When can you check personal email on your Government-furnished equipment

By signing this document, you acknowledge and consent that when you access Department of Defense [DoD] information systems:

You are accessing a U.S. Government [USG] information system [IS] [which includes any device attached to this information system] that is provided for U.S. Government authorized use only.

I acknowledge that failure to abide by these terms and the other parts of the user agreement may result in revoked or suspended access privileges and/or other administrative penalties IAW the DCMA Table of Penalties and where applicable, Status of Forces Agreements.

You consent to the following conditions:

1. Understanding.I understand that I have the individual responsibility to safeguard the Information System [IS] and Information contained on DCMA networks from unauthorized or inadvertent modification, disclosure, destruction, denial of service, and use. If suspicious activity or questionable security practices are witnessed, I will immediately notify the DCMA Network Operations & Security Center [NOSC] at .


2. Access. DoD policy states that Federal Government communication systems and equipment [including Government owned telephones, facsimile machines, electronic mail, internet systems, and commercial systems], when use of such systems and equipment is paid for by the Federal Government, will be for official use and authorized purposes only. Official use includes emergency communications and communications necessary to carry out the business of the Federal Government.¬ Authorized purposes include brief communications by employees while they are traveling on Government business to notify family members of official transportation or schedule changes. Authorized purposes can also include limited personal use established by appropriate authorities under the guidelines of the DoD Regulation 5500.7-R, “Joint Ethics Regulation.”


1. Internet Access.  Internet access provided by DCMA is intended primarily for work-related purposes. 
   1. I will not engage in any personal use that could cause congestion, delay, or disruption of service to any government system or equipment [i.e., sending greeting cards, video, sound or other unofficial large file attachments, "push" technology on the Internet and other unofficial continuous data streams such as listening to radio stations, watching streaming video, using bandwidth-intensive social networking applications, or other scenarios or programs not explicitly defined in this document] unless specifically authorized to do so by the DCMA Director.
   2. I understand that access to social networking and other Internet sites may be limited based upon dynamic security threats.
   3. I will not circumvent any filters or blocks to gain access to restricted sites. Cybersecurity Service Provider [CSSP] and other approved activities [e.g., test, development], operating in their official capacities only, may be exempted from this requirement.
   4. If denied access to a particular website, I will see a message on the browser stating the website is blocked. If I require access to the site for official or authorized use, I may submit a service desk ticket to request the website be unblocked. I must ensure the request includes the requested website, justification, requester information, office symbol, and urgency. Supervisor approval may be required.


2. Email. DCMA has implemented a standardized default policy for all mailbox users of 1GB. DCMA permits user access to Outlook and Public Folder Mailboxes. Outlook Web Access is not permitted. Email access provided by DCMA is intended primarily for work-related purposes.  
   1. I will adhere to the email practices as outlined here and in other DCMA guidance.
   2. I will properly report chain e-mail, spam, bogus certificates, and virus warnings to the DCMA NOSC Spam Abuse inbox [] using the procedures outlined in KB-0000232, “Microsoft Outlook – SPAM Email.” I will then permanently delete [Shift+Delete] the message from my Inbox, Sent folder, and my Deleted folder.
   3. Legitimate computer security warnings and other official DCMA information will be generated via an official “Messenger” email from the appropriate directorate [e.g., DAI Messenger, FB Messenger, IT Messenger].
   4. I will not provide personal or official DCMA information if solicited by email. If I receive an email message from any source requesting personal information or asking to verify accounts or security settings, I will report the questionable email to the DCMA NOSC.
   5. I understand that, as a general rule, my digital signature [private key] should be used whenever e-mail is considered “Official Business” and contains information considered controlled unclassified information [CUI] as defined in DoDM 5200.01 V4 [such as operational requirements]. Additionally, all emails with embedded hyperlinks and or attachments must be digitally signed. The digital signature provides for the non-repudiation of the message that the sender cannot later deny having originated the e-mail.
   6. I understand that a public key is used to encrypt information. The digital signature verifies the origin of the sender of an email. Encrypted mail should be the exception, and not the rule. It should only be used to send sensitive information, information protected by the Privacy Act of 1974 [personally identifiable information [PII]], and Information protected under the Health Insurance Portability and Accountability Act [HIPAA], or identified CUI. When transmitting CUI, I will follow the control and handling guidelines IAW DCMA-INST 552, “Information Security Program,” August 15, 2014.
   7. I understand that DoD forbids the sending of compressed files [files that are made smaller for attaching to email] and executables [files that execute/run programs] via email. An example of a compressed file is one ending with the ".zip" or “.7z” extension. Examples of executable files are those ending in ".bat", ".exe", ".com" or ".bak" extension. This applies to all email sent within, sent to, and sent from DCMA. I will not attempt to send compressed files or executables, nor will I download/view/access any such email attachments received, should DCMA security processes fail to strip the attachment from the email.
   8. I will not use my personal/commercial email to conduct official government business.
   9. I will not use my government email for personal business purposes [e.g., financial transactions, solicitations, etc.].
   10. I understand that mail is restricted to a maximum size of 15MB in size, including attachments. Attachments that cause the email to exceed this size must utilize another method. Files intended for internal recipients should be posted to DCMA360. Files sent to external recipients should be sent via secure file transfer [e.g., AMRDEC, etc.].
   11. I will not auto-forward email from my DCMA or any other government issued email account[s] to commercial or personal email accounts [e.g., .com, .net, .org, etc.].


