Text

September 21st, 2017 MEMORANDUM TO: Those on the Attached List FROM: David J. Nelson /RA/

Chief Information Officer

SUBJECT:

COMPUTER SECURITY RULES OF BEHAVIOR POLICY VERSION 1.5 The purpose of this memorandum is to provide the updated policy on U.S. Nuclear Regulatory Commission (NRC) Agency-wide Rules of Behavior for Authorized Computer Use, hereafter referred to as the rules of behavior. The Office of the Chief Information Officer (OCIO) reviews the rules of behavior annually and updates them as necessary. Updates to the policy were necessary to address new technical capabilities in the NRC environment and to reflect policy changes.

Although I recently sent you version 1.4 of the rules of behavior, emerging issues regarding use of information technology for personal business have indicated a further update of the rules of behavior is appropriate. Version 1.5 clarifies rules regarding appropriate personal use of information technology.

The rules of behavior apply to all NRC employees, contractors, vendors, and agents (users) who have access to any system operated by the NRC, by a contractor, or by an outside entity on behalf of the NRC. This policy does not apply to licensees.

The rules of behavior are effective immediately upon acknowledgement. All current users are required to review and acknowledge the enclosed rules of behavior as part of the required annual computer security awareness training, starting in fiscal year 2018. All new NRC employees will be required to review and acknowledge the rules of behavior within one week of employment at NRC and then acknowledge as current users thereafter.

Office Directors and Regional Administrators are responsible for ensuring that all users acknowledge the rules of behavior annually. Training on the rules of behavior is available for organizations upon request.

CONTACT: Kathy Lyons-Burke, OCIO 301-415-6595

Please ensure that all of your staff acknowledges the rules of behavior as part of the computer security awareness course completion. Separately, I will provide the policy to NRC staff via an NRC Yellow Announcement. A network announcement will be provided to all users when the computer security awareness course is available via the iLearn system.

Enclosures:

As stated

MEMORANDUM TO THOSE ON THE ATTACHED LIST DATED:

SUBJECT:

COMPUTER SECURITY RULES OF BEHAVIOR POLICY VERSION 1.5 E-Mail Mail Stops Andrea D. Veil, Executive Director, Advisory Committee RidsACRS_MailCTR Resource on Reactor Safeguards E. Roy Hawkens, Chief Administrative Judge, Atomic Safety RidsAslbpManagement Resource and Licensing Board Panel Margaret M. Doane, General Counsel RidsOgcMailCenter Resource Brooke P. Clark, Director, Office of Commission Appellate RidsOcaaMailCenter Resource Adjudication Maureen E. Wylie, Chief Financial Officer RidsOcfoMailCenter Resource Hubert T. Bell, Inspector General RidsOigMailCenter Resource Nader L. Mamish, Director, Office of International Programs RidsOipMailCenter Resource Eugene Dacus, Director, Office of Congressional Affairs RidsOcaMailCenter Resource David A. Castelveter, Director, Office of Public Affairs RidsOpaMail Resource Annette Vietti-Cook, Secretary of the Commission RidsSecyMailCenter Resource RidsSecyCorrespondenceMCTR Resource Victor M. McCree, Executive Director for Operations RidsEdoMailCenter Resource Frederick D. Brown, Deputy Executive Director for Materials, RidsEdoMailCenter Resource Waste, Research, State, Tribal, Compliance, Administration, and Human Capital Programs, OEDO Michael R. Johnson, Deputy Executive Director for Reactor RidsEdoMailCenter Resource and Preparedness Programs, OEDO Robert J. Lewis, Assistant for Operations, OEDO RidsEdoMailCenter Resource Cynthia A. Carpenter, Director, Office of Administration RidsAdmMailCenter Resource David J. Nelson, Chief Information Officer RidsOCIO Resource Patricia K. Holahan, Director, Office of Enforcement RidsOeMailCenter Resource Kimberly A. Howell, Director, Office of Investigations RidsOiMailCenter Resource Miriam L. Cohen, Chief Human Capital Officer RidsOchcoMailCenter Resource Vonna L. Ordaz, Acting Director, Office of New Reactors RidsNroOd Resource (I)

RidsNroMailCenter Resource (A)

Marc L. Dapas, Director, Office of Nuclear Material Safety RidsNmssOd Resource and Safeguards Brian E. Holian, Acting Director, Office of Nuclear Reactor RidsNrrOd Resource (I)

Regulation RidsNrrMailCenter Resource (A)

Michael F. Weber, Director, Office of Nuclear Regulatory Research RidsResOd Resource (I)

RidsResPmdaMail Resource (A)

Pamela R. Baker, Director, Office of Small Business and Civil RidsSbcrMailCenter Resource Rights K. Steven West, Acting Director, Office of Nuclear Security RidsNsirOd Resource (I) and Incident Response RidsNsirMailCenter Resource (A)

Daniel H. Dorman, Regional Administrator, Region I RidsRgn1MailCenter Resource Catherine Haney, Regional Administrator Region II RidsRgn2MailCenter Resource Cynthia D. Pederson, Regional Administrator, Region III RidsRgn3MailCenter Resource Kriss M. Kennedy, Regional Administrator, Region IV RidsRgn4MailCenter Resource

COMPUTER SECURITY RULES OF BEHAVIOR POLICY VERSION 1.5 Date: 09/21/2017 DISTRIBUTION:

F/O r/f ADAMS Accession No.: Pkg.: ML17248A012; Memo: ML17244A089 Encl.: ML17244A084 Rules of Behavior Encl.: ML17244A086 Acknowledgement Statement *Concur via e-mail OFFICE OCIO OCHCO/ADHROP ADM/DFS NAME KLyons-Burke BSanford* TPulliam*

(BSmith for) (SSchoemann for)

DATE 09/19/2017 09/13/2017 09/08/2017 OFFICE OGC CISO OCIO/D NAME GHenderson* JFeibus* DNelson DATE 09/06/2017 09/19/2017 09/21/2017 OFFICIAL RECORDS COPY