ISCT: COMPUTER AUTHORIZED USE POLICY (CAUP)


Information Systems, Communications, and Technologies (ISCT) at NMMI provides service to faculty, staff, and cadets. All computer users have two basic rights -- privacy and a fair share of resources. All computer users have the responsibility to use the NMMI computer systems in an effective, efficient, ethical, and lawful manner. The ethical and legal standards that are to be maintained are derived directly from standards of common sense and common decency that apply to the use of any public resource within the Institute.


The following rules and conditions apply to all users of NMMI ISCT. Violations of any of the conditions are considered unethical and may be unlawful. NMMI views the use of computer facilities as a privilege, not a right, and seeks to protect legitimate computer users by imposing sanctions on those who abuse the privilege. Eliminating computer abuse provides more computing resources for users with legitimate computing needs. NMMI’s policy for use of its computing facilities as outlined in the Operations and Procedures Manual is based on the United States Copyright Law and the laws of the State of New Mexico; Chapter 30, Article 45, Computer Crimes. Violations may result in disciplinary action and/or legal actions.


All NMMI computer users, including cadets, faculty, staff, and guests, are governed by the following provisions. This applies to all use of computing, communications, and network interconnections owned or administrated by NMMI.


        I. USE OF COMPUTER ACCOUNTS FOR THE INTENDED PURPOSES


All NMMI computer accounts are Institute Accounts which are the property of the New Mexico Military Institute. Access to information within these accounts by ISCT personnel is limited to situations where ISCT personnel have reason to believe laws have been broken, the tenants of the CAUP have been the broken, the integrity of the system has been compromised or threatened, or normal maintenance must be performed. In other cases, authorization for non-user access shall be sought from the office designated as the owner of the files.


Attempts to: (a) defeat the security systems of any NMMI computer, (b) circumvent the accounting system, (c) use of an account without authorization, or (d) use accounts for other than their intended purposes, are prohibited. Use of an account which invades others rights of privacy or which misappropriates others data files may subject the wrongdoer to disciplinary action. NMMI reserves the right to bar a computer user from an Institute account if impropriety is determined by NMMI officials.


NMMI reserves the right to limit a computer user’s session if there are insufficient resources or if the user is determined by the responsible authorities to be acting in an irresponsible or unlawful manner. NMMI also reserves the right to cancel, restart, or place a hold on a job, process, or program to protect or to improve system performance if necessary. Pornographic material is not permitted on the NMMI campus. This policy includes computer software and the Internet.


A. NMMI’s Internet connection is supported by the state of New Mexico as part of a statewide educational network. Individuals may not conduct a private business for personal financial gain of any kind using the connection. Likewise list serves, bulk emailing or web sites of a political, religious or personal nature are forbidden. Additionally, pornography, explicit sexual content, harassment (sexual or otherwise) and hate literature are forbidden.


B. Through a firewall, NMMI blocks sites classified as pornography (sexual acts or nudity), hate, and illegal gambling. While tens of thousands of such sites are blocked, there may be times that prohibited sites can be accessed. This does not imply that such sites are open for viewing. At no time may the NMMI network be used for viewing pornography, sites with explicit sexual content, gambling, hate literature, or for the purpose of harassment of any type. In addition, any attempt to circumvent the firewall or other network security to view prohibited sites, such as using proxify.com or any other proxy sites, is strictly forbidden.


C. NMMI shall have the right to monitor unannounced, all user’s bandwidth consumption, Internet usage, and e-mails at any time and on an on-going basis. As determined by NMMI, we may be required limit excessive bandwidth consumption by any means available. Logs of Internet traffic are maintained and use of inappropriate sites may result in disciplinary action.


D. Educational use and NMMI business processes are the stated purposes of the campus network and the Internet connection provided. Such activities are related to the mission of the Institution and take precedent over any and all recreational or personal use of the network. Personal or recreational use shall not conflict with an employee’s performance of duties and responsibilities. An Internet appliance is used to prioritize and limit other uses of the Internet connection.


E. Use of the Internet through NMMI for illegal activities is strictly prohibited. This includes but is not limited to receipt, transmission or retransmission of software or data without full compliance with copyright laws, license restrictions and policies.


F. For cadets, failure to comply with any of these terms is grounds for immediate disconnection. The first disconnection will be a warning, the second disconnection will be for a period of one week, and a third or more will be for a period of one month. There may be additional reprimands given by the Commandant’s staff.


G. For faculty and staff, failure to comply with these terms will be reported to supervisors for disciplinary action up to and including termination.


        II. SHALL RESPECT THE INTEGRITY OF THE SYSTEM


Computer users shall not intentionally develop or use programs which harass other computer users or which infiltrate the system and/or damage the software or hardware components of the system. This includes all network links and/or damages caused to the software or hardware components of the system. Computer users shall not use network links for any use other than permitted in network guidelines (e.g. Internet). The use of any unauthorized or destructive program may result in legal civil action for damages by any injured party, including the Institute, as well as criminal action. The viewing of sexually explicit material is specifically prohibited and will be considered sexual harassment if anyone objects to its display.


The integrity of the system is maintained by password protection of accounts. A computer user who has been authorized to use an account may be subject to both civil and criminal liability if the user discloses the password or makes the account available to unauthorized persons without permission. Users are advised to obtain permission in writing where possible to protect themselves when using someone else’s account.


Use of the electronic communication facilities (Electronic MAIL or systems with similar functions) to send fraudulent, harassing, obscene, indecent, profane, intimidating, or other unlawful messages is prohibited by state law. Also, the electronic communication facilities are not to be used for the transmission of commercial or personal advertisements, solicitations, promotions, destructive programs, or any other unauthorized use.


