Approved Date – 02/22/2021
Published Date – 02/22/2021
Reviewed Date – 03/13/2023
Outline an acceptable use of computer equipment belonging to the District of Columbia Government (hereafter known as District) and protect the District’s assets and workforce from risks that may result from the inappropriate use of the District’s computer equipment.
DC Official Code § 1-1401 et seq., provides the Office of the Chief Technology Officer (“OCTO”) with the authority to provide information technology (IT) services, write and enforce IT policies, and secure the network and IT systems for the District. This document can be found at: https://code.dccouncil.us/dc/council/code/sections/1-1402.html.
This policy applies to all District workforce members responsible for application identity and role definition on behalf of the District, and/or any District agency/District/entity who receives enterprise services from OCTO. In addition, this policy applies to any provider and third-party entity with access to District information, systems, networks, and applications.
This Policy also applies to any provider and third-party entity with access to the District’s information, networks, and applications.
District Government owned, leased, and/or managed IT resources shall serve the business needs of the District of Columbia.
4.1. Privacy Expectations
4.1.1. Users of District Government IT systems do not expect privacy when using District Government communications and digital equipment.
4.1.2. The District reserves the right to monitor and audit networks and systems periodically to ensure the security of the network and compliance with this policy.
4.2. Limited Personal Use
District-owned leased, or managed technology resources may be used for personal purposes on a limited basis, providing this use results in:
4.2.1. The use of the District’s provided devices for personal purpose should result in minimal cost and security exposure to the District.
4.2.2. The use of the District’s provided devices for personal purposes should result in minimal expense to the District and minimal wear and tear to the device.
4.2.3. No interference with work responsibilities.
4.2.4. No disruption to the workplace.
4.2.5. No storage of unlicensed, copyrighted materials on any District-owned, leased, and/or managed technology resources.
4.2.6. No device-to-device connection of Non-District-owned, leased, and/or managed technology resources.
4.2.7. No illegal activities; and
4.2.8. No commercial or solicitation activities.
4.3. Unauthorized Uses and Specific Prohibitions
Prohibited uses of District Government systems and networks shall include, but are not limited to:
4.3.1. Using personally owned technology for conducting District Government business where official District Government records are created but not maintained by the District of Columbia.
4.3.2. Creating, copying, transmitting, or retransmitting greeting cards, video, sound, or other large file attachments can degrade the performance of the entire network.
4.3.3. Accessing, creating, downloading, viewing, storing, copying, and/or transmitting adult content, including but not limited to pornography, sexually explicit, or sexually oriented materials.
4.3.4. Accessing online gambling (legal and illegal) and/or online gaming sites.
4.3.5. Accessing online dating services.
4.3.6. Accessing sites that promote illegal activity, copyright violation or activity that violates the District Government ethical standards.
4.3.7. Accessing and/or using District Government technology resources for activities that are illegal, inappropriate, or offensive to District Government workforce members and/or the public. Such activities include but are not limited to hate speech or material that ridicules others based on race, creed, religion, color, sex, disability, national origin, or sexual orientation.
4.3.8. Creating, downloading, viewing, storing, copying, and/or transmitting materials related to illegal weapons, terrorist activities, and any other illegal activities or activities otherwise prohibited, etc.
4.3.9. Using District Government systems as a staging ground or platform to gain unauthorized access to other systems.
4.3.10. Hacking or using hacking tools or malware to circumvent security measures.
4.3.11. Downloading, copying, and/or playing of computer video games.
4.3.12. Using District Government technology resources for commercial purposes or in support of “for-profit” activities or support of other outside employment or business activity (e.g., consulting for pay; sales or administration of business transactions, sale of goods or services) including using District Government technology resources to assist relatives, friends, or other persons in such activities.
4.3.13. Engaging in any prohibited outside fund-raising activity, endorsing any product or service, participating in any lobbying activity, or engaging in any prohibited partisan political activity in violation of the Hatch Act.
4.3.14. Posting non-public Government information to external newsgroups, bulletin boards, social media (including but not limited to Facebook, Twitter), or other public forums without authority. This includes any use that could create the perception that the communication was made in one’s official capacity as a member of the District Government workforce unless appropriate approval has been obtained or the use is not at odds with the agency’s mission or positions.
4.3.15. Acquiring, using, reproducing, transmitting, or distributing any controlled information, including computer software and data, that includes privacy information, copyrighted, trademarked, or material with other intellectual property rights (beyond fair use), proprietary data, or export-controlled software or data.
4.3.16. Downloading files, for example, music or other inappropriate material, to forward to another individual (“file sharing”), which is outside the scope of limited personal use.
4.3.17. Using or installing unauthorized instant messaging.
4.3.18. Using unauthorized Peer-2-Peer Networking.
4.3.19. Using soft VOIP phones for personal use, e.g., Skype, Vonage, etcetera.
4.3.20. Storing official District Government files and data on personal devices.
4.4. International Travel
All DC Government workforce members traveling outside the United States are not permitted to access the DC government resources on their mobile devices (e.g., Personal Mobile Phones, Tablets, etc.) while working outside the country. Workforce members that need to access their government resources while outside the country may contact their Agency Director for approval. The OCTO CISO and CTO must be notified of the approval. All mobile applications used to access the DC government's resources on personal mobile devices must be deactivated when outside the country.
Exceptions to this policy shall be requested in writing to the Agency’s CIO and the request will be escalated to the OCTO Chief Information Security Officer (“CISO”) for approval.
The definition of the terms used in this document can be found in the Policy Definitions website.