Category: Uncategorized

CyberFETCH Rules of Behavior

The following sets forth the Rules of Behavior (RoB) for users of the CyberFETCH website.

1.1 CyberFETCH is an information technology service established by the Department of Homeland Security (DHS) Science & Technology Directorate.
1.2 CyberFETCH provides members of the cyber forensic community access to an online collaborative platform to share information, network with other vetted users and collect and share resources relevant to cyber forensics.
1.3 While the site’s landing page is available to the general public on the Internet (via any compatible web browser), privileged access is restricted to those individuals who have been vetted, and subsequently identified and authenticated by the system itself via a user logon and password.
1.4 Registered Users should be aware that by registering they have implicitly provided permission for the system to send them periodic service announcements and administrative messages via email. Registered Users should also understand and agree that the service may include certain communications from CyberFETCH personnel. User information will not be used for marketing purposes or shared except if required by applicable DHS policy or federal laws or regulations.
1.5 DHS 4300A Sensitive Systems Policy requires system specific Rules of Behavior (RoB) to be defined for all DHS IT systems. This RoB policy details the expected behavior of Registered Users when accessing and using the system. RoB policies that are understood and followed help ensure the security of systems and the confidentiality, integrity, and availability of information. RoB policies inform users of their responsibilities and let them know they will be held accountable for their actions while they are accessing DHS owned systems. DHS 4300A Sensitive Systems Policy requires that Registered Users are briefed with regards to these rules and are aware of the disciplinary actions that may result from non-compliance. Additionally, Users are required to agree to and sign this RoB policy (done via a checkbox during registration) prior to being granted Registered User access to CyberFETCH.

2.1 The CyberFETCH System Administrator (SA) will ensure that all Registered Users read and acknowledge the RoB before being granted access to the system. The Information System Security Officer (ISSO) is responsible for ensuring the SA adheres to this procedure, and in conjunction with the SA, will maintain a current list of all registered CyberFETCH users and ensure that evidence of acknowledgement of the RoB are on file for each. The ISSO is also responsible for maintaining, reviewing, and updating the RoB at least once per year.
2.2 Acknowledgement of the RoB is captured when a registering user clicks the checkbox stating “I have read and understand the Rules of Behavior”.

3.1 All Non-Compliances with the CyberFETCH RoB shall be considered security incidents in accordance with DHS policy and thoroughly investigated by the system’s ISSO in accordance with the CyberFETCH Incident Response Plan. If an investigation concludes that a violation has indeed occurred, a warning may be issued, or the offending Registered User’s account may be temporarily or permanently disabled or terminated, effectively revoking all privileged access to the information system and any data contained therein. In some cases, violators may be subject to criminal prosecution.
3.2 The following RoB shall be strictly adhered to by all CyberFETCH Users. CyberFETCH is subject to change at any time. If the RoB does change, Registered Users will be notified by email and asked to re-read and re-acknowledge or risk the temporary locking of their account at the discretion of the CyberFETCH ISSO, until they comply.

4.1 User Accounts:

Registered Users shall be provided access and granted rights to CyberFETCH according to “need to know” and “least privilege”.
Users shall understand that any/all use of the CyberFETCH information system is subject to continuous monitoring in accordance with DHS policy at that access is at the liberty of DHS.
Users shall not circumvent or attempt to circumvent any security countermeasures or safeguards.
All users shall have individual accounts. Shared, or sharing of, accounts shall not be permitted at any time, for any reason.
All user account credentials (usernames and passwords) will be unique and associated directly with a single “live” individual.
No individual user shall be permitted more than one account at any given time.
If an individual user no longer requires access to CyberFETCH, it shall be his or her responsibility to notify the SA immediately so that the account can be terminated.
User accounts/credentials shall not be transferrable to any other individual under any circumstances.
4.2 Password Protection:

Users shall protect their password from disclosure.
Users shall not reveal their password to others.
Users shall be responsible for any computer activity associated with their username and password.
User shall not write down or post their password
Users shall change their password immediately if it is suspected to have been compromised and subsequently notify the CyberFETCH System Administrator.
All passwords shall meet the following password requirements:
Passwords are at least 8 characters long and have a combination of letters (upper- and lower-case), numbers, and special characters. Null passwords are not allowed.
Passwords must be changed every 90 days and the new password cannot be the same as any of the user’s last eight passwords.
4.3 System Access:

Users shall not enter into this or any other DHS computer system without explicit authorization. Any unauthorized entry into this information system is a serious security violation and may result in civil or criminal prosecution depending on the extent of the violation.
Users shall not permit any unauthorized individual (including spouse, relative, co-worker, or friend) access to restricted/non-public areas of the information system.
Users shall understand and accept responsibility for protecting all output generated under their account (for example, printed output, CD/DVD ROM, USB/Flash memory, external hard drives, magnetic tapes).
Users shall not print, distribute or disseminate other users’ Personally Identifiable Information.
Users shall understand and accept that there is no expectation of privacy and that their activity is subject to auditing at all times while using CyberFETCH
Users shall agree to notify the System Administrator when access to the information system is no longer needed or when a user is no longer active in the cyber forensics community.
Users shall understand that evidence of acknowledgement of this agreement will be kept on file with the System Administrator when they agree to accept the RoB.
4.4 Website Content:

