NIH Secure Remote Computing User Certification Agreement

Read through this document. Click on the “I Agree” button at the bottom of this page to record your acceptance.

An employee, contractor, or other authorized user may be authorized by NIH management to have remote access connectivity to NIH IT resources if there is a clear mission-related need. All such authorized remote access users must meet the following requirements:

  1. All remote access connections and services that connect to NIH resources shall be used only by the authorized individual and for authorized use only.
  2. All authorized users who have been provided remote access to the NIH network or NIH systems must take the annual NIH Information Security and Management Refresher Training at
  3. All remote access must be made from either Government Furnished Equipment (GFE) or Contractor Furnished Equipment (CFE). All authorized users shall ensure that NIH systems and data remain secure from unauthorized disclosure and unauthorized use in accordance with:
    1. NIH IT Security Policies, Standards and Procedures at Viable Via NIH Network, in particular:
      1. The NIH IT General Rules of Behavior at Viable Via NIH Network
      2. The NIH Remote Access Policy at Viable Via NIH Network
    2. HHS Cybersecurity Program Policies, Standards and Other Documents at Viable Via NIH Network
    3. Local Institute/Center (IC) IT security and remote access policies.
  4. Authorized users are also responsible for:
    1. Ensuring that systems are secure and that anti-virus software is installed, running, and updated regularly on all end user remote access systems prior to using them.
    2. Ensuring that they use and store sensitive information on NIH servers when feasible. If not possible, sensitive information should only be stored on GFE or CFE. It must never be stored on personally owned equipment.
    3. Reimbursing the government for any unauthorized use of government resources (by self or other individuals) or damages that result in charges to the IC that result from inappropriate use.
    4. Notifying their Administrative Officer and supervisor when remote access resources and services are no longer required to accomplish job objectives.
  5. NIH will review all remote access accounts (at least) annually to ensure that there is a continuing need for the remote access resources and privileges.

I have read and understand the requirements stated above and agree to adhere to them as long as I have access to NIH remote access services. I understand that if I violate any of these standards and procedures, it may result in the cancellation of my remote access privileges and/or disciplinary action.