalties; and/or imprisonment.

I understand that exceptions to the DRI website Rules of Behavior for MyDRI Privileged User Accounts must be authorized in advance in writing by the DRI board or an appointed designee.

I also understand that violation of ceratin DRI employment and website RoBs can result in monetary fines and/or criminal charges that may result in imprisonment.


HOME  ¤  GRANTS  ¤  RESOURCES FOR VETS  ¤  INVESTIGATORS  ¤  DONATE  ¤  WHAT WE DO  ¤  NEWS  ¤  RULES  ¤  STAFF  ¤  EMPLOYEE RESOURCES  ¤  BOARD OF DIRECTORS  ¤  RESOURCES  ¤  NEWSLETTER  ¤  myDRI  ¤  SITEMAP  ¤  RULES