List of active policies

Full policy

Rules of Behavior
FITSI Stakeholders (Students, Certification Candidates, Certification Applicants, Certification Holders, Associate Members, Certified Members, Founding Members, Consultants, Employees, or Volunteers) who are granted access to a FITSI IT system must agree to the following rules of behavior:

1. Authorized Use
You are granted access to FITSI IT systems solely for authorized purposes related to your role (e.g., Student, Certification Candidate, Certification Applicant, Certification Holder, Associate Member, Certified Member, Founding Member, Consultant, Employee, or Volunteer). Any other use is strictly prohibited.

2. Account Credentials

• You must safeguard your username, password, and other credentials.
• Do not share your login credentials with anyone under any circumstances.
• Immediately notify FITSI (at contactus@fitsi.org) if you suspect your credentials have been compromised.

3. Consent to Monitoring
Use of FITSI IT systems is subject to monitoring for security and audit purposes. By logging in or accessing a FITSI IT system, you consent to such monitoring activities.

4. Information Sharing

• You are prohibited from sharing information obtained from FITSI IT systems with individuals or entities outside of FITSI without explicit, written approval of FITSI.
• Do not disclose, publish, copy, reproduce, or transmit FITSI content in any form—verbal or written—without the express, written permission of FITSI.

5. Classified or Sensitive Information

• Do not store, process, or transmit classified or controlled unclassified information on FITSI IT systems.
• Do not store, process, or transmit Personally Identifiable Information (PII) or other private data that FITSI does not explicitly provide or authorize.

6. System Integrity

• Do not introduce malicious software or attempt to bypass or disable security measures (e.g., antivirus, firewalls).
• Report any suspicious behavior, emails, or vulnerabilities to FITSI immediately (at contactus@fitsi.org).

7. Access from Public or Unsecured Devices

• You must not access FITSI IT systems from untrusted public devices (e.g., public kiosks, public computers) without adequate security controls.
• If you access from personal devices, ensure they are secured (e.g., use anti-malware software, operating system patches).

8. Privacy and Data Protection

• FITSI may use cookies or other tracking mechanisms to improve system security and user experience; by using the system, you agree to such practices.
• Any data you collect, or handle must be treated in accordance with FITSI’s privacy policy (https://www.fitsi.org/fitsiprivacypolicy.html) and any applicable laws or regulations.

9. FITSI Ownership of Content
All content and materials provided through FITSI IT systems are the property of the Federal IT Security Institute (FITSI). Unauthorized use, distribution, or modification of these materials is strictly prohibited.

10. Reporting Security Incidents

• Promptly report any suspected security incident, such as unauthorized access attempts or data breaches, to FITSI (at contactus@fitsi.org).
• Take immediate steps to prevent further access or damage if you discover an incident (e.g., log out, change passwords).

11. Revocation of Access
FITSI may suspend or terminate your access to any FITSI IT system at its discretion, including but not limited to:

• Noncompliance with these rules
• Potential security risks
• Changes in role or affiliation

12. Violations and Enforcement

• Violations of any of these rules may result in disciplinary or legal action, including civil or criminal penalties where applicable.
• FITSI reserves the right to pursue any and all available legal remedies to enforce compliance.