USA Staffing Rules of Behavior

From USAS
Jump to navigation Jump to search

RULES OF BEHAVIOR

In accordance with the Office of Management and Budget (OMB) Memorandum M-06-16, Protection of Sensitive Agency Information, and to protect the confidentiality, integrity and availability of the U.S. Office of Personnel Management's (OPM's) USA Staffing system, rules of behavior on the safe handling of data must be followed when accessing Personally Identifiable Information (PII) in USA Staffing. The loss of PII can result in substantial harm, embarrassment, and inconvenience to individuals and may lead to identity theft or other fraudulent use of the information.

Once annually, every USA Staffing user must read and agree to the Rules of Behavior when signing into the system before they are granted access to USA Staffing features and data. This requirement also applies to accounts assigned to automation acting as a system user. Additionally, agency personnel creating and managing automated user accounts for the purpose of robotic process automation accept responsibility for the permissions assigned and all actions executed by these accounts within USA Staffing.

  • I acknowledge that I have access to download/transfer Controlled Unclassified Information (CUI) in the USA Staffing system.
  • I acknowledge my responsibility to ensure the confidentiality, integrity, and availability of USA Staffing information in a manner consistent with its sensitivity.
  • By being granted access to Controlled Unclassified Information (CUI), I am obligated to protect this information from unauthorized disclosure.
  • I agree that my obligation to safeguard the confidentiality of Controlled Unclassified Information (CUI) shall be in effect until a transfer of duties no longer requires access to this data or until termination of my employment.
  • I will obtain, use or disclose such data only in connection with the performance of my official duties solely for authorized purposes. I will not disclose any data to other agencies or persons not expressly authorized to receive or have access to it. I will make any such authorized disclosures in accordance with established regulations and procedures.
  • I will encrypt any PII data downloaded/transferred from USA Staffing on any portable storage device, including laptops, PDAs, iPods, thumb drives, external hard drives, etc.
  • I will erase PII data downloaded/transferred from USA Staffing within 90 days unless its official use is still required.
  • I will immediately report any security breach, anomalies in system performance, or suspicious activities. I will ensure that security breaches are reported to a Federal incident response center, US-CERT, located within the Department of Homeland Security.
  • I will protect my authentication tokens from disclosure and loss at all times.
  • I will not allow others to use my User ID and I will not access other users' accounts. I will not attempt to access accounts or data that are not expressly authorized to me. I understand that I am accountable for all actions taken under my User ID.
  • I understand that any changes in my employment status or changes in my job responsibilities may require my access to be modified or terminated.
  • I will ensure that any work performed remotely or off-site will be provided the same level of protection as provided at the office.
  • I will ensure proper protection and disposition of printed documents containing PII obtained through the USA Staffing system.
  • I understand that all conditions and obligations imposed upon me by these rules apply during the time I am granted access to the USA Staffing system. I understand I am being granted permission to access OPM's USA Staffing system and data as specified above, and that my use of this access may be monitored for compliance.
  • I understand that any system user who does not comply with these rules is subject to penalties including suspension or cancellation of system privileges and possible criminal prosecution. OPM will enforce the use of penalties against any user who willfully violates Federal system security.

For cases in which a system user engages with an external assessment provider including, but not limited to The Office of Personnel Management’s USA Hire system, the user agrees that:

  • I understand a formal interagency agreement must be in place between my agency and OPM prior to receiving access to, and using, USA Hire.
  • I understand I may only use the USA Hire system and USA Hire materials (including USA Hire assessments) in a manner consistent with the terms of the formal agreement or contract denoted above.
  • I understand that access to the USA Hire assessments must be restricted to applicants responding to a job opening who meet the minimum qualifications for that job opening (i.e., I am not authorized to view or modify the content of any USA Hire assessment).
  • I understand that in cases where I may be exposed to USA Hire assessment content, I may not discuss, share, or reproduce the assessment content (e.g., questions, scoring information).
  • I understand I must immediately report any suspected breach of these rules related to USA Hire to the OPM point of contact for the interagency agreement or contract and USAHire@opm.gov.
  • I understand that OPM reserves the right to terminate anyone’s access to and use of the USA Hire system and materials (including assessments) at any time for violating these requirements.

For cases in which a system user is granted access to Applicant Flow Data including, but not limited to data on an applicant’s race, ethnicity, or disability, the user agrees that:

  • I acknowledge that I have access to download/transfer Controlled Unclassified Information (CUI) about applicants.
  • I acknowledge my responsibility to mitigate any risk of the data being used to affect staffing decisions.
  • I acknowledge my responsibility that use of this data will be consistent with the ‘Purpose and Routine Uses’ language provided to applicants in the USAJOBS Demographic profile.
  • I acknowledge my responsibility that this data shall not be used for:
    • Influencing the decision to close or extend job announcements
    • Influencing the decision to cancel recruitment actions
    • Influencing the decision to use or not use a referral list of applicants
    • Influencing selection decisions
    • Identifying the race, ethnicity, or gender of specific named employees
  • I understand that this data can be used for:
    • Aggregate human capital reporting
    • Determining rates of demographic representation in recruitment efforts
    • Determining rates of demographic representation in hiring or merit promotion selections
    • Determining rates of qualifications among demographic groups
    • Evaluating the effectiveness of recruitment in reaching targeted demographic groups
  • I agree to these rules and the appropriate safeguarding of data.
  • I assume liability for misuse of data caused by sharing data with other recipients.
  • I acknowledge my responsibility to ensure the confidentiality, integrity, and availability of applicant data in a manner consistent with its sensitivity.
  • By being granted access to Controlled Unclassified Information (CUI), I am obligated to protect this information from unauthorized disclosure.
  • I agree that my obligation to safeguard the confidentiality of Controlled Unclassified Information (CUI) information shall be in effect until a transfer of duties no longer requires access to this data or until termination of my employment.
  • I will obtain, use or disclose such data only in connection with the performance of my official duties solely for authorized purposes.
  • I will not disclose any data to other agencies or persons not expressly authorized to receive or have access to it. I will make any such authorized disclosures in accordance with established regulations and procedures.
  • I will encrypt any applicant data on any portable storage device, including laptops, PDAs, iPods, thumb drives, external hard drives, etc.
  • I will immediately report any security breach, anomalies in system performance, or suspicious activities. I will ensure that security breaches are reported to a Federal incident response center, US-CERT8, located within the Department of Homeland Security.
  • I will protect my authentication tokens from disclosure and loss at all times.
  • Under this agreement, on behalf of my agency, I accept responsibility for carrying out its terms and conditions. I further agree that all necessary administrative steps will be taken to assure that persons who have access to this data will be informed of this agreement and will be required to comply with it.

These restrictions are consistent with and do not supersede, conflict with or otherwise alter the employee obligations, rights or liabilities created by Executive Order 12356; Section 7211 of Title 5, United States Code (governing disclosures to Congress); Section 2302(b)(8) of Title 5, United States Code, as amended by the Whistleblower Protection Act (governing disclosures of illegality, waste, fraud, abuse or public health or safety threats); the Intelligence Protection Act of 1982 (50 U.S.C. 421 et seq.) (governing disclosures that could expose confidential Government agents), and the statutes which protect against disclosure that may compromise the national security, including Sections 641, 793, 794, 798 and 952 of Title 18, United States Code, and Section 4(b) of the Subversive Activities Act of 1950 (50 U.S.C. Section 783(b)). This agreement shall not nullify or affect in any manner any other secrecy or nondisclosure Agreement which I have executed or may execute with the United States Government.