Sit(x) RoB

Latest Version: July 2022

RULES OF BEHAVIOR FOR EXTERNAL USERS

By accessing the services provided by Sit(x), users agree to abide by the following rules of behavior:

Users must conduct only authorized business on the system

Users level of access to systems and networks owned by Sit(x) is limited to ensure access is no more than necessary to perform the legitimate tasks or assigned duties. If users believe they are being granted access that they should not have, they must immediately notify the Sit(x) Operations Center at pg_product@partech.com.

Users must maintain the confidentiality of their authentication credentials such as password. Do not reveal authentication credentials to anyone; a PAR Government employee or Sit(x) representative should never ask users to reveal them.

Users must follow proper logon/logoff procedures. Users must manually logon to their session; do not store the password locally on the system or utilize any automated logon capabilities. Users must promptly logoff when session access is no longer needed. If a logoff function is unavailable, users must close their browser. Never leave the computer unattended while logged into the system.

Users must report all security incidents or suspected incidents (e.g., lost passwords, improper or suspicious acts) related to Sit(x) systems and networks to the Sit(x) Operations Center at pg_product@partech.com.

Users must not establish any unauthorized interfaces between systems, networks, and applications owned by Sit(x).

Access to systems and networks owned by Sit(x) is governed by, and subject to, all federal laws, including, but not limited to, the Privacy Act, 5 U.S.C. 552a, if the applicable Sit(x) system maintains individual Privacy Act information. Access to Sit(x) systems constitutes consent to the retrieval and disclosure of the information within the scope of authorized access, subject to the Privacy Act, and applicable state and federal laws.

Users must safeguard system resources against waste, loss, abuse, unauthorized use or disclosure, and misappropriation.

Users must not process classified national security information on the system.

Users must not browse, search, or reveal information hosted by Sit(x) except in accordance with that which is required to perform the legitimate tasks or assigned duties.

Users must not retrieve information, or in any other way disclose information, for someone who does not have authority to access that information.

Users must ensure that Web browsers use Secure Socket Layer (SSL) version 3.0 (or higher) and Transport Layer Security (TLS) 1.0 (or higher). SSL and TLS must use a minimum of 128-bit, encryption.

Users must ensure that their web browser is configured to warn about invalid site certificates.

Users must ensure that web browsers warn if the user is changing between secure and non-secure mode.

Users must ensure that their web browser window used to access systems owned by Sit(x) is closed before navigating to other sites/domains.

Users must ensure that their web browser checks for a publisher’s certificate revocation.

Users must ensure that their web browser checks for server certificate revocation.

Users must ensure that web browser checks for signatures on downloaded files.

Users must ensure that web browser empties/deletes temporary Internet files when the browser is closed.

Users understand that any person who obtains information from a computer connected to the Internet in violation of her employer’s computer-use restrictions is in violation of the Computer Fraud and Abuse Act.

Users agree to contact the Sit(x) Chief Information Security Officer or the Sit(x) Operations Center pg_product@partech.com if they do not understand any of these rules.