Information or content posted to the website must relate to cyber forensics/security topics.
Users shall not upload, post, email, transmit or otherwise make available any content that is unlawful, harmful, threatening, abusive, harassing, tortuous, defamatory, vulgar, obscene, libelous, invasive of another’s privacy, hateful, or racially, ethnically or otherwise objectionable.
Users shall not post CLASSIFIED, LAW ENFORCEMENT SENSITIVE, FOR OFFICIAL USE ONLY or SENSITIVE BUT UNCLASSIFIED MATERIAL information or documents to CyberFETCH under any circumstance. In addition, it is the user’s responsibility to use reasonable judgment when posting data to the system to avoid the creation of information that could be considered SENSITIVE of CLASSIFIED in aggregate.
Users shall not impersonate any person or entity, or falsely state or otherwise misrepresent themselves or any data they put on the system.
Users shall not forge headers or otherwise manipulate identifiers in order to disguise the origin of any content transmitted through CyberFETCH.
Users shall not upload, post, email, transmit or otherwise make available any content that you do not have a right to make available under any law or under contractual or fiduciary relationships (such as inside information, proprietary and confidential information learned or disclosed as part of employment relationships or under nondisclosure agreements).
Users shall not upload, post, email, transmit or otherwise make available any content that infringes any patent, trademark, trade secret, copyright or other proprietary rights of any party.
Users shall not upload, post, email, transmit or otherwise make available any unsolicited or unauthorized advertising, promotional materials, “junk mail,” “spam,” “chain letters,” “pyramid schemes,” or any other form of solicitation.
Users shall not upload, post, email, transmit or otherwise make available any material that contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer software or hardware or telecommunications equipment; interfere with or disrupt the Service or servers or networks connected to the Service, or disobey any requirements, procedures, policies or regulations of networks connected to the Service; intentionally or unintentionally violate any applicable local, state, national or international law; collect or store personal data about other users.
4.5 Security Reporting Requirements:
4.5.1 Registered Users must promptly report any known/observed violations of or non-compliance with the CyberFETCH RoB including (but not limited to) observed IT security incidents, suspicions of security violations, or posting of inappropriate content. Reports should be made directly to the CyberFETCH ISSO or System Administrator via the “Contact Us” link available in the main navigation of the CyberFETCH website.
4.6 Export Control
4.6.1 CyberFETCH is a tool to share computer forensic industry-specific information, including both technical and non-technical information, among practitioners and interested parties. It is the user’s responsibility to comply with all applicable laws and regulations regarding the export of controlled information. Exporting information includes providing access to information through emails, links, and other sharing mechanisms. Certain information, including technical data such as that which is available on this website, may be controlled for export reasons, including through email, from the United States or, within the United States, to foreign nationals.
4.6.2 For further guidance, please see or
4.7 Modification of the Service
4.7.1 CyberFETCH reserves the right at any time to modify or discontinue, temporarily or permanently, the Service (or any part thereof) with or without notice. You agree that CyberFETCH shall not be liable to you or to any third party for any modification, suspension or discontinuance of the Service. CyberFETCH is not liable for any data or information lost as a result of discontinuance of service.
4.8 Termination
4.8.1 You agree that CyberFETCH may, under certain circumstances and without prior notice, immediately terminate your account and access to the Service. Cause for such termination shall include, but not be limited to,
(a) breaches or violations of the RoB or other incorporated agreements or guidelines.
(b) requests by law enforcement or other government agencies.
(c) a request by you (self-initiated account deletions).
(d) discontinuance or material modification to the Service (or any part thereof).
(e) unexpected technical or security issues or problems.
4.8.2 Termination of your CyberFETCH account may include:
(a) deletion of your password and all related information, files and content associated with or inside your account (or any part thereof).
(b) barring further use of the Service.
4.8.3 Further, you agree that all terminations for cause shall be made in CyberFETCH sole discretion and that CyberFETCH shall not be liable to you or any third party for any termination of your account or access to the Service.
4.9 Links
4.9.1 The Service or authorized users may provide links to other World Wide Web sites or resources. Because CyberFETCH has no control over such sites and resources, you acknowledge and agree that CyberFETCH is not responsible for the availability of such external sites or resources and does not endorse and is not responsible or liable for any content, advertising, products, or other materials on or available from such sites or resources. You further acknowledge and agree that CyberFETCH shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such Content, goods or services available on or through any such site or resource.
4.10 Acknowledgment Statement

I understand that I have no expectation of privacy while using CyberFETCH.
I understand that I will be held accountable for my actions while accessing and using CyberFETCH.
I acknowledge that I have received as well as understand my responsibilities and will comply with the Rules of Behavior for the CyberFETCH system.
As a Registered User of CyberFETCH, I acknowledge my responsibility to conform to the above requirements set forth the by the Department of Homeland Security’s Science & Technology Directorate. I understand that my failure to agree to these Rules of Behavior will result in denial of access to CyberFETCH and its system components.
CyberFETCH is a program of the Department of Homeland Security (DHS) Science & Technology (S&T) Directorate.