3. Prohibited Activities.  Certain activities are never authorized on DCMA networks. 
   1. I will not use ISs for unlawful or unauthorized activities such as file sharing of media, data, or other content that is protected by Federal or state law, including copyright or other intellectual property statutes.
   2. I will not modify the IS or software, use it in any manner other than its intended purpose, or adding user-configurable or unauthorized software such as, but not limited to, commercial instant messaging, commercial Internet chat, collaborative environments, or peer-to-peer client applications. These applications create exploitable vulnerabilities and circumvent normal means of securing and monitoring network activity and provide a vector for the introduction of malicious code, remote access [RA], network intrusions, or the exfiltration of protected data.
   3. I will not attempt to strain, test, circumvent, or bypass network or IS security mechanisms, or to perform network or keystroke monitoring. Cybersecurity Service Provider [CSSP], Red Team, or other approved activities, operating in their official capacities only, may be exempted from this requirement.
   4. I will not physically relocate or make changes to configuration or network connectivity of IS equipment.
   5. I will not install/connect non-Government-owned computing systems or devices without prior authorization of the appointed Authorizing Official [AO] including but not limited to USB devices, printers, webcams, peripherals, smartphones, external media, and personal or contractor-owned laptops. Additionally, I will not connect any non-Government Furnished Equipment [GFE] computing equipment to the DCMA network.
   6. I will not release, disclose, transfer, possess, or alter information without the consent of the data owner, the original classification authority as defined by DCMA-INST 552, the individual’s supervisory chain of command, Freedom of Information Act [FOIA] official, Public Affairs Office, or disclosure officer’s approval.
   7. I will not disable or remove security or protective software and other mechanisms and their associated logs from IS.
   8. I will not permit non-DCMA personnel to have remote control of my U.S. Government [USG] IS.


4. Telework. Individuals requiring remote access to DCMA networks must have completed the telework training and have a current, signed teleworking agreement IAW DCMA-INST 815, Cybersecurity and DCMA-INST 619, Telework Policy. Employee eligibility and implementation will be determined as applicable IAW DCMA-INST 619. In addition, I understand my responsibilities for remote access to resources and services on the DCMA Network for CUI. I will not share access credentials. Non-GFE cannot be used for processing or storing classified or CUI as DCMA does not have any approved non-GFE solution approved by the DoD CIO per DoDI 8500.01. Remote management from non-GFE is prohibited. Control and handling of CUI within the telework environment shall follow the policies and procedures as identified in DCMA-INST 552.


5. Revocability.Access to DCMA resources is a revocable privilege and is subject to content monitoring and security testing.

