System Logon Banner Requirements
Despite the 1999 date, this is still valid
October 11, 1999
TO: All Employees and UsersFROM: Tom Nash, Al Thomas (CPPM)SUBJECT: Fermilab Computer Banner Policy
On June 17, 1999, the Department of Energy Chief Information Officer issued a memorandum subject: Use of Warning Banners on Departmental Computer Systems. This memorandum issued Departmental policy on the use of computer screen warning banners and is applicable to all DOE Federal and contractor organizations. The banner is to notify all computer users, prior to gaining access to the system resources, that system usage is subject to monitoring and disclosure by appropriate site, Department, or law enforcement personnel.
Banners must be installed on Fermilab computers systems to appear just before or just after log-in on all systems that are managed by a system manager required to register under the Fermilab Policy on computing, explicitly including those on the Computing Protection Program Manager (CPPM) Register Managers mailing list.
The wording of this banner is attached. It should be made as readable as reasonably feasible. The shape and spacing may be adjusted. The borders are not essential. Where possible, the formatting (underlines, bold, etc.) should be retained. Technical guidance on how to install banners will be provided by Mark Kaletka of the Computing Division (x2965) or on the Web.
Exempt from this requirement are:
There is also a general requirement to attach a stick-on banner notice to the front of the monitor frame of all computers. The stick-on banners have been distributed to all division and section offices and the Users Office. You also may email (firstname.lastname@example.org) or telephone (x2345) the Help Desk to obtain a stick-on banner. They also have a special micro-edition for Palm Pilots and other small devices.
For your reference, the notice below is also posted on the main Fermilab web page and is to be included with all account applications forms that require signature. Any existing banners should be replaced and must conform to the one below.
The Department of Energy has not made this optional. This is a requirement for all computers attached directly to the Fermilab network, whether owned by Fermilab or not. Home computers that connect through a commercial ISP are exempt, but home computers that connect directly to Fermilab by direct dial up or ISDN are not exempt.
* * * * * * * * * * *
NOTICE TO USERSThis is a Federal computer (and/or it is directly connected to a Fermilab local network system) that is the property of the United States Government. It is for authorized use only. Users (authorized or unauthorized) have no explicit or implicit expectation of privacy. Any or all uses of this system and all files on this system may be intercepted, monitored, recorded, copied, audited, inspected, and disclosed to authorized site, Department of Energy, and law enforcement personnel, as well as authorized officials of other agencies, both domestic and foreign. By using this system, the user consents to such interception, monitoring, recording, copying, auditing, inspection, and disclosure at the discretion of authorized site or Department of Energy personnel. Unauthorized or improper use of this system may result in administrative disciplinary action and civil and criminal penalties. By continuing to use this system you indicate your awareness of and consent to these terms and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the conditions stated in this warning.Fermilab policy and rules for computing, including appropriate use, may be found at http://www.fnal.gov/cd/main/cpolicy.html.
How to Install:
For Unix and Mac OSX systems:
Place the banner text in the /etc/motd and/or /etc/issue file displayed at system login; In addition, you may install banners using tcpwrappers for services like ftp; However, this is not required and some services (such as ssh and rsh) will not function with banners installed in this way;
For Windows systems:
For Windows systems in the Fermi Windows 2000 domain, the banner is provided for you automatically. For Windows systems NOT in the domain, it is the users responsibility to have the appropriate banner information installed. For Windows systems, place the banner text in the WindowsNT registry key:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\ CurrentVersion\Winlogon\LegalNoticeText
Banners are not required for "self-managed" systems. Refer to detailed policy guidance at left. "Self-managed" systems will require banner stickers on the monitor frame.