TABLE OF CONTENTS Rules are made for people who aren t willing to make up their own.
Chuck Yeager
End-User Rules of Behavior are policies that your users agree to abide by before they are allowed access to whatever it is that you are certifying and accrediting. Your End-User Rules of Behavior, and your plans for implementing them, have to be clearly articulated in the Certification Package. Although a Level 1 Certification Package usually doesn t require an official End-User Rules of Behavior, it is still a good idea to put one into place if you have systems that are processing sensitive information.
The End-User Rules of Behavior are the rules that end-users have to agree to before they are allowed access to the information system. Clearly, end users need to know what these rules of the road are before they can agree to them. The agreement should be verified before giving the user access. All end users of the information system being certified, including contractors, should agree to the rules.
End users may already have access to the agency network, or have other logins to other applications. Therefore, the rules of behavior should be unique and specific to the information system that is being certified and accredited. Just because an end user has agreed to the rules for other applications doesn t mean they have agreed to the rules for the application that is up for Accreditation.
The rules of behavior can be implemented either on...
