Professional Documents
Culture Documents
1.0 PURPOSE
This Standard provides the code of conduct to which IT Users must adhere when using GDIT Information
Technology (IT) Systems and Assets1 in support of IT-POL-50 Cyber Security and is supplemented by IT-
HB-50-1A GDIT Employee/Non-Employee Cyber Security Handbook.
This Standard applies to all GDIT employees and non-employees who access GDIT IT Systems and Assets,
hereafter referred to as “IT Users”2 .
3.0 AGREEMENT
All IT Users must read and acknowledge the terms listed in this agreement. The agreement is electronically
acknowledged upon completion of the Cyber Security Awareness and Personal Data Privacy Training
within 30 days of accessing GDIT IT systems or assets.
Obligations
I understand that:
• GDIT IT systems and assets are provided for business purposes. I understand that GDIT allows
minimal personal use of GDIT IT systems and assets so long as my personal use does not:
i. conflict with any terms found in GDIT’s policies and guidelines,
ii. interfere with my ability to perform my job responsibilities, or
iii. result in significant costs (e.g., money, time, reduced productivity) incurred by GDIT.
• GDIT has legal ownership of the contents of all files stored on its IT systems and assets as well as
all messages transmitted or received by these systems.
• I have no expectation of privacy when using GDIT IT systems or assets. All communications
(including personal) sent, received or accessed via GDIT IT Systems and Assets are subject to
monitoring and auditing.
• My network account will be disabled if I fail to complete any cyber security training within 30
days of assignment.
• The IT-HB-50-1A GDIT Employee/Non-Employee Cyber Security Handbook contains additional
details about requirements in this agreement.
1
IT Systems and Assets include, but are not limited to, GDIT computing and mobile devices, human capital management and
financial systems, applications and all other forms of Information Technology (IT) that are owned, leased, rented, used, accessed,
created by GDIT, as well as the GDIT and GDIT client information stored or processed therein.
2
“IT Users” are defined as employees and non-employees, who need access to GDIT IT Systems and Assets to perform work on
behalf of GDIT. “Non-employees” include, but are not limited to, GDIT consultants, contractors, sub-contractors, fellows/interns,
vendors, or anyone who is NOT categorized as a GDIT “Employee”.
– 1 of 4 –
This document contains GDIT confidential and proprietary information,
which shall not be used, disclosed, or reproduced for any purpose other than the conduct of GDIT business affairs.
Information Technology - Cyber Issue Date: 12/09/2021
Prohibitions
I will not:
1. Abuse or misuse my a ccess privileges, nor will I compromise or damage the system(s) to which I
am granted access.
2. Attempt to access or modify any IT systems or information other than those to which I have been
specifically granted access. Nor will I access, transfer or copy any corporate, client, personnel,
vendor, or any other nonpublic information for any purpose outside of my job duties.
3. Introduce any unauthorized, unlicensed, illegal, malicious, or persona lly owned software or
hardware to the GDIT IT environment.
4. Intentionally visit or view, obtain or disseminate illegal content or content that would be
considered offensive or unacceptable for the workplace as described in HR-POL-320
Unacceptable Workplace Conduct Policy.
5. Access or download pirated movies or software using Web-streaming services (e.g., movies123,
mubi, tubi) on GDIT IT systems or assets.
6. Click on any attachment or link embedded in a suspicious message(s).
7. Access, view, send or store classified information on any unclassified GDIT IT systems or asset.
8. Use non-GDIT (personal) cloud-based storage resources such as Dropbox, iCloud, Google Drive,
Slack, OneDrive, etc., to store, process, or transmit GDIT or client data unless authorized by the
customer and/or GDIT to do so. If authorized, the software must meet acceptable GDIT legal and
security standards including proper licensing. The GDIT provided instance of Microsoft 365,
including OneDrive, is authorized to store GDIT and client data.
9. Use non-GDIT (personal) e-mail accounts such as Gmail, Yahoo, etc., to transmit GDIT or client
data unless authorized by the customer and/or GDIT to do so. If authorized, the software must
meet acceptable legal and security standards for GDIT including proper licensing.
– 2 of 4 –
This document contains GDIT confidential and proprietary information,
which shall not be used, disclosed, or reproduced for any purpose other than the conduct of GDIT business affairs.
Information Technology - Cyber Issue Date: 12/09/2021
I acknowledge that I have read the terms of the User Access Agreement and understand my responsibilities
with respect to my use of the GDIT IT systems and assets. I understand that I may be subject to
disciplinary action, up to and including termination of employment, removal from contract or legal action
for knowingly violating or attempting to violate the information contained in this Agreement.
___________________________________________________________ _____________________
User’s Signature (Digital Signatures are acceptable) Date
Acronym Meaning
HVD Hosted Virtual Desktop
IT Information Technology
SOC Security Operations Center
6.0 REFERENCES
– 3 of 4 –
This document contains GDIT confidential and proprietary information,
which shall not be used, disclosed, or reproduced for any purpose other than the conduct of GDIT business affairs.
Information Technology - Cyber Issue Date: 12/09/2021
– 4 of 4 –
This document contains GDIT confidential and proprietary information,
which shall not be used, disclosed, or reproduced for any purpose other than the conduct of GDIT business affairs.