1. Issuance.  I will be issued a user identifier [i.e., user ID] and will authenticate using my Common Access Card [CAC] in order to log into the system on the Non-classified Internet Protocol Router Network [NIPRNet]. If Secure Internet Protocol Router Network [SIPRNet] access is required, a separate token and user identifier will be issued. After receiving a token:
   1. I understand that I am the only authorized user of the authenticators [i.e., CAC/token, user ID, PIN/password, access codes] issued to me. I will not allow anyone else to have or use my authenticators. I understand that I am responsible for protecting the authenticators issued to me and that my password/PIN is classified at the highest level of information on that network [unclassified/ classified], and I will protect it in the same manner as that information. If I know or suspect that my authenticators have been compromised, I will report this information to the DCMA NOSC.
   2. I am responsible for all activities that occur on my individual account.
   3. I will ensure that any password I have is changed every 60 days or IAW with DoD directives.
   4. I understand that any password I have must comply with DoD guidance. A strong password consists of at least 15 characters with two each of uppercase, and lowercase letters, numbers, and special characters. I will not use my user ID, common names, birthdays, phone numbers, military acronyms, call signs or dictionary words as passwords.
   5. I understand that if I am using password-based authentication for any system[s], I must not use the same password for any of the following: domains of differing classification levels; more than one domain of a classification level [e.g., internal agency network and Intelink]; more than one privilege level [e.g., user, administrator]; and/or personal devices and accounts.
   6. I will not store my password on any processor, computer, personal digital assistant [PDA], personal electronic device [PED], smartphone or any removable media, or password-management software [e.g. Lastpass, etc.] unless approved by the Authorizing Official [AO].
   7. I understand that I am responsible for logging into all of my account[s], at least once every 30 days to prevent my account from being disabled IAW CJSCI 6510.01F, “Information Assurance [IA] and Support to Computer Network Defense [CND].”


2. Classified information processing. The DCMA SIPRNET is a US-only system approved to process classified information up to and to include SECRET information.
   1. All SIPRNet users must complete the required security training IAW DCMA INST 552.
   2. The classified network provides communication to external DoD organizations using the DoD SIPRNET.
   3. The classified network is authorized for SECRET And Below Information [SABI].
   4. The classification boundary between classified network and unclassified network requires vigilance and attention by all users. The classified network is also a US-only system and not accredited for transmission of North Atlantic Treaty Organization [NATO] material.
   5. Handling and control procedures of printed output from SIPRNET are identified in DCMA-INST 552
   6. Users are NOT permitted to print from SIPRNET and then scan that document onto NIPRNET unless approved and authorized by DSS, this can result is a classified data spillage and security violations given to those parties involved.
   7. The ultimate responsibility for ensuring the protection of information lies with the user. The user is responsible for ensuring the information they process is handled and stored IAW the classification guidance. Spillages which occur from improper management of classified information are considered a security violation and will be investigated thoroughly. If I suspect a spillage, I will immediately notify the Computer Network Defense [CND] Detect Team at .


3. Unclassified Information Processing.The NIPRNet is the primary network used by DCMA.
   
   1. The DCMA NIPRNet provides unclassified communication to external DoD and other USG organizations. Primarily this is done via electronic mail and web browsing.
   2. The DCMA NIPRNet is approved to process UNCLASSIFIED, CUI information.
   3. The DCMA NIPRNet provides access to the Internet. As such, email and attachments may be vulnerable to interception. Email containing private information must be digitally signed and encrypted. In addition, PII, residing on laptops, PDAs, or removable storage media such as compact discs, shall be treated as CUI data and encrypted. PII is defined as information about an individual that identifies, links, relates, is unique to, or describes him or her; this includes, but is not limited to Social Security Numbers, age, military rank, civilian grade, medical, date and place of birth, mother’s maiden name, and biometrics records.
   4. I understand that I am responsible for safeguarding of CUI that I may have access to while performing official duties. I also understand that I may be subject to disciplinary action for failure to properly safeguard CUI, for improperly using or disclosing such information, and for failure to report any known or suspected loss of the unauthorized disclosure of such information.


