NIH Secure Remote Computing User Certification Agreement

Read through this document and click on the “I Agree” button at the bottom of this page in order to record your acceptance.

An employee, contractor, or other authorized user may be authorized by NIH management to have remote access connectivity to NIH IT resources if there is a clear mission-related need. All such authorized remote access users must meet the following requirements:

  1. All remote access connections and services that connect to NIH resources shall be used only by the authorized individual and for authorized use only.
  2. All authorized users who have been provided remote access to the NIH network or NIH systems must take the annual NIH Computer Security Awareness Training at http://irtsectraining.nih.gov.
  3. All remote access must be made from either Government Furnished Equipment (GFE) or Verified Contractor Furnished Equipment (V-CFE). All authorized users shall ensure that NIH systems and data remain secure from unauthorized disclosure and unauthorized use in accordance with:
    1. NIH IT Security Policies, Standards and Procedures at https://ocio.nih.gov/InfoSecurity/Policy/Pages/default.aspx Viable Via NIH Network, in particular:
      1. The NIH IT General Rules of Behavior at https://ocio.nih.gov/InfoSecurity/training/Pages/nihitrob.aspx. Viable Via NIH Network
      2. The HHS Policy for Personal Use of IT Resources at https://www.hhs.gov/ocio/policy/pol-pers-use-it-resources.html. Viable Via NIH Network
      3. The NIH Remote Access Policy at http://oma1.od.nih.gov/manualchapters/management/2810/. Viable Via NIH Network
      4. The NIH Remote Access Security Standards and Procedures at https://ocio.nih.gov/InfoSecurity/Policy/Documents/NIH_Remote_Access_Standards_FINAL.doc Viable Via NIH Network
    2. DHHS Cybersecurity Program Policies, Standards and Other Documents at http://www.hhs.gov/ocio/policy/index.html#Security. Viable Via NIH Network
    3. Local Institute/Center (IC) IT security and remote access policies. [Note: ICs may require authorized users to sign additional remote access user agreements with more stringent requirements].
  4. Authorized users are also responsible for:
    1. Ensuring that systems are secure and that anti-virus software is installed, running, and updated regularly on all end user remote access systems prior to using them.
    2. Ensuring that they use and store sensitive information on NIH servers when feasible. If not possible, sensitive information should only be stored on GFE or V-CFE. It must never be stored on personally owned equipment.
    3. Reimbursing the government for any unauthorized use of government resources (by self or other individuals) or damages that result in charges to the IC that result from inappropriate use.
    4. Notifying their Administrative Officer and supervisor when remote access resources and services are no longer required to accomplish job objectives.
  5. NIH will review all remote access accounts (at least) annually to ensure that there is a continuing need for the remote access resources and privileges.

I have read and understand the requirements stated above and agree to adhere to them as long as I have access to NIH remote access services. I understand that if I violate any of these standards and procedures, it may result in the cancellation of my remote access privileges and/or disciplinary action.