What regulations cover email accounts?

2021-06-28T18:16:05-04:00

What regulations cover the receipt of personal emails on your dot mil or dot civ account?

Response by LTC Jason Mackay made Jun 28 at 2021 6:55 PM

2021-06-28T18:55:49-04:00

I am going to immediately regret asking this, but why?

Response by SGT Christopher Hayden made Jun 28 at 2021 6:58 PM

2021-06-28T18:58:50-04:00

AR 25–13 Chapters 3-1 & 3-2.

Response by CPT Private RallyPoint Member made Jun 28 at 2021 7:10 PM

2021-06-28T19:10:38-04:00

Maybe AR 25-13
Army Telecommunications and Unified Capabilities

Be professional
Don't use work e-mail for personal stuff
Don't use personal e-mail for work stuff (this one is particularly unique to government employees because of the classified or confidential nature of our communications). Where as something might get you fired in the civilian sector, the same spillage could get you thrown in jail in the government sector.

Response by SFC Ralph E Kelley made Jun 28 at 2021 7:21 PM

2021-06-28T19:21:08-04:00

Call your local DOIM Office. They will give the full briefing along
documents to sign for an annual briefing at your clearance level.

Response by SGT David Schrader made Jun 28 at 2021 11:07 PM

2021-06-28T23:07:22-04:00

I can’t quote a specific regulation, but use common sense.

Response by SFC Michael Hasbun made Jun 29 at 2021 9:48 AM

2021-06-29T09:48:19-04:00

Read the Acceptable Use Policy (AUP) you signed when you established your account. You can find it hosted here... https://cs.signal.army.mil/

Here is the Text, verbatim.