4. Security Requirements. As a Classified Network and/or Unclassified system user, the following minimum security rules and requirements apply:
   1. General.  
      1. I will not access the Classified Network and/or the Unclassified Network unless in complete compliance with DCMA’s personnel security requirements.
      2. I have completed Cybersecurity Awareness Training. I will participate in all training programs as required before receiving system access.
      3. I will use only authorized hardware and software. I will not install/connect or use any personally owned hardware, software, shareware, or public domain software. All software installed on DCMA ISs must be approved prior to install. Approved software is listed on the DCMA Approved Software List. Any software not listed on the Approved Software List is prohibited. All new software products must go through the systems change request approval process and complete a satisfactory risk assessment.
      4. I agree to abide by software copyrights and to comply with the terms of all licenses.
      5. I will use virus-checking procedures before uploading or accessing information from removable media such as attachment, DVD, or compact disc.
      6. I will not attempt to access or process data exceeding the authorized IS classification level.
      7. I will not alter, change, configure, or use operating systems or programs, except as specifically authorized.
      8. I will not introduce executable code [such as, but not limited to, .exe, .com, .vbs, or .bat files], nor will I write malicious/unauthorized code/scripts.
      9. I will safeguard and mark with the appropriate classification level all information created, copied, stored, or disseminated from the IS and will not disseminate it to anyone without a specific need to know.
      10. I will not utilize DCMA-provided ISs for commercial financial gain or illegal activities.
      11. Maintenance will be performed by the System Administrator [SA] only.
      12. I understand that computers need to be updated regularly and that I am responsible for ensuring that my DCMA-issued assets are connected to the DCMA network in order to receive patches. I understand that most patches are pushed overnight in order to avoid impacting system and network performance during the day. I understand that I understand that I am responsible for logging off and restarting my computer daily, and ensuring that it is connected to the DCMA network. Even when I take my DCMA-issued laptop or tablet home, I understand that I am required to leave it plugged in, powered on, and connected to the Internet overnight [e.g., home network, DCMA-issued hotspot, etc.]. If I receive a message on my computer requesting to restart it so updates can be applied, I will restart my computer. I understand that this is vital so the agency remains in a state of compliance with security updates.
      13. I will use screen locks or log off the workstation and remove and secure my CAC when departing the area.
      14. I will immediately report any system problems to the DCMA IT Service Center and cease all activities on the system.
      15. I will immediately report any suspicious output, files, or shortcuts to the DCMA NOSC and cease all activities on the system.
      16. I will address any questions regarding policy, responsibilities, and duties to the DCMA IT Service Center.
      17. I will not run “sniffer,” hacker-related, or malicious software on any Government system [computer, system or network].
      18. I will comply with the security guidance issued by the AO, SISO, and Information Systems Security Manager [ISSMs].
      19. I understand that each IS is the property of DCMA and is provided to me for official and authorized uses. I further understand that each IS is subject to monitoring for security purposes and to ensure that use is authorized. I understand that I do not have a recognized expectation of privacy in official data on the IS and may have only a limited expectation of privacy in personal data on the IS. I realize that I should not store data on the IS that I do not want others to see.
      20. I understand that monitoring of the Classified and Unclassified Networks will be conducted for various purposes and information captured during monitoring may be used for administrative or disciplinary actions or for criminal prosecution and that specifically prohibited activities by any authorized user are listed in DCMA-INST 815. Information captured may be disclosed to law enforcement authorities for investigating or prosecuting violations.
      21. When I no longer require network access or access to specific resources, I will inform my supervisor to have my access removed.
      22. I understand that collaboration and communication tools, including but not limited to email, internet, SharePoint, voice, and video are provided for the advancement of the work of DCMA employees. I will not send or publish unacceptable or unlawful material or remarks, including offensive, abusive or discriminatory comments; material that is threatening, bullying or harassing to another person, or makes excessive or unreasonable demands upon another person; sexually explicit or sexually suggestive material or correspondence; and/or false or defamatory information about a person or organization. I will adhere to DoD and DCMA ethical standards and classification guidelines when using collaboration and communication tools. DCMA DPS-003, “Policy Statement on Harassment,” provides examples of inappropriate behavior and harassment. I understand that these are examples only and not an all-inclusive list of inappropriate behaviors.
      23. I will not use removable flash media unless specifically officially authorized by the AO.
   
