Abstract

Rules of Behavior define user responsibilities and expected behavior. Users are expected to read and acknowledge the rules of behavior before access to a system is granted. Rules should be unique for a specific information system. The acknowledgment may take the form of a signed, hard copy document. More often, the acknowledgment occurs digitally when a user first accesses the system. Rules of behavior may be different for internal users and external users. Rules may define specific requirements for accessing system resources. For example, approved Web browsers with appropriate security capability may be required. It is the user’s responsibility to comply with this requirement. Agencies might require ...