DOD STANDARD MANDATORY
NOTICE AND CONSENT
By signing this document, you acknowledge and consent that when you access Department of Defense
(DOD) information systems:
1. You are accessing a U.S. Government (USG) information system (IS) (which includes any device
attached to this information system) that is provided for U.S. Government authorized use only.
2. You consent to the following conditions:
a. The U.S. Government routinely intercepts and monitors communications on this information
system for purposes including, but not limited to, penetration testing, communications security (COMSEC)
monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and
counterintelligence (CI) investigations.
b. At any time, the U.S. Government may inspect and seize data stored on this information system.
c. Communications using, or data stored on, this information system are not private, are subject to
routine monitoring, interception, and search, and may be disclosed or used for any U.S. Governmentauthorized purpose.
d. This information system includes security measures (e.g., authentication and access controls) to
protect U.S. Government interests not for your personal benefit or privacy.
e. Notwithstanding the above, using an information system does not constitute consent to personnel
misconduct, law enforcement, or counterintelligence investigative searching or monitoring of the content
of privileged communications or data (including work product) that are related to personal representation
or services by attorneys, psychotherapists, or clergy, and their assistants. Under these circumstances,
such communications and work product are private and confidential, as further explained below:
(1) Nothing in this User Agreement shall be interpreted to limit the user's consent to, or in any
other way restrict or affect, any U.S. Government actions for purposes of network administration,
operation, protection, or defense, or for communications security. This includes all communications
and data on an information system, regardless of any applicable privilege or confidentiality.
(2) The user consents to interception/capture and seizure of ALL communications and data for
any authorized purpose (including personnel misconduct, law enforcement, or counterintelligence
investigation). However, consent to interception/capture or seizure of communications and data is not
consent to the use of privileged communications or data for personnel misconduct, law enforcement,
or counterintelligence investigation against any party and does not negate any applicable privilege or
confidentiality that otherwise applies.
(3) Whether any particular communication or data qualifies for the protection of a privilege, or is
covered by a duty of confidentiality, is determined in accordance with established legal standards and
DOD policy. Users are strongly encouraged to seek personal legal counsel on such matters prior to
using an information system if the user intends to rely on the protections of a privilege or
confidentiality.
(4) Users should take reasonable steps to identify such communications or data that the user
asserts are protected by any such privilege or confidentiality. However, the user's identification or
assertion of a privilege or confidentiality is not sufficient to create such protection where none exists
under established legal standards and DOD policy.
(5) A user's failure to take reasonable steps to identify such communications or data as privileged
or confidential does not waive the privilege or confidentiality if such protections otherwise exist under
established legal standards and DOD policy. However, in such cases the U.S. Government is
authorized to take reasonable actions to identify such communication or data as being subject to a
privilege or confidentiality, and such actions do not negate any applicable privilege or confidentiality.
(6) These conditions preserve the confidentiality of the communication or data, and the legal
protections regarding the use and disclosure of privileged information, and thus such communications
and data are private and confidential. Further, the U.S. Government shall take all reasonable
measures to protect the content of captured/seized privileged communications and data to ensure
they are appropriately protected.
f. In cases when the user has consented to content searching or monitoring of communications or
data for personnel misconduct, law enforcement, or counterintelligence investigative searching, (i.e., for
all communications and data other than privileged communications or data that are related to personal
representation or services by attorneys, psychotherapists, or clergy, and their assistants), the U.S.
Government may, solely at its discretion and in accordance with DOD policy, elect to apply a privilege or
other restriction on the U.S. Government's otherwise-authorized use or disclosure of such information.
g. All of the above conditions apply regardless of whether the access or use of an information
system includes the display of a Notice and Consent Banner ("banner"). When a banner is used, the
banner functions to remind the user of the conditions that are set forth in this User Agreement, regardless
of whether the banner describes these conditions in full detail or provide a summary of such conditions,
and regardless of whether the banner expressly references this User Agreement.
Army Standard Acceptable Use Policy (AUP)
1. Understanding. I understand that I have the primary responsibility to safeguard the
Information contained on the classified and/or unclassified network from unauthorized or inadvertent
modification, disclosure, destruction, denial of service, and use.
2. Access. Access to this organization’s network(s) is for official use and authorized purposes and as set
forth in DoD 5500.7-R, "Joint Ethics Regulation" or as further limited by this policy.
3. Revocability. Access to Army resources is a revocable privilege and is subject to content
monitoring and security testing.
4. Classified information processing. This information system is a US-only system and approved to
process classified collateral information
a. The classified network provides communication to external DoD organizations using the SIPRNET.
Primarily this is done via electronic mail and internet networking protocols such as web, ftp, and telnet.
b. The classified network is authorized for SECRET or lower-level processing in accordance with
accreditation package held at this organization.
c. The classification boundary between classified network and unclassified network requires vigilance
and attention by all users. The classified network is also a US-only system and not accredited for
transmission of NATO material.
d. The ultimate responsibility for ensuring the protection of information lies with the user. The
release of TOP SECRET information through the classified network is a security violation and will be
investigated and handled as a security violation or as a criminal offense.
5. Unclassified Information Processing. The Unclassified Network is the primary unclassified automated
administration tool for this organization. The unclassified network is a US-only system.
a. The unclassified network provides unclassified communication to external DoD and other United
States Government organizations. Primarily this is done via electronic mail and internet networking
protocols such as web, ftp, telnet.
b. The unclassified network is approved to process UNCLASSIFIED, SENSITIVE information in
accordance with local regulations dealing with automated information system security management
programs.
c. The unclassified network and the Internet, as viewed by this organization are synonymous. Email
and attachments are vulnerable to interception as they traverse the NIPRNET and Internet.
6. Minimum security rules and requirements. As a Classified Network and/or Unclassified system user,
the following minimum security rules and requirements apply:
a. Personnel are not permitted access to the Classified Network and the Unclassified Network unless in
complete compliance with this organization’s personnel security requirement for operating in a TOP
SECRET system-high environment.
b. I have completed the user security awareness training module on the Fort Gordon website. I will
participate in all training programs as required (inclusive of threat identification, physical security,
acceptable use policies, malicious content and logic identification, and nonstandard threats such as social
engineering) before receiving system access.
c. I will generate, store, and protect passwords or pass-phrases. Passwords will consist of at
least 10 characters with 2 each of uppercase and lowercase letters, numbers, and special
characters. I am the only authorized user of this account. (I will not use user ID, common names,
birthdays, phone numbers, military acronyms, call signs, or dictionary words as passwords or
pass-phrases. )
d. I will use only authorized hardware and software. I will not install or use any personally owned
hardware, software, shareware, or public domain software.
e. I will use virus-checking procedures before uploading or accessing information from any
system, diskette, attachment, or compact disk.
f. I will not attempt to access or process data exceeding the authorized IS classification level.
g. I will not alter, change, configure, or use operating systems or programs, except as specifically
authorized.
h. I will not introduce executable code (such as, but not limited to, .exe, .com, .vbs, or .bat files)
without authorization, nor will I write malicious code.
i. I will safeguard and mark with the appropriate classification level all information created, copied,
stored, or disseminated from the IS and will not disseminate it to anyone without a specific need to know.
j. I will not utilize Army- or DoD-provided ISs for commercial financial gain or illegal activities.
k. Maintenance will be performed by the System Administrator (SA) only.
l. I will use screen locks and log off the workstation when departing the area.
m. I will immediately report any suspicious output, files, shortcuts, or system problems to the
Organization’s System Administrator and/or Information Assurance Support Officer and cease all
activities on the system.
n. I will address any questions regarding policy, responsibilities, and duties to the organization’s System
Administrator and/or Information Assurance Support Officer.
o. I understand that each IS is the property of the Army and is provided to me for official and authorized
uses. I further understand that each IS is subject to monitoring for security purposes and to ensure that
use is authorized. I understand that I do not have a recognized expectation of privacy in official data on
the IS and may have only a limited expectation of privacy in personal data on the IS. I realize that I should
not store data on the IS that I do not want others to see.
p. I understand that monitoring of Classified Network and Unclassified Network will be conducted for
various purposes and information captured during monitoring may be used for administrative or
disciplinary actions or for criminal prosecution. I understand that the following activities define
unacceptable uses of an Army IS:
• to show what is not acceptable use
• to show what is acceptable during duty/non-duty hours
• to show what is deemed proprietary or not releasable (key word or data identification)
• to show what is deemed unethical (e.g., spam, profanity, sexual content, gaming)
• to show unauthorized sites (e.g., pornography, streaming video, E-Bay)
• to show unauthorized services (e.g., peer-to-peer, distributed computing)
• to define proper email use and restrictions (e.g., mass mailing, hoaxes, auto forwarding)
• to explain expected results of policy violations (1st, 2 nd , 3rd, etc)
(Note: Activity in any criteria can lead to criminal offenses.)
q. The authority for soliciting a social security number (SSN) is EO 939. The information below
will be used to identify you and may be disclosed to law enforcement authorities for investigating
or prosecuting violations. Disclosure of information is voluntary; however, failure to disclose
information could result in denial of access to the organization’s information systems.
7. Acknowledgement. I have read the above requirements regarding use of this organization’s
access systems. I understand my responsibilities regarding these systems and the
information contained in them.

Response by SSgt Christophe Murphy made Jun 29 at 2021 3:21 PM

2021-06-29T15:21:50-04:00

The user agreement portion of the System Authorization Access Request (SAAR) covers the dos, don't and etc for using the account.