USA Staffing Rules of Behavior
In accordance with the
Office of Management and Budget (OMB) Memorandum
M-06-16, Protection of Sensitive Agency Information
(Opens in new window)
, and to protect the confidentiality,
integrity and availability of the U.S. Office of Personnel Management's (OPM's)
USA Staffing system, rules of behavior on the safe handling of data must be
followed when accessing Personally Identifiable Information (PII) (Opens in new window)
in USA Staffing. The loss of PII can result in
substantial harm, embarrassment, and inconvenience to individuals and may lead
to identity theft or other fraudulent use of the information.
Once annually, every USA Staffing user must read and agree to the Rules of
Behavior when signing into the system before they are granted access to USA
Staffing features and data. This requirement also applies to accounts assigned
to automation acting as a system user. Additionally, agency personnel creating
and managing automated user accounts for the purpose of robotic process
automation accept responsibility for the permissions assigned and all actions
executed by these accounts within USA Staffing.
√ I acknowledge that I have access to download/transfer Controlled Unclassified Information (CUI) (Opens in new window)
in the USA Staffing system.
√ I acknowledge my responsibility
to ensure the confidentiality, integrity, and availability of USA Staffing
information in a manner consistent with its sensitivity.
√ By being granted access to Controlled Unclassified Information (CUI) (Opens in new window),
I am obligated to protect this information from unauthorized disclosure.
√ I agree that my obligation to safeguard the confidentiality
of Controlled Unclassified Information (CUI) (Opens in new window)
shall be in effect until a transfer of duties no longer requires access to this
data or until termination of my employment.
√ I will obtain, use or disclose such data only in connection
with the performance of my official duties solely for authorized purposes. I
will not disclose any data to other agencies or persons not expressly
authorized to receive or have access to it. I will make any such authorized
disclosures in accordance with established regulations and procedures.
√ I will encrypt (Opens in new window) any PII data downloaded/transferred from USA Staffing on
any portable storage device, including laptops, PDAs, iPods, thumb drives,
external hard drives, etc.
√ I will erase PII data downloaded/transferred from USA Staffing within 90
days unless its official use is still required.
√ Upon discovering a security incident, I will immediately report it in
accordance with my Agency specific incident reporting procedures and shall immediately
notify the OPM Security Operations Center (SOC) at CyberSolutions@opm.gov or 844-377-6109.
√ I will protect my authentication tokens from
disclosure and loss at all times.
√ I will not allow others to use my User ID and I will not
access other users' accounts. I will not attempt to access accounts or data
that are not expressly authorized to me. I understand that I am accountable for
all actions taken under my User ID.
√ I understand that any changes in my employment status or
changes in my job responsibilities may require my access to be modified or
terminated.
√ I will ensure that any work performed remotely or off-site
will be provided the same level of protection as provided at the office.
√ I will ensure proper protection and disposition of printed
documents containing PII obtained through the USA Staffing system.
√ I understand that all conditions and obligations imposed upon
me by these rules apply during the time I am granted access to the USA Staffing
system. I understand I am being granted permission to access OPM's USA Staffing
system and data as specified above, and that my use of this access may be
monitored for compliance.
√ I understand that any system user who does not comply with
these rules is subject to penalties including suspension or cancellation of
system privileges and possible criminal prosecution. OPM will enforce the use
of penalties against any user who willfully violates Federal system security.
√ Users are required to sign out at the conclusion of work assignments or at any time they are not actively involved in work assignments requiring the usage of USA Staffing.
For cases in which a system user engages with an external assessment provider
including, but not limited to The Office of Personnel Management’s USA Hire
system, the user agrees that:
√ I understand a formal interagency agreement must be in place between
my agency and OPM prior to receiving access to, and using, USA Hire.
√ I understand I may only use the USA Hire system and USA Hire materials
(including USA Hire assessments) in a manner consistent with the terms of the
formal agreement or contract denoted above.
√ I understand that access to the USA Hire assessments must be restricted
to applicants responding to a job opening who meet the minimum qualifications
for that job opening (i.e., I am not authorized to view or modify the content
of any USA Hire assessment).
