Effective Date: February 24, 2016
Expiration Date: February 24, 2021
a. It is NASA's policy to permit limited personal use of Government office equipment and services, including information technology (IT) services. The intent is to provide a professional and supportive work environment while meeting taxpayer expectations that tax dollars be spent wisely. By authorizing limited personal use of Government office equipment, NASA assumes that employees and contractors are responsible individuals, capable of balancing this privilege with the expectations of American taxpayers.
b. The scope of this policy covers Government office equipment and services, including information technology, and does not include special purpose equipment. Personal use of Government Office Equipment, including IT, should be limited to brief periods when it can reasonably be assumed by supervisors, other employees, and the public, that the employee is in a non-duty status, such as during the lunch break.
c. The limited personal use of Government office equipment and services by NASA employees and contractors shall not interfere with official business or violate existing laws and shall involve only minimal additional expense to the Government. The privilege to use Government office equipment and services for non-Government purposes may be revoked or limited at any time by Federal or Agency officials. Individual NASA Centers and contractors may invoke more stringent policies.
d. This policy in no way limits Agency employees' and contractors' use of Government office equipment and services, including IT, for official activities.
a. This NASA Policy Directive (NPD) is applicable to NASA Headquarters and NASA Centers, including Component Facilities and Technical and Service Support Centers. This language applies to Jet Propulsion Laboratory (JPL) a Federally Funded Research and Development Center (FFRDC), other contractors, authorized users, grant recipients, or parties to agreements only to the extent specified or referenced in the appropriate contracts, grants, or agreements.
b. In this directive, all mandatory actions (i.e., requirements) are denoted by statements containing the term "shall." The terms: "may" or "can" denote discretionary privilege or permission, "should" denotes a good practice and is recommended, but not required, "will" denotes expected outcome, and "are/is" denotes descriptive material.
c. This NPD applies to employee personal use of Government office equipment and IT services, whether owned or otherwise provided by NASA Headquarters and NASA Centers, including Component Facilities. It applies to NASA FFRDC/Laboratory, contractors, and grant recipients, to the extent that it is referenced in the applicable agreement. The Federal Acquisition Regulations (FAR), Part 45; the NASA FAR Supplement, Part 1845; and the terms and conditions of individual contracts provide additional policies and procedures for contractor- accountable, NASA-owned equipment and for Center-accountable, NASA-owned equipment.
d. In this directive, all document citations are assumed to be the latest version unless otherwise noted.
a. Departmental Regulations, as amended, 5 U.S.C. §301.
b. Federal Information Security Management Act of 2002, 44 U.S.C. §3541.
c. The National Aeronautics and Space Act, as amended, 51 U.S.C. §20113.
d. Standards of Ethical Conduct for Employees of the Executive Branch, 5 CFR §2635.704A.
a. Sexual Exploitation and Other Abuse of Children, 18 U.S.C. §2256.
b. Information Technology Management, 40 U.S.C. §11101.
c. Standards of Ethical Conduct for Employees of the Executive Branch, 5 CFR Part 2635.
d. Release of Information to News and Information Media, 14 C.F.R. Part 1213.
e. FAR Part 45, "Government Property."
f. NASA FAR Supplement Part 1845, "Government Property."
g. Office of Management and Budget (OMB) Memorandum M-04-26, Personal Use Policies and File Sharing Technology.
h. NASA Policy Document (NPD) 2810.1, NASA Information Security Policy.
i. NASA Procedural Requirements (NPR) 1382.1, NASA Privacy Procedural Requirements.
j. NPR 4200.1, "NASA Equipment Management Procedural Requirements."
k. NASA ITS-HBK 2810.09-03, Targeted Collection of Electronic Data.
a. The Office of the Chief Information Officer is responsible for development, implementation, and management of this NPD.
b. Each Center Director and the Executive Director for Headquarters Operations is responsible for developing procedures for ensuring that employees and contractors are aware of proper personal use of Government office equipment, including information technology and IT services, and developing cost-effective controls for monitoring or preventing abnormal or inappropriate use. Controls to be considered include blocking of inappropriate Web sites and phone numbers, flagging abnormal long distance or phone charges, and monitoring network traffic for suspicious traffic or inappropriate use.
c. Supervisors shall:
(1) reasonably monitor appropriate use of Government office equipment and services, including IT, and pursuing sanctions for misuse, including potential disciplinary action.
