PRObE User Agreement

Version 1, Dated: 2013-02-01

1 Introduction

2 Requirements

2.1 Account Management

2.1.1 No Sharing Account

2.1.2 Required information

2.1.2.1 Automatically collected information

2.1.3 Protecting Passwords

2.1.4 Authorized/Acceptable Use

2.1.4.1 Authorized Use

2.1.4.2 Acceptable Behavior

2.1.4.3 Acceptable Use

2.1.5 Reporting Suspicious Activity

2.3 Data Confidentiality

2.3.1 Confidential Data

2.3.1.1 Proprietary Data

2.3.1.2 "Regulated" Data

2.3.1.3 Sensitive but Unclassified Data

2.4 Intellectual Property

2.4.1 Acknowledgment

2.4.2 Software Development

2.4.3 Publication

2.4.4 Non-Academic User Requirements

2.5 Software Licenses

2.6 Final Reports

2.7 Additional Requirements

3 Penalties

3.1 Account Suspension/Revocation

3.2 Loss of Allocation

3.3 Administrative Action

3.4 Civil Penalties

3.5 Criminal Penalties

4 Disclaimers

4.1 Additional requirements

4.2 Support/Diagnostic Access

4.3 Monitoring

4.4 Access Notification

4.5 Non-Liability

5 Guidelines

5.1 Password Management

5.2 Reporting Suspicious Activity

5.2.1 Password Exposure

5.2.2 Certificate Exposure

5.2.3 Account Compromise or Suspicious Activity

6 Contacts

6.1 General Assistance

6.2 Suspicious Behavior

6.3 Password and Certificate Changes

6.4 Exposure of Passwords, Passphrases, etc.

7 Acceptance Statement

Introduction

The New Mexico Consortium's (NMC) PRObE computing facility (which includes its hardware, software, network connections, and data), of 4200 West Jemez Road, Suite 301, Los Alamos, New Mexico 87544, is a limited resource for the scientific community. Therefore NMC has an obligation to protect that facility and ensure that it is used properly. Additionally, NMC has legal and other obligations to protect resources and the intellectual property of its users.

Because we cannot do this job alone, we depend on your cooperation. Responsible conduct on your part helps ensure that the maximum amount of CPU time is available to you and other researchers.

Failure to use these resources properly may result in various penalties, including civil and criminal action.

By clicking “I Accept” for this Agreement you assert that you have readunderstood, and agree to the responsibilities stated here. NMC requires this agreement to enable/continue your account. If you have any questions about this document, please use the contact(s) identified in §6.1 to discuss the issues.

2 Requirements

2.1 Account Management

PRObE is federally funded through the NSF and external Internet access is provided through U.S. Government sponsored links.  The PRObE Management Group must ensure that computational resources are used in a manner consistent with the purpose and scope stated in our agreements with NSF and ESNet. We have taken reasonable measures to ensure appropriate usage, including monitoring of all gateway usage by the community. Any user information collected shall be used for this purpose, and may be disclosed to local, state, or federal law enforcement if the NMC is subpoenaed for such information.

You as a user also have responsibilities to protect your account from unauthorized use; this section outlines your responsibilities.

2.1.1 No Sharing Account

User accounts are created and intended for a one person only. It is not to be shared with others; neither students nor other collaborators. User certificates (i.e., ssh public keys) are not to be shared either.

2.1.2 Required information

The NMC will collect information about each user accessing PRObE systems. Such information may include, but is not limited to:

  1. Name, address (work and home), telephone number, affiliation, email address
  1. IP address and DNS name of the computer used to access PRObE gateway machines
  2. Current estimated long-term disk storage requirements for the project
    (this can be modified in the future to accommodate gateway growth)
2.1.2.1 Automatically collected information

Whenever you access any PRObE compute resources you automatically agree to have information about you collected. This information includes, but is not limited to:

  1. Logging of users IP address, UTC timestamp, and username
  2. Means by which access to the compute resource was requested (ssh, www, etc...)
  3. Any compute resources requested like number of nodes and cpu hours used
  4. Idle time during resource allocations

2.1.3 Protecting Passwords

Passwords and certificates are the keys to account access. You are responsible for protecting your passwords and certificates. Protection includes not sharing passwords, not writing passwords down where they can be easily found, and not using tools which expose passwords on the network (e.g., telnet). See the Guidelines section (§5) for more information.
The private key portion of a certificate is the equivalent of a password. You are responsible for ensuring that file and directory permissions prevent others from reading or copying any private keys.

2.1.4 Authorized/Acceptable Use

Having an account does not confer upon you the right to do whatever you might wish to with that account.

2.1.4.1 Authorized Use

Your account is granted for the activity stated on your application. Your use of the account should be limited to that activity.