√ I understand that in cases where I may be exposed to USA Hire assessment
content, I may not discuss, share, or reproduce the assessment content
(e.g., questions, scoring information).
√ I understand I must immediately report any suspected breach of these
rules related to USA Hire to the OPM point of contact for the interagency
agreement or contract and USAHire@opm.gov
√ I understand that OPM reserves the right to terminate anyone’s access
to and use of the USA Hire system and materials (including assessments) at
any time for violating these requirements.
For cases in which a system user is granted access to Applicant Flow Data
including, but not limited to data on an applicant’s race, ethnicity,
or disability, the user agrees that:
√ I acknowledge that I have access to download/transfer Controlled Unclassified Information (CUI) (Opens in new window)
about applicants.
√ I acknowledge my responsibility to mitigate any risk of the data being
used to affect staffing decisions.
√ I acknowledge my responsibility that use of this data will be
consistent with the ‘Purpose and Routine Uses’ language provided to applicants
in the USAJOBS Demographic profile.
√ I acknowledge my responsibility that this data shall not be used for:
‒ Influencing the decision to close or extend job announcements
‒ Influencing the decision to cancel recruitment actions
‒ Influencing the decision to use or not use a referral list of applicants
‒ Influencing selection decisions
‒ Identifying the race, ethnicity, or gender of specific named employees
√ I understand that this data can be used for:
‒ Aggregate human capital reporting
‒ Determining rates of demographic representation in recruitment efforts
‒ Determining rates of demographic representation in hiring or merit promotion selections
‒ Determining rates of qualifications among demographic groups
‒ Evaluating the effectiveness of recruitment in reaching targeted demographic groups
√ I agree to these rules and the appropriate safeguarding of data.
√ I assume liability for misuse of data caused by sharing data with other recipients.
√ I acknowledge my responsibility to ensure the confidentiality, integrity,
and availability of applicant data in a manner consistent with its sensitivity.
√ By being granted access to Controlled Unclassified Information (CUI) (Opens in new window),
I am obligated to protect this information from unauthorized disclosure.
√ I agree that my obligation to safeguard the confidentiality of Controlled Unclassified Information (CUI) (Opens in new window)
information shall be in effect until
a transfer of duties no longer requires access to this data or until termination
of my employment.
√ I will obtain, use or disclose such data only in connection with the
performance of my official duties solely for authorized purposes.
√ I will not disclose any data to other agencies or persons not expressly
authorized to receive or have access to it. I will make any such authorized
disclosures in accordance with established regulations and procedures.
√ I will encrypt any applicant data on any portable storage device,
including laptops, PDAs, iPods, thumb drives, external hard drives, etc.
√ Upon discovering a security incident, I will immediately report it in
accordance with my Agency specific incident reporting procedures and shall immediately
notify the OPM Security Operations Center (SOC) at CyberSolutions@opm.gov or 844-377-6109.
√ I will protect my authentication tokens from disclosure and loss at all times.
√ Under this agreement, on behalf of my agency, I accept responsibility
for carrying out its terms and conditions. I further agree that all necessary
administrative steps will be taken to assure that persons who have access to this
data will be informed of this agreement and will be required to comply with it.
These restrictions are consistent with and do not supersede, conflict with or
otherwise alter the employee obligations, rights or liabilities created by
Executive Order 12356; Section 7211 of Title 5, United States Code (governing
disclosures to Congress); Section 2302(b)(8) of Title 5, United States Code, as
amended by the Whistleblower Protection Act (governing disclosures of
illegality, waste, fraud, abuse or public health or safety threats); the
Intelligence Protection Act of 1982 (50 U.S.C. 421 et seq.) (governing
disclosures that could expose confidential Government agents), and the statutes
which protect against disclosure that may compromise the national security,
including Sections 641, 793, 794, 798 and 952 of Title 18, United States Code,
and Section 4(b) of the Subversive Activities Act of 1950 (50 U.S.C. Section
783(b)). This agreement shall not nullify or affect in any manner any other secrecy or
nondisclosure Agreement which I have executed or may execute with the United
States Government.