   
   2. Mobile / Wireless Device / Removable Media.  
      1. I understand that my government furnished wireless device is provided for official USG and authorized use exclusively. Only authorized information may be stored on or transmitted by this device. Misuse of this device [use outside of official USG and authorized purposes] may subject me to appropriate administrative, disciplinary, criminal, or other adverse actions.
      2. I am the only individual authorized to use the wireless device which is issued to me. I am responsible for physical damage to the device and the confidentiality and integrity of data on the device. Any damage to my issued device will be immediately reported to the DCMA IT Service Center.
      3. I understand that any issued device lost or stolen must be immediately reported to the DCMA IT Service Center.
      4. I understand the wireless device I am issued will be technologically and physically secured. I will maintain accountability of my issued device at all times.
      5. I agree to follow all wireless remote access responsibilities, security measures and annual wireless training requirements identified within the DCMA cybersecurity awareness training program.
      6. I understand that if I notice unusual activity, malfunctions, or abnormalities of this device I will immediately report it to the DCMA IT Service Center. I will not use or attempt to fix the device unless instructed by the DCMA IT Service Center.
      7. I understand that wireless devices connected directly to a DoD-wired network are not permitted simultaneous wireless operation.
      8. I understand that I will not connect my wireless device [or any of its components, to include but not limited to: SIM cards, batteries, cables] to other GFE and/or non-GFE or personal computing equipment, including personal laptops [e.g., tethering or wireless personal area network [WPAN], air card use, or device synchronization [hot-synch]], cell phones, or smartphone devices unless approved by the AO. I will not enable unauthorized functionality of the device.
      9. I understand my mobile device is specifically limited to operation within the country of issue. Use of my device outside the country of issue will result in excessive charges to the Government and are not authorized. I will immediately contact the DCMA IT Service Center and request a change in voice/data plan if utilization of the device outside the country of issue is required. I understand written approval must be received prior to operation of the device outside the country of issue and any excess charges incurred without written authorization will be my responsibility.
      10. I understand that I must advise the DCMA IT Service Center if I am traveling outside of the country and request to take my DCMA-issued mobile devices. I will be advised as to what, if any, DCMA mobile devices I will be permitted to take. I will not take DCMA-issued devices without authorization. I will adhere to my DCMA training and protect my mobile devices.
      11. Use of public Wi-Fi hotspots [e.g., coffee shops, libraries, universities, airports, or hotels] is discouraged and should only be used as a last resort. Preferred method of Wi-Fi connection is government provided mobile hotspot and secure private network [i.e., home or contractor owned].
      12. I understand that I must exercise Operations Security [OPSEC] at all times when using any government issued device. During use, I will position this wireless device display to prevent the inadvertent disclosure of viewed information by unauthorized users.
      13. I understand when transferring sensitive DoD information via email, I must sign and encrypt messages using DoD Public Key Infrastructure [PKI] credentials.
      14. I acknowledge that wireless devices are not permitted in any areas where classified documents or information is transmitted, received, stored, or processed.
      15. I acknowledge that wireless devices users will comply with all policies and procedures that govern their use both internal and external to DCMA.
      16. I acknowledge that wireless devices with still image or video recording capability are not permitted in any areas where classified documents or information is transmitted, received, stored, or processed.
      17. I acknowledge that wireless devices with still image or video recording capability may require a permit for use in contractor facilities and that I am responsible for verifying this prior to use.
      18. I understand that if classified information is inadvertently sent, accessed, or stored on this device, I must immediately turn off and/or remove the battery from the device and contact the DCMA NOSC.
      19. I will not configure my issued wireless device to download, install, or use unauthorized applications or Non-DoD e-mail accounts [e.g. AOL, Yahoo, Gmail, etc.] IAW NIST 800-124.
      20. I acknowledge that only authorized government furnished wireless devices [e.g., CAC readers, and headsets/hands free devices] may be synchronized to this wireless device.
      21. I acknowledge that text messaging applications [e.g., Short Message Service [SMS] and Multimedia Messaging Service [MMS], or similar capabilities] are not authorized for the transmission, receipt, storing, or processing of Controlled Unclassified Information [CUI], FOUO information, Privacy Act information, and PII.
      22. I understand that information stored on my government furnished external hard drive cannot be stored or processed on a personally owned system. Connecting a government furnished external hard drive to a personal system is prohibited unless specifically authorized by the AO.