(2) have the discretion to restrict personal use of social media technologies by employees and contractors during duty hours or while using Government equipment.
d. Visitors and interns shall be explicitly authorized by the Information System Owner (ISO) to use Government office equipment, U.S. Government limited access data/information, and IT services. The ISO will ensure visitors and interns are knowledgeable of Federal and Agency policy before use of the equipment, U.S. Government limited access data/information, or IT.
e. Employees and contractors are responsible for being knowledgeable of Federal and NASA requirements and complying with personal use privileges of Government office equipment and services, including IT, as outlined herein and in Attachment C (Specific Provisions) to this directive. Employees and contractors shall ensure that their personal use of Government office equipment and services does not give rise to an appearance that they are acting in an official capacity or that NASA endorses or sanctions their personal activities, and that such use is otherwise consistent with 5 C.F.R part 2635, Standards of Ethical Conduct for Employees of the Executive Branch and NASA social media guidelines.
(1) Specific attention and care should be directed to participation in online social media when using Federal Government resources to access Internet-based capabilities. NASA employees and contractors bear the responsibility of using social media tools and shall only engage in social networking in a responsible, safe, and judicious manner, whether in an official capacity or through personal use, to protect mission objectives, information assets, program integrity, data, and NASA's reputation.
(2) NASA employees and contractors will distinguish between official and personal communications to ensure that all official communications are identified and conducted in conformance with applicable law, regulation, and policy, including coordination with the responsible Public Affairs Official.
(3) NASA employees and contractors shall conduct themselves professionally in the workplace and shall not use Government equipment for activities that are inappropriate.
(4) When IT and/or computer equipment is taken out of the workplace (i.e., telework, offsite business meetings, conferences), the employee or contractor shall ensure that the equipment is configured in accordance with Agency policy, remains in their custody, is handled and maintained properly, and is returned in good condition. In the event that the equipment is lost, stolen, or damaged, the employee or contractor shall notify their supervisor and the NASA Security Operations Center (SOC) at email@example.com or calls 1-877-NASASEC (1-877- 627-2732) and Center Physical Security as soon as possible after the occurrence of an incident.
f. Contracting officers are responsible for:
(1) Ensuring that contractors are informed of appropriate uses of Government IT resources as a part of their introductory training, orientation, or the initial implementation of this policy; and
(2) Ensuring contractors who process, store, or transmit NASA information on non-government furnished and personally owned IT equipment, software, and media, do so only when the contract under which they perform specifically establishes terms and conditions for such use (and that appropriate approvals have been obtained), and the contractor otherwise meets and complies with NASA security standards.
ISOs may access any electronic communications and employ monitoring tools to detect improper use. ISOs or their designees determine, implement, ensure, and document compliance by applying a verification approach that is tailored to meet the requirements of this NPD. The Office of Protective Services (OPS) conducts functional reviews, spot- checks, and inspections to review compliance and implementation. The ISO employs enterprise tools on their systems to detect unauthorized access. Targeted monitoring shall be done in accordance with ITS-HBK 2810.09-03, Targeted Collection of Electronic Data.
NPD 2540.1G, Personal Use of Government Office Equipment, Including Information Technology, dated June 8, 2010.
"Equipment" means a tangible asset, end item, or nonexpendable property that is functionally complete, not intended for sale, does not lose its identity, or become a component part of another item when put into use. Equipment is not intended to be destroyed during an experiment and has a useful life of two years or more.
"Government office equipment" means equipment owned or leased by the Government whose use is not limited only to research, medical, scientific, or other technical activities, including IT. Government office equipment is property in the possession of, or directly acquired by, the Government and can be subsequently furnished to the contractor for performance of a contract. Government furnished property also includes contractor acquired property if the contractor acquired property is a deliverable under a cost contract when accepted by the Government for continued use under the contract. (Federal Acquisition Regulation Part 45.101) Government office equipment includes, but is not limited to: computers and related peripheral equipment and software, library resources, research or reference services (e.g., online journals), telephones and wireless communications devices (e.g., cell phones, smart-phones, pagers), personal electronic devices (e.g., calculators, music players, global positioning system devices, book readers), facsimile machines, photocopiers, office supplies, government guest networks, network access (e.g., Internet, wireless, cellular), e-mail, and licenses (e.g., software licenses). This also includes Government office equipment provided for use while in official travel status and for a telework or other alternative work space arrangement.