2.1.4.2 Acceptable Behavior

The following activities are explicitly considered unacceptable and are subject to the penalties outlined below:

  1. using, or attempting to use, NMC computing resources without authorization or for purposes other than those stated on your application for computer time;
  2. tampering with or obstructing the operation of the facilities;
  3. reading, changing, distributing, or copying others' data or software without authorization;
  4. using NMC resources to attempt to gain unauthorized access to other (non-NMC) sites;
  5. activities in violation of local or federal law.

2.1.4.3 Acceptable Use

NMC has acquired access to the Internet through the Energy Science Network (ESNet). The ESNet Acceptable use policy (http://www.es.net/about/governance/ESnet- Acceptable-Use-Policy/) therefore also applies to all network connectivity to the PRObE facility.

2.1.5 Reporting Suspicious Activity

You are responsible for reporting, as soon as possible, suspicious activity on your account, or exposure or compromise of passwords, passphrases, or certificates. See §5 for reporting procedures.

2.3 Data Confidentiality

It is your responsibility to ensure the confidentiality of any intellectual property or other confidential data used on NMC resources.

NMC provides technology to preserve the confidentiality of data, but it is your responsibility to use that technology appropriately.

2.3.1 Confidential Data

Some of your data may not be considered intellectual property but may have confidentiality requirements. It is your responsibility to be aware of those requirements and verify whether or not NMC's site has the capabilities appropriate to the level of protection required.

2.3.1.1 Proprietary Data

Proprietary or private data (which may also be considered intellectual property) may have confidentiality requirements imposed by the owner of the data.

2.3.1.2 "Regulated" Data

Some data may not be explicitly confidential but may have a confidentiality requirement due to various laws or organizational policies. It is your responsibility to be aware of those requirements and verify that NMC's site can provide appropriate protection. Also be aware that some sites may be subject to state laws, which impose requirements on any data stored on those sites. Note that data with personal identifying information (e.g., Social Security Numbers) and medical records as defined by the federal Health Insurance Portability and Accountability Act (HIPAA) are not to be kept on NMC’s site without prior express written permission from NMC.

2.3.1.3 Sensitive but Unclassified Data

Some types of data or resources may be considered "Sensitive but Unclassified" by the Federal government, and thus may have restrictions and protection requirements. It is your responsibility to be aware of those requirements and verify that NMC's site can provide appropriate protection. Furthermore, such data is not to be kept on NMC’s site without prior express written permission from NMC.

2.4 Intellectual Property

You have specific responsibilities with regard to intellectual property used on NMC resources.

2.4.1 Acknowledgment

Papers, publications, and web pages of any material, whether copyrighted or not, based on or developed under NMC-supported projects must acknowledge this support by including the following paragraph:

"This material is based upon work supported by the National Science Foundation under the following NSF program: Parallel Reconfigurable Observational Environment for Data Intensive Super-Computing and High Performance Computing (PRObE)."

In addition, a copy of each publication must be emailed to probe@newmexicoconsortium.org. More information on publications can be found at http://www.nmc-probe.org/publications/.

2.4.2 Software Development

Software developed with allocations approved by NSF, or by proxy, via the allocations processes governing allocation of NMC resources, is subject to the NSF General Grant Conditions (GC-1) and thus certain copyright restrictions apply. In the January 2013 revision of this (http://www.nsf.gov/awards/managing/general_conditions.jsp?org=NSF), this issue is specifically addressed in Article 24. Copyrightable Material.

2.4.3 Publication

Work performed under a peer-reviewed allocation must be published in the open literature.

2.4.4 Non-Academic User Requirements

Non-academic (corporate/industrial, government, etc.) users frequently have more stringent usage requirements than those that might be required by NMC. It is the user's responsibility to assure the resources used satisfy the requirements of their organization.

2.5 Software Licenses

All software used on NMC systems must be appropriately acquired and used according to the specified licensing. Possession or use of illegally copied software is prohibited. Likewise users shall not copy copyrighted software or materials, except as permitted by the owner or the copyright. Some software installed on NMC resources may require special authorization in order to be used. Users must abide by the requirements for protecting it from misuse.

2.6 Final Reports

Requests for subsequent allocation awards will not be allowed until an end of project report has been received for all prior awards for the specific project. It is recommended that renewals and continuing projects also include a copy of prior award final reports as an attachment to the submitted proposal.

2.7 Additional Requirements

Individual sites may be subject to state/local laws and/or have organizational policies with additional requirements beyond this policy.

Those organizations will make those policies available. It is your responsibility to be aware of and abide by those policies.

3 Penalties

Failure to abide by this agreement may result in a variety of penalties imposed.

3.1 Account Suspension/Revocation

Accounts may be temporarily suspended or permanently revoked if compromised or abused.

Your account may be suspended without advance notice if there is suspicion of account compromise, system compromise, or malicious or illegal activity.

