Skip to main content 

Rules of Behavior

In accordance with the Office of Management and Budget (OMB) Memorandum M-06-16, Protection of Sensitive Agency Information , and to protect the confidentiality, integrity and availability of the U.S. Office of Personnel Management’s (OPM’s) SFS website, rules of behavior on the safe handling of data must be followed when accessing Personally Identifiable Information (PII) in SFS. The loss of PII can result in substantial harm, embarrassment, and inconvenience to individuals and may lead to identity theft or other fraudulent use of the information.

√   I acknowledge that I have access to download Sensitive But Unclassified (SBU) information in the SFS website.

√   I acknowledge my responsibility to ensure the confidentiality, integrity, and availability of SFS information in a manner consistent with its sensitivity.

√   By being granted access to Sensitive But Unclassified (SBU) information , I am obligated to protect this information from unauthorized disclosure.

√   I agree that my obligation to safeguard the confidentiality of Sensitive But Unclassified (SBU) information shall be in effect until a transfer of duties no longer requires access to this data or until termination of my employment.

√   I will obtain, use or disclose such data only in connection with the performance of my official duties solely for authorized purposes. I will not disclose any data to other agencies or persons not expressly authorized to receive or have access to it. I will make any such authorized disclosures in accordance with established regulations and procedures.

√   I will encrypt any PII data downloaded from SFS on any portable storage device, including laptops, PDAs, iPods, thumbdrives, external hard drives, etc.

√   I will erase PII data downloaded from SFS within 90 days unless its official use is still required.

√  I will immediately report any security breach , password compromises, anomalies in system performance, or suspicious activities. I will ensure that security breaches are reported to a Federal incident response center, US-CERT , located within the Department of Homeland Security.

√  I will protect my passwords and authentication tokens from disclosure and loss at all times. I will employ passwords in accordance with SFS’s password policy.

√  I will change my default passwords immediately when assigned. I will never reveal my passwords to unauthorized individuals. I will not construct my password from obvious personal data, (i.e. social security number, telephone numbers, relative’s names, pet’s name, etc.).

√   I will not allow others to use my User ID and I will not access other users’ accounts. I will not attempt to access accounts or data that are not expressly authorized to me. I understand that I am accountable for all actions taken under my User ID.

√  I understand that any changes in my employment status or changes in my job responsibilities may require my access to be modified or terminated.

√  I will ensure that any work performed remotely or off-site will be provided the same level of protection as provided at the office.

√  I will ensure proper protection and disposition of printed documents containing PII obtained through the SFS website.

√  I understand that all conditions and obligations imposed upon me by these rules apply during the time I am granted access to the SFS website. I understand I am being granted permission to access OPM’s SFS website and data as specified above, and that my use of this access may be monitored for compliance.

√   I understand that any system user who does not comply with these rules is subject to penalties including suspension or cancellation of system privileges and possible criminal prosecution. OPM will enforce the use of penalties against any user who willfully violates Federal system security.

These restrictions are consistent with and do not supersede, conflict with or otherwise alter the employee obligations, rights or liabilities created by Executive Order 12356; Section 7211 of Title 5, United States Code (governing disclosures to Congress); Section 2302(b)(8) of Title 5, United States Code, as amended by the Whistleblower Protection Act (governing disclosures of illegality, waste, fraud, abuse or public health or safety threats); the Intelligence Protection Act of 1982 (50 U.S.C. 421 et seq.) (governing disclosures that could expose confidential Government agents), and the statutes which protect against disclosure that may compromise the national security, including Sections 641, 793, 794, 798 and 952 of Title 18, United States Code, and Section 4(b) of the Subversive Activities Act of 1950 (50 U.S.C. Section 783(b)).

This agreement shall not nullify or affect in any manner any other secrecy or nondisclosure Agreement which I have executed or may execute with the United States Government.