USNA Remote Use Agreement

Remote Use is defined in USNAINST 5230.1 Information Technology and Cybersecurity Policy and Standards. This agreement applies to non-privileged end-use.

I understand and agree that: 

  1. The Acceptable Use Policy for USNA IT Resources, and the Navy User Agreement and Notice and Consent Provisions apply to remote access.
  2. Remote access is for official use only and may not be used for any personal purpose.
  3. Remote access shall only be conducted from a physically secure location safeguarded from theft and eavesdropping.
  4. Remote access will always be attended, and terminated when not in use.
  5. Use of remote access will be monitored, logged, and audited.
  6. Personally owned network devices used for remote access may be confiscated by the US Government in the event of a security incident.
  7. I am responsible for and will:
    1. Configure home network level devices to (1) comply with USNA password complexity policy, and (2) prohibit changing the device settings from outside the home network. Where possible, the home network level device should be configured to (3) use a firewall, (4) use network address translation (NAT), and (5) not be visible to other devices on the Internet. 
    2. Periodically check for and apply firmware and software updates to home network level devices.
    3. Ensure that the Operating System, firmware, and application software of the endpoint device is up to date with respect to all software vulnerability patches applied to systems on the USNA mission network.
    4. Ensure endpoint devices employ on-access virus-scanning and a firewall.
    5. Ensure that multiple network connections are not simultaneously in use (i.e., dual (split) tunneling is NOT permitted).
    6. Ensure that remote access connection security mechanisms currently employed and provided by ITSD are being used (e.g., SSL VPN, 802.1x network access control, endpoint security configuration compliance scanning).
    7. Protect the confidentiality of sensitive information associated with USNA (e.g., PII). Sensitive information for which I am authorized access may be viewed but not be stored on a personally owned endpoint device. I will report unauthorized disclosure to the USNA Information Systems Security Manager.