This is a list of general computer use policies and security rules that apply to all users of General Atomics (GA) Fusion Group's Department of Energy computers and network. Users are responsible for reading, understanding, and adhering to these policies and rules. Users are to retain a copy of this document for reference and audit purposes.

Computer Use	All computer systems, software, and network systems provided by the DOE are to be used exclusively for DOE-sponsored work.
User Accountability	Users are accountable for their actions and may be held liable to administrative or criminal sanctions for any unauthorized actions found to be intentional, malicious, or grossly negligent.
Passwords and User IDs	A user identifier (username) and password are required of all users. Passwords must be greater than 8 characters long, not found in a dictionary, and must have at least 2 alphabetic and at least one numeric or special character, provided such passwords are allowed by the operating system or application. Numeric characters must not be the first or last positions of the password. Passwords must not be based on common names, family names, or simple letter patterns. Passwords should be changed every 6 months or as soon as possible after an unacceptable exposure or suspected compromise or when directed by management. HINTS AND GUIDELINES FOR PASSWORD CHOICES: The password should not contain the user ID, birth day, birth year, license plate number, employee number, Social Security number, phone number, or any personal information that could be readily learned or guessed. The password chosen for use at General Atomics should be different than passwords used elsewhere. The password should not use any name or phrase that would easily be associated with the user (e.g., spouse's name, children's name, car's name, etc). Passwords should not be shared except in an emergency or operational necessity. In such cases, the password needs to be changed as soon as possible after the situation is cleared.   Passwords should not be posted in an easily accessible area (e.g., under the keyboard, written on the white board, a post-it note on the terminal, etc). An easy way to create a password is to use a pass phrase based on an easily remembered sentence. For example, use the first letter of each word of the sentence and include capitalization and punctuation. Do not store your passwords in a file or within an application unless it is encrypted.
Unauthorized Access	Users are not to attempt to enter computer systems by any means other than their own account. Users are not to use Email in a fraudulent manner, either by faking another's identity or by sending messages of inappropriate content. Users are prohibited from intercepting messages or files by impersonating another user or person. Users are not to attach any equipment to the network without prior approval from the Fusion Computer Administrator.
Software License	All software used on all GA computers must be appropriately acquired and used according to the appropriate licensing. Possession or use of illegally copied software is prohibited. Likewise, users shall not copy copyrighted software, except as permitted by the owner of the copyright.
Sensitive Processing	Fusion computer users are prohibited from processing or storing sensitive unclassified or classified data on any Fusion computer. If the need arises for this type of processing, then the Computer Program Protection Manager (CPPM) must be contacted.
Data Protection	Users are advised to take appropriate measures to protect information and applications. Computers and network systems are inherently insecure. It is each user's responsibility to ensure that adequate protective measures are used to transmit and secure data.
Other Restrictions	Users are prohibited from changing or circumventing access controls to allow themselves or others to perform actions outside their authorized privileges. Users are not allowed to reconstruct or recreate information or software for which they are not authorized. Users are prohibited from taking unauthorized actions to intentionally modify or delete information or programs. Users must not introduce or use malicious software such as computer viruses, Trojan horses, or worms. Users may not deliberately interfere with other users accessing system resources.
Waste, Fraud, and Abuse	The DOE Unclassified Computer Security Program requires that DOE unclassified computers be protected from abuse and misuse. All users are required to address, safeguard against, and report misuse, abuse, and criminal activities. Fusion computer administrators are required to review the contents of computer files at unannounced intervals and by means of random sampling. Misuse of Fusion/DOE resources can lead to temporary or permanent disabling of accounts, administrative actions, and/or prosecution.
Incidental Use	Minor incidental personal use of DOE equipment is allowed if: it does not involve illegal activites, it does not involve personal gain, it does not violate GA policies, it does not embarrass GA, the Fusion Group, or the DOE, and it does not consume excessive resources or interfere with the work of the Fusion Group.
Network Access Only	On occasion, a computer user may require network access only to the Fusion Group Local Area Network (LAN). This access takes place in "DOE cyber space"; that is, a network that includes DOE computer resources. Because of this cyber proximity, the policies and procedures outlined above apply to this type of access
Wireless Access	Wireless access is provided as a convenience to registered users. Such access is usually available in conference rooms during meetings. It may be available in the DIII-D Control Room or other group areas. The wireless network connects to the Fusion LAN and is, therefore, governed by the above Policies and Procedures.
Mobile Computing Devices	All network-enabled devices must be cleared by the Desktop Support Group before accessing the Fusion network. All visitors' computers must have current security patches installed and be running anti-virus software with current signatures files. All GA-provided computers (mobile as well as stationary) should have security patches and anti-virus signatures updated automatically. Exceptions to this must be cleared by the Desktop Support Group.