A. You are personally responsible for all use of your computer(s) and network connection. You will be held accountable for any violations that occur involving your computer(s) or network connection, particularly when proper security procedures have not been observed.


B. All faculty, staff, and cadet computers wanting Internet access must be connected to the Institute network. This includes registration of the Windows machine name, IP address and physical address with ISCT. Network software, maintained by NMMI, will register the machine name, MAC address and IP address once the machine is physically connected to the network. Only machines running Windows XP or Windows Vista will be supported on the network.


C. NMMI only supports computers with current versions of the Windows operating systems (Windows XP or Windows Vista). NMMI requires that all computers to be connected to the NMMI network have an up-to-date antivirus program installed as well as current Windows Updates to prevent infection and the spread of worms, Trojans, and other computer viruses. These measures are critical for the maintenance and integrity of the NMMI network. Any machines found to be without updated anti-virus protection will be removed from the network until the computer has been brought up-to-date. In addition, all Windows updates must be current on all computers that access the network. NMMI maintains a network appliance which will verify that these provisions are in place on all computers accessing the network. Machines failing this verification will be quarantined to remediation sites which will allow users to bring their machines up-to-date to meet the requirements. Once the computer is current, it will be allowed normal access to the network.


D. Software to protect the computer from spyware and other malicious programs must also be secured from the Internet and installed. Microsoft’s Windows Defender is the supported software and can be downloaded for free from Microsoft’s website.


E. NMMI uses DHCP (Dynamic Host Configuration Protocol) to assign IP addresses to all computers. NMMI will maintain the only DHCP server on the network. The use of any IP address other than that assigned or modification to the network configuration is prohibited. The network jack may not be altered or removed. Attaching any device other than a standard desktop/laptop computer, such as wireless access point, router, switch, server, telephone, or network appliance to the NMMI network is prohibited.


F. Any action (intentional or unintentional) that would impair the function of the network is prohibited. This includes actions that affect the overall performance of the network. Any action that would deny or impair network service to another system or user is prohibited. This includes, but is not limited to, network scanning, games, traffic on uncommon ports, streaming audio and/or video, Internet radio, Internet telephone, Peer to Peer programs, such as Limewire, Ares, Morpheus, eDonkey, etc. Any computer showing this type of activity will be disconnected from the network. Additionally, there are several programs which users often install that continually communicate over the network. This list includes, but is not limited to, Weather Bug, Web Shots, Web Search, and more. ISCT will attempt to restrict any service or program which needlessly impacts NMMI resources.


G. Operation of any server related application is prohibited. This includes, but is not limited to, sharing files on your computer (Ares, Morpheus etc.), FTP, web server, DHCP, WINS or other systems that serve information.


        III. RESPECT THE PRIVACY OF OTHER COMPUTER USERS


Computer users shall not intentionally seek, provide, modify information in, or obtain copies of files, programs, or passwords belonging to other computer users without the permission of those other computer users. This includes all system files and accounts.


The NMMI system provides mechanisms for the protection of private information from examination by others. Attempts to circumvent these mechanisms in order to gain unauthorized access to the system and to private information are unlawful and certainly will be treated as a violation of NMMI policy. Computer users, when requested, shall cooperate with system administrators in investigations of system abuse. Users are encouraged to report suspected abuse, especially any damage to or problems with their files. NMMI recognizes that files and mail messages are confidential. Authorized NMMI employees may access computer user’s files at any time during system monitoring and/or maintenance and will report suspected unlawful or improper activities to the proper authorities.


        IV. RESPECT THE RULES AND REGULATIONS GOVERNING THE USE OF FACILITIES AND EQUIPMENT


Each NMMI computer lab has specific rules and regulations, which govern the use of equipment and facilities at that site. Violation of these rules and regulations is grounds for disciplinary action. Each site has operators, and/or supervisors, who have been given the responsibility to supervise the use of that site. Computer user cooperation with these individuals and adherence to NMMI policies is expected at all times.


        V. RESPECT THE PROPRIETARY RIGHTS OF SOFTWARE


All software protected by copyright shall not be copied except as specifically stipulated by the owner of the copyright. Protected software is not to be copied into, from, or by any NMMI facility or system, except by license. This means that such computer and microcomputer software may only be copied in order to create backup copies, if so licensed. The number of copies and distribution of the copies may not be done in such a way that the number of simultaneous users in a department exceeds the number of original copies purchased by that department, unless otherwise stipulated in the purchase contract.


        VI. DATABASE SECURITY


New Mexico Military Institute’s administrative computing systems collect and store sensitive data on employees and students that is needed for the normal operations of NMMI. NMMI employees and students must assume responsibility for legal and ethical computer, data, and network use. This data may include but is not limited to:


A. Personal (non-public) information on students, employees, or NMMI affiliates or NMMI financial information.


B. Other proprietary NMMI information.


        VII. SUMMARY


Activities considered to be in conflict with this policy include, but are not limited to, the following:


A. Unauthorized change, deletion, corruption, or removal of NMMI data from NMMI systems.


B. Sharing or using this information for any purpose other than NMMI business.


C. Sharing directories and/or files on your computer with others without appropriate authorization or security measures.


D. Distributing information that violates the Family Education Rights and Privacy Act (FERPA).


E. Transport of restricted or sensitive data via portable media (e.g., flash memory, laptop computer, personal digital assistant) without prior authorization from the NMMI Executive Vice President in coordination with the Vice President of Technology / CIO.


NOTE: Network service may be interrupted on occasion due to hardware failure within the campus, state network, or the Internet. ISCT staff will work with analysis software, vendors, and the CHECS Net NOC (Network Operations Center) to restore service as soon as possible when interruptions occur. NMMI cannot guarantee uninterrupted Internet access.