Minimum Security Requirements and Best Practices
Below are some of the important rules to remember:
- Computers, software, and communications systems provided by NERSC are to be used only for DOE-sponsored work (as determined by the PI's DOE Program Manager). Use of NERSC resources to store, manipulate, or remotely access any national security information is prohibited. This includes, but is not limited to, classified information, unclassified controlled nuclear information (UCNI), naval nuclear propulsion information (NNPI), the design or development of nuclear, biological, or chemical weapons or of any weapons of mass destruction. Personally identifiable information (PII) and HIPPA data are also prohibited from NERSC user systems.
- The use of NERSC resources for personal or non-work-related activity is prohibited. NERSC systems are provided to our users without any warranty. NERSC will not be held liable in the event of any system failure or loss of data.
- All passwords used on computer systems must meet the DOE and NERSC requirements. Passwords and usernames must NOT be shared under any circumstances. Users who share their passwords or usernames will have their access to NERSC disabled. Users should not leave clear-text passwords in a location accessible to others or secured in a location for which protection is less than that required for protecting the information that can be accessed using the password.
- Passwords must be changed:
- At least every six months.
- Immediately after giving your password to someone else.
- As soon as possible, but at least within one business day after a password has been compromised or after you suspect that a password has been compromised.
- On direction from NERSC staff.
- Your password will be disabled if you have three login failures while entering your password on a NERSC machine.
- Users must ensure that appropriate physical security measures are taken to protect their computers and any portable media from unauthorized access, manipulation, or theft.