Grants Tracking System Rules of Behavior
Before gaining access to the Grants Tracking System, you must accept the DOT Computer System Warning and the GTS Rules of Behavior.
If you do not do not accept, you will not be granted access to the Grants Tracking System.
By clicking "Accept", you are "digitally signing" an agreement to the terms contained herein.
Receipt of Acknowledgement
I have read the GTS Rules of Behavior in their entirety, and I recognize that it is my responsibility to ensure that I comply with all DOT policies, regulations, guidelines and rules regarding the protection, handling, processing, transmission, distribution, and destruction of sensitive unclassified information. I understand that failure to comply with any or all of the above security requirements could result in the loss of my system privileges, disciplinary action by DOT, and/or civil or criminal penalties.
GTS Rules of Behavior
Why are GTS Rules of Behavior Needed?
Within GTS technical controls alone are inadequate in ensuring the proper separation of duties and security controls needed in federal financial applications. Management controls must be used to supplement the technical controls. Accordingly, the Office of Management and Budget (OMB) has established security requirements for agencies that supplement technical controls with management controls. Those requirements are published in OMB Circular No. A-130, Management of Federal Information Resources, Appendix III, Security of Federal Automated Information Systems, dated November 28, 2000 (see http://www.whitehouse.gov/omb/circulars/a130/a130trans4.html). A-130 states: "Establish a set of rules concerning use of and behavior within the application. The rules shall be as stringent as necessary to provide adequate security for the application and the information in it. Such rules shall clearly delineate responsibilities and expected behavior of all individuals with access to the application. In addition, the rules shall be clear about the consequences of behavior not consistent with the rules."
To Whom Do They Apply?
The rules of behavior presented here apply to all users of the Grants Tracking System and its resources. Because written guidance cannot cover every possible contingency, you are asked to exceed the stated principles. DOT employees are referred to the Code of Federal Regulations (CFR), Title 5, Administrative Personnel, Volume 3, Chapter XVI, Office of Government Ethics, Part 2635, Standards of Ethical Conduct for Employees of the Executive Branch, dated 1 January 1999, for additional information.
All users of GTS have a responsibility to assess the sensitivity of their data, and to be aware that computer security is their responsibility. Every user must be alert to possible breaches in security and adhere to all security regulations that have been established within the DOT and GTS. The responsibilities listed below are not all-inclusive, but are designed to make the users' aware of their responsibility in securing GTS resources and supporting applicable separation of duties.
Comply with all federal regulations concerning the grant programs administered through the Grants Tracking System.
Comply with all applicable federal, DOT, GTS, and agency security policies and procedures.
Protect your unattended terminal by always logging out or locking the keyboard with a screen-saver before leaving your terminal unattended.
Protect sensitive unclassified information from unauthorized access, disclosure, modification, misuse, damage or theft.
Protect all passwords issued to you and do not disclose them to anyone. Understand that password sharing or the use of another user's ID and password is prohibited in GTS. Change passwords when required by the system and whenever you suspect that they may have been compromised. Do not embed passwords in log-on scripts.
Report all security incidents, including password compromises, to the Grants Tracking System administrator.
Immediately notify the Grants Tracking System administrator when you no longer require access to the GTS application, its servers, and the networks used to access the GTS system because of transfer, completion of project, etc., and of any changes in your work location or phone number.
Do not knowingly introduce any malicious code into the GTS application, its servers, and the networks used to access the GTS system, nor attempt to bypass or circumvent the security features or mechanisms of the GTS application, its servers, and the networks used to access the GTS system.
Upon termination of your user account for GTS you will not have in your possession or in your home any sensitive information in any form, nor any user manuals or system documentation.
Use virus protection software on all terminals used to access GTS, and keep the virus protection software up-to-date.
Separation of Responsibilities
To the extent possible within your organization follow these guidelines regarding the appropriate separation of responsibilities.
The GTS responsibility to create new transactions should not be given to the same users who have the responsibility to post them.
The GTS responsibility to create Highway Cost Summaries should not be given to the same users who have the responsibility to create Reimbursement Vouchers.
The GTS responsibility to create Advance Reimbursement requests should not be given to the same users who have the responsibility to create Reimbursement Vouchers
The responsibility to submit for approval or to post any document in GTS should be separated from the responsibility to create and edit these same documents.