3.2 Loss of Allocation

This policy can result in loss of your current allocation and possibly the inability to obtain future allocations.

3.3 Administrative Action

Abusive activity may be reported to your home institution for administrative review and action.

3.4 Civil Penalties

Civil remedies may be pursued to recoup costs incurred from unauthorized use of resources or incident response due to compromise or malicious activity.

3.5 Criminal Penalties

Activities in violation of federal, state, or local law may be reported to the appropriate authorities for investigation and prosecution.

4 Disclaimers

4.1 Additional requirements

As stated in §2.7your local site may be subject to requirements beyond the scope of this document.

4.2 Support/Diagnostic Access

Authorized NMC site personnel may review all data and activities on the PRObE systems. for the purposes of aiding an individual or providing diagnostic investigation for NMC systems.

4.3 Monitoring

User activity may be monitored as allowed under policy and law for the protection of data and resources.

Any or all uses of this system and all files on this system may be intercepted, monitored, recorded, copied, audited, inspected, and disclosed to authorized site or law enforcement personnel, as well as authorized officials of other agencies, both domestic and foreign. By using this system, the user consents to such at the discretion of authorized site personnel.

4.4 Access Notification

Access to user data and communications will not normally be performed without explicit authorization and/or advance notice unless exigent circumstances exist. Post-incident notification will be provided in such cases.

4.5 Non-Liability

You do hereby release, relieve, discharge, indemnify and hold harmless NMC Inc. , its officers, trustees, employees, agents and representatives, and PRObE committee members from any and all liability or claim of liability, whether for personal injury, property damage, or otherwise, arising out of or in connection with your access to and use of NMC’s facility. You and your home institution accept full responsibility for your acts and omissions during your use of the facility. You understand and agree that NMC makes no representations as to the condition of its facility and you accept it “as is” for its intended purposes, having been given the opportunity to inspect the facility to your satisfaction. You understand that the facility is being made available for the intended purpose on the condition that your presence and activities, including the presence and activities of others associated with you and your use of the facility, will not unduly interfere with or disrupt the normal operations of NMC and the normal users of the facility.

5 Guidelines

The following are suggestions for helping maintain the security of your account.

5.1 Password Management

  1. Do not write down your password where it can be easily found and/or associated with your account.
  2. Do not tell anyone your password, not even NMC support staff. Support staff will never need your password, will never ask for it, and will never send a password in e- mail, set them to a requested string, or perform any other activity which could reveal a password.
  3. If someone insists that they need your password to do something, report it to the NMC technical support attechsupport@newmexicoconsortium.org.
  4. Do not store your password(s) in unencrypted files or even in encrypted files if possible.
  5. Pick passwords that are difficult to guess. Birthdays, family names, and single dictionary words are examples of easily guessed passwords.
  6. Change your password periodically, even if you have no reason to believe that anyone else has it.

5.2 Reporting Suspicious Activity

(See §6 below for appropriate contacts)

5.2.1 Password Exposure

If you think that your password may have been compromised or exposed, but have no reason to believe that your account has been used, change your password immediately.

5.2.2 Certificate Exposure

If you believe that your certificate has been exposed, revoke your certificate and have a new one issued.

5.2.3 Account Compromise or Suspicious Activity

If you believe that your account has been compromised or you find signs of suspicious activity, take the following actions:

  1. notify the NMC helpdesk immediately techsupport@newmexicoconsortium.org
  2. do not modify files found in your account
  3. do not execute unknown programs you might find
  4. if possible, do not use your account until the issue is resolved

Some indications of account compromise include:

  1. files in your home directory or project areas which you did not create
  2. alteration or deletion of your files not done by you
  3. discrepancies between your allocation balance and what you think you have used

6 Contacts

6.1 General Assistance

For general assistance in understanding this policy and how to fulfill your responsibilities under this policy, contactprobe@newmexicoconsortium .org.

6.2 Suspicious Behavior

Suspicious activity, which may indicate an account or system compromise, should be reported to the NMC helpdesk:techsupport@newmexicoconsortium.org

6.3 Password and Certificate Changes

Contact techsupport@newmexicoconsortium.org for assistance in changing your password, passphrase, or revoking and issuing a new certificate.

6.4 Exposure of Passwords, Passphrases, etc.

Contact techsupport@newmexicoconsortium.org for assistance.

7 Acceptance Statement

By clicking “I Accept”, you acknowledge that you have read the NMC User Agreement and understand and agree to the contents thereof. You also acknowledge that you will abide by the stated policies and procedures to the best of your ability, and that you are also under obligation to abide by any future changes to the NMC PRObE User Agreement. All users will be notified when changes are made to the NMC PRObE User Agreement. The current NMC PRObE User Agreement can also be found on the NMC web site (http://www.nmc-probe.org/policies/user-agreement).

 

© 2017 New Mexico Consortium