Physics Division
Computer Systems Security and Appropriate Use
Computer security within the Physics Division means not allowing
unauthorized access to our computers, especially to hackers. To
operate securely, each of us using computers must be aware of the
status of the computers we control. Anyone with a desktop or laptop
computer attached to our network must have completed
Cyber Security Awareness Training.
For most computers, we require that you keep your system up-to-date
with system security patches. If you can no longer patch your machine, it
will be disconnected from the network.
For a Windows computer, there are particular requirements:
- All Windows computers on the ORNL network must be owned by ORNL
and managed
by ORNL ITSD staff using the SCCS system.
- Any exceptions to
this must be documented and expressly permitted. ORAU and UT
computers can be easily granted this exception.
All ORNL-owned portable data processing devices must be encrypted
No portable device may contain protected, personnally identifiable information.
Many laptop computers have left on travel, only to return with the latest
worm or virus. YOUR attention to the security of laptops must not stop
when you leave your office.
To attach a new device to the network, either
ORNL guidance on security and appropriate use
The following
standards describe ORNL requirements on computer owners and users:
Telecommunications from offsite
We require that you use secure communications from home for remote
terminal applications. These days that means SSH, with many free and
not free clients available for Windows, Macintosh or Unix systems, or the
ORNL VPN.