Policy directing terms for use of ARCC resources.


Contents

Glossary

Frequently Asked Questions


1.1.1 UW Acceptable Use Policy

ARCC clusters and UW resources are made available to the UW research community, and as such are covered by Unireg 8-1. All users of ARCC resources are required to adhere to UW regulations in addition to ARCC specific policies. All users should read and be familiar with this regulation as it is applicable to all UW resources and users must accept terms of use when requesting access to our resources, which includes adherence to UW Regulation 8-1.

Regulation 8-1 includes the following provisions which may be particularly applicable to users of the ARCC resources, but the list below is NOT complete and you are bound by all directives under the regulation:

1.1.2 ARCC Specific Acceptable Use Policy

In addition to the University regulations, the ARCC resources are subject to additional policy listed on our Policy page. The use of any ARCC resource requires compliance with all policies linked or referenced on UW ARCC’s Policies Pages. The process of requesting an allocation and/or account on a UW ARCC resource includes acceptance of any policies specific to the resource in your request. All terms of use apply to all ARCC resources.

1.1.3 User Responsibilities

1.1.3.1 Prerequisites for all users

All ARCC users must meet prerequisites prior to using ARCC High Performance Computing (HPC) or Research Data Storage services. They are as follows:

Be a UWYO Faculty member, or have sponsorship from a UWYO faculty member.

Have an active UWYO Account

Enroll in Two-Factor Authentication

Access to Internet

1.1.3.2 Responsibilities of All Users

ARCC users are accountable for their actions.

Violations of any university regulation, policy, procedure, and/or security may result in administrative or legal actions.

1.1.3.3 Responsibilities of PIs

Principal Investigators (PIs) are responsible for ensuring that these policies, procedures, and security rules are followed for their project members and ensuring that project members working under their supervision fulfill these responsibilities.

1.1.3.4 Research Use

ARCC resources may only be used for research activities and must never be used in the violation of any other university regulation. The following categories of use (without limitation) are prohibited:

for personal or private benefit,

to support illegal, fraudulent, or malicious activities,

to facilitate any transaction that would violate U.S. export control regulations.

1.1.3.5 User Data Requirements

Users of ARCC resources agree to store only data that meets the following conditions:

is research data,

is NOT covered by HIPAA or FERPA,

does NOT contain personal information such as credit info, entertainment media, illicit material, SSNs or similar personal data,

does NOT contain copyrighted material that the user doesn’t have appropriate rights to.

1.1.3.6 Compliance with requests from ARCC

You are required to comply within a prompt timeframe to ARCC direct requests from regarding the use of ARCC resources. This includes requests to reduce disk space consumption or halting prohibited actions. ARCC purposefully aims to keep our list policies as short as possible in order to facilitate the use of these research tools in novel and creative ways, however, behaviors or practices that interfere with the ability of others to use shared resources, must be handled with immediacy and ARCC staff require prompt compliance on such requests.

1.1.3.7 Monitor the email address for your account

You are required to monitor your USERNAME@uwyo.edu email address. If you are an external collaborator, you should monitor the email address provided to IT Application Security upon your account creation.

1.1.3.8 Provide notification

ARCC users should notify arcc-help@uwyo.edu immediately when aware that any accounts used to access ARCC resources have been compromised.

ARCC users should promptly inform UW of any changes in their contact information.

Upon actual or suspected loss, disclosure, or compromise of the two-factor authentication physical or virtual token and/or associated password, account holders should immediately notify the UW IT Security Office (IT_Security_Office@uwyo.edu). Two-factor authentication tokens must not be transferred to another person.

1.1.4. Appropriate Use

ARCC resources may only be used for activities authorized by the University and are always subject to Unireg 8-1. Prohibited actions include, but are not limited to, the following:

1.1.4.1 Unauthorized Access

Attempting to send or receive messages or access information by unauthorized means, such as imitating another system, impersonating another user or other person, misusing legal user credentials (usernames, passwords, etc.), or causing some system component to function incorrectly

1.1.4.2 Altering Authorized Access

Changing or circumventing access controls to allow the user or others to perform actions outside authorized privileges

1.1.4.3 Reconstruction of Information or Software

Reconstructing or re-creating information or software outside authorized privileges

1.1.4.4 Data Modification or Destruction

Taking actions that intentionally modify or delete information or programs outside authorized privileges

1.1.4.5 Malicious Software

Intentionally introducing or using malicious software, including, but not limited to, computer viruses, Trojan horses, or worms

1.1.4.6 Denial of Service Actions

Using UW/ARCC resources to interfere with any service availability, either at UW or at other sites

1.1.4.7 Pornography

Using UW/ARCC resources to access, upload, download, store, transmit, create, or otherwise use sexually explicit or pornographic material

1.1.4.8 Harassment

Engaging in an offensive or harassing actions toward another individual or organization

1.2 Software, Data, Security and Access Control

ARCC Use by Foreign Nationals

ARCC use by foreign nationals is generally permitted regardless of whether access to ARCC resources is from the United States or abroad. However, the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) regulations prohibit the of ARCC resources by citizens of Cuba, Iran, Syria, or Sudan while residing and/or working in one of those countries.

Restricted Data

The use of UW/ARCC resources to store, manipulate, or remotely access information, software, or data (materials) that require additional controls or that could negatively impact or compromise administrative and business operations of ARCC resources requires prior written approval from the University. Such materials include, but are not limited to, export-controlled software or technical data subject to Export Administration Regulations (EAR) or International Traffic in Arms Regulations (ITAR); Personally Identifiable Information (PII) or health information subject to the Health Information Portability and Accountability Act (HIPAA), and materials subject to "Official Use Only" or similar government restrictions.

THE USE OF UW/ARCC RESOURCES TO STORE, MANIPULATE, OR REMOTELY ACCESS CLASSIFIED INFORMATION, UNCLASSIFIED CONTROLLED NUCLEAR INFORMATION (UCNI), NAVAL NUCLEAR PROPULSION INFORMATION (NNPI), SECRET RESTRICTED DATA (SRD), SPECIAL ACCESS REQUIRED DATA (SAR), THE DESIGN OR DEVELOPMENT OF NUCLEAR, RADIOLOGICAL, BIOLOGICAL, OR CHEMICAL WEAPONS, OR OF ANY WEAPONS OF MASS DESTRUCTION IS EXPRESSLY PROHIBITED.

UW/ARCC resources are operated as research systems and should only be used to access and store data related to research. These research systems are categorized as low per FIPS-199 and protected to the NIST 800-53 low-security control baseline.

System Security

UW/ARCC resources control data access via username and password authentication for network access and UNIX directory and file permissions for data storage. Network access and data storage systems provide no explicit encryption. ARCC users are responsible for protecting data files and acknowledge and understand that UW/ARCC security control implementation is sufficient for research data access and storage.

Software Licensing and Copyright Compliance

Data Retention

Policy Violations

Disclaimer