By signing this document, you acknowledge and consent that when you access Department of Defense [DoD] information systems:

1. You are accessing a U.S. Government [USG] information system [IS] [which includes any device attached to this information system] that is provided for U.S. Government authorized use only.
2. You consent to the following conditions:
1. The U.S. Government routinely intercepts and monitors communications on this information system for purposes including, but not limited to, penetration testing, communications security [COMSEC] monitoring, network operations and defense, personal misconduct [PM], law enforcement [LE], and counterintelligence [CI] investigations.
2. At any time, the U.S. Government may inspect and seize data stored on this information system.
3. Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any U.S. Government-authorized purpose.
4. This information system includes security measures [e.g., authentication and access controls] to protect U.S. Government interests--not for your personal benefit or privacy.
5. Notwithstanding the above, using an information system does not constitute consent to personnel misconduct, law enforcement, or counterintelligence investigative searching or monitoring of the content of privileged communications or data [including work product] that are related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Under these circumstances, such communications and work product are private and confidential, as further explained below:
   • Nothing in this User Agreement shall be interpreted to limit the user's consent to, or in any other way restrict or affect, any U.S. Government actions for purposes of network administration, operation, protection, or defense, or for communications security. This includes all communications and data on an information system, regardless of any applicable privilege or confidentiality.
   • The user consents to interception/capture and seizure of ALL communications and data for any authorized purpose [including personal misconduct, law enforcement, or counterintelligence investigation]. However, consent to interception/capture or seizure of communications and data is not consent to the use of privileged communications or data for personnel misconduct, law enforcement, or counterintelligence investigation against any party and does not negate any applicable privilege or confidentiality that otherwise applies.
   • Whether any particular communication or data qualifies for the protection of a privilege, or is covered by a duty of confidentiality, is determined in accordance with established legal standards and DoD policy. Users are strongly encouraged to seek personal legal counsel on such matters prior to using an information system if the user intends to rely on the protections of a privilege or confidentiality.
   • Users should take reasonable steps to identify such communications or data that the user asserts are protected by any such privilege or confidentiality. However, the user's identification or assertion of a privilege or confidentiality is not sufficient to create such protection where none exists under established legal standards and DoD policy.
   • A user's failure to take reasonable steps to identify such communications or data as privileged or confidential does not waive the privilege or confidentiality if such protections otherwise exist under established legal standards and DoD policy. However, in such cases the U.S. Government is authorized to take reasonable actions to identify such communication or data as being subject to a privilege or confidentiality, and such actions do not negate any applicable privilege or confidentiality.
   • These conditions preserve the confidentiality of the communication or data, and the legal protections regarding the use and disclosure of privileged information, and thus such communications and data are private and confidential. Further, the U.S. Government shall take all reasonable measures to protect the content of captured/seized privileged communications and data to ensure they are appropriately protected.
1. In cases when the user has consented to content searching or monitoring of communications or data for personnel misconduct, law enforcement, or counterintelligence investigative searching, [i.e., for all communications and data other than privileged communications or data that are related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants], the U.S. Government may, solely at its discretion and in accordance with DoD policy, elect to apply a privilege or other restriction on the U.S. Government's otherwise-authorized use or disclosure of such information.
2. All of the above conditions apply regardless of whether the access or use of an information system includes the display of a Notice and Consent Banner ["banner"]. When a banner is used, the banner functions to remind the user of the conditions that are set forth in this User Agreement, regardless of whether the banner describes these conditions in full detail or provides a summary of such conditions, and regardless of whether the banner expressly references this User Agreement.

By signing this user agreement, I am acknowledging that I accept and will abide by all the terms and conditions described above. I have read the above requirements regarding use of DCMA’s systems. I understand my responsibilities regarding these systems and the information contained in them. This agreement must be reviewed and acknowledged annually from the date signed by the user or until an updated version of this acceptable use policy takes effect, whichever is sooner.

When can you check personal email on your Government

Under what circumstances is it acceptable to use your Government

When can you use your removable media on a Government system?

What can help protect the data on your personal mobile device?