"Information System Owner," per NPR 1382.1, means the principal advisor to the Center CISO on matters pertaining to specific information systems.
"Information Technology," per United States Code (Information Technology Management, 40 USC § 11101(6)):
1. means any equipment or interconnected system or subsystem of equipment used in the automatic acquisition, storage, analysis, evaluation, manipulation, management, movement control, display, switching, interchange, transmission, or reception of data or information by the executive agency, if the equipment is used by NASA directly or is used by a contractor under a contract with NASA that requires the use:
a. of that equipment; or
b. of that equipment to a significant extent in the performance of a service of the furnishing of a product;
2. means any computers, ancillary equipment (including imaging peripherals, input, output, and storage devices necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software, firmware and similar procedures, services (including support services), and related resources;
3. does not include any equipment acquired by a Federal contractor incidental to a Federal contract. Examples include, but are not limited to, computers and associated peripherals, software, and removable media.
"Minimal additional expense" means that personal use of Government office equipment is limited to those situations where the Government is already providing equipment or services and the employee's or contractor's use of such equipment or services will not result in any discernable additional expense to the Government, resulting only in normal wear and tear, or the use of small amounts of electricity, toner, ink, or paper. Examples of minimal additional expense include making occasional brief personal local phone calls, infrequently sending personal e-mail messages, making a copy of a personal bill, receiving a fax from a car repair shop, or other limited use of the Internet for personal and appropriate reasons.
"NASA Information," per NPD 2810.1, NASA Information Security Policy, means any knowledge that can be communicated regardless of its physical form or characteristics, which is owned by, produced by, or produced for or is under the control of NASA.
"Personal use" means uses other than for official Government business.
"Peer-to-Peer file sharing," as defined in Office of Management and Budget M-04-26, refers to any software or system allowing individual users of the Internet to connect to each other and trade files.
"Privilege" means, in the context of this policy, that NASA is extending the opportunity to its employees and contractors to use Government property for personal use in an effort to create a more supportive work environment. As a privilege, employees and contractors have no inherent right to personal use or ownership of Government office equipment. Nor does the privilege extend to modifying such equipment, including modifications such as loading personal software or making configuration changes, or other changes that are inconsistent with Agency policy. This privilege may be revoked at any time, for any reason.
"Social media technologies" include, but are not limited to, wikis, blogs, mash-ups, Web feeds (e.g., Really Simple Syndication and Rich Site Summary (RSS) feeds), social networking sites (e.g., Facebook), microblogging (e.g., Twitter), and Web-based forums.
"Special purpose equipment" is equipment that is used only for research, medical, scientific, or other technical activities.
CFR Code of Federal Regulations
CIO Chief Information Officer
FAR Federal Acquisition Regulations
ISO Information System Owner
IT Information Technology
ITS IT Security
JPL Jet Propulsion Laboratory
NASA National Aeronautics and Space Administration
NPD NASA Policy Directive
NPR NASA Procedural Requirement
OMB Office of Management and Budget
RSS Rich Site Summary
U.S.C. United States Code
C.1 Employees and contractors are authorized limited personal use of Government office equipment and services to the extent that such personal use does not interfere with official duties or result in a loss of productivity. Employees and contractors are only authorized to use office equipment and services for personal use if they are first authorized to use the equipment for official business. NASA is not required to supply equipment if the equipment is not required for the employee or contractor to perform official business. Moreover, personal use can incur only minimal additional expense to the Government in areas such as:
C.1.1 Communications infrastructure costs such as, but not limited to, telephone or airtime charges, Internet connectivity, and telecommunications traffic.
C.1.2 Consumables such as, but not limited to, paper, ink, and toner.
C.1.3 Wear and tear on equipment such as, but not limited to, copiers and printers.
C.1.4 Impacts to network bandwidth such as, but not limited to, e-mail message sizes, e-mails with attachments, text messaging, and personal use of social media (e.g., Twitter, Facebook, YouTube).
C.2 Inappropriate Personal Use - Employees and contractors are expected to conduct themselves professionally in the workplace and to refrain from using Government office equipment and services for activities that are inappropriate. Misuse or inappropriate use of Government office equipment and services includes, but is not limited to:
C.2.1 Any personal use that violates applicable law, Federal or Agency policies, or procedural requirements.
C.2.2 Any personal use that could cause unnecessary congestion, delay, or disruption of service to any Government system or component.
C.2.3 Using a Government system as a staging ground or platform to gain unauthorized access to other systems.
C.2.4 The creation, copying, transmission, or retransmission of unauthorized mass mailings, regardless of subject matter.
C.2.5 Activities inconsistent with 5 CFR §2635, Standards of Ethical Conduct for Employees of the Executive Branch or Equal Opportunity laws and regulations. This includes material that is inappropriate or offensive based on race, color, national origin, sex, religion, age, disability, genetic information, sexual orientation, gender identity, or status as a parent.
C.2.6 Creating, searching/downloading, viewing, storing, copying, or transmission of materials describing or depicting sexually explicit conduct, as defined by 18 USC § 2256, Sexual Exploitation and Other Abuse of Children, or other sexually explicit or sexually oriented materials.
C.2.7 Use for commercial purposes, "for profit" activities, or in support of outside employment or business activity such as a personal business, or assisting friends, relatives, or others in such activities (e.g., consulting for pay, sales, or administration of business transactions, and sale of goods or services).
C.2.8 Engaging in a personal or private capacity in any outside fund-raising activity, endorsing any product or service, participating in any lobbying activity, or engaging in any prohibited partisan political activity (e.g., expressing opinions about candidates, distributing campaign literature).
C.2.9 Publicly communicating Agency information, including Agency policy, project, or program information and other critical data, that has not been authorized for release. This includes uses that could create the perception that the communication was made on behalf of the Agency or the Office of the Administrator if the communication has not been authorized by the Office of Communications. Authorized public communications of Agency information are subject to 14 C.F.R. section 1213 and applicable Agency policies.
C.2.10 Any use that could generate more than minimal additional expense to the Government.
C.2.11 The unauthorized acquisition, use, reproduction, transmission, or distribution of any controlled information, including computer software and data, that includes privacy information, copyrighted, trademarked, or material with other intellectual property rights (such as literature, music, and videos beyond fair use), proprietary data, or export controlled software or data.
C.2.12 Unauthorized P2P file sharing activities.
C.2.13 Overriding or defeating a security feature of a Government system (e.g., installing unapproved software).
C.3 Privacy Expectations - NASA employees and contractors do not have a right to expect privacy while using Government office equipment or IT services at any time, including accessing the Internet and using e- mail. Employees and contractors are advised that the Government maintains call detail and network access records to monitor telephone activity and Internet access and employs monitoring tools to track system performance and improper use. To the extent that employees and contractors wish their private activities to remain private, they should avoid personal use of Government office equipment and IT services. By using Government office equipment, employees and contractors consent to disclosing the contents of any files or information maintained on or passed through the equipment. Any use of Government communication resources is made with the understanding that such use is subject to Government surveillance and inspection, is not private, and is not anonymous. This includes personal equipment (e.g., tablets, smart phones) that connect to Government networks and services.
C.4 Sanctions for Misuse - Unauthorized or improper use of Government office equipment and services could result in loss of use or limitations on use of equipment, disciplinary or adverse personnel actions, criminal penalties, and/or employees/contractors being held financially liable for the cost of improper use.
C.5 Special Purpose Equipment - The policies for use of special purpose equipment are described in NPR 4200.1 (Appendix I). This policy states that NASA special purpose equipment may only be used for its intended purpose, and only for official purposes.
D.1 Principles of Ethical Conduct for Government Officers and Employees. E.O. 12674 of April 12, 1989, as amended by E.O. 12731 of October 17, 1990.
D.2 Federal Information Technology, Executive Order (E.O.) 13011 of July 16, 1996, as amended by E.O. 13284 of January 23, 2003, and E.O. 13286 of February 28, 2003.
D.3 OMB M-10-23, Guidance for Agency Use of Third-Party Websites and Applications.
D.4 OMB M-13-10, Antideficiency Act Implications of Certain Online Terms of Service Agreements.
D.5 NASA Policy Directive (NPD) 1900.9, Ethics Program Management.
D.6 NASA Procedural Requirements (NPR) 1900.3, Ethics Program Management.
D.7 NPR 2810.1, Security of Information Technology.
D.8 ITS Handbook ITS-HBK-2810.15-01, "Access Control."
D.9 ITS Handbook ITS-HBK-2810.17-01, "Identification and Authentication."