INL High Performance Computing Appropriate Use Policy
The following summarizes INL HPC use policies, procedures, and security rules that apply to individual end users of INL HPC resources, which in total makes up the INL HPC Appropriate Use Policy. Users are responsible for ensuring that these policies, procedures, and security rules are followed. You must understand and explicitly agree to abide by INL’s HPC Appropriate Use Policy to be granted access to the systems.
Further information on INL HPC data security policies and practices can be found on the INL HPC Home page.
HPC User Accountability
You, like each HPC user, are accountable for your actions. Violations of policy, procedure, and security rules may result in applicable administrative sanctions or legal actions against you.
HPC Resource Use
INL HPC resources are to be used only for activities authorized by the U.S. Department of Energy (DOE) or the INL Advanced Scientific Computing Director.
The use of INL HPC resources should be consistent with the intended usage documented on your account request submission. Any changes in your intended use from what was approved must be requested and approved in advance by emailing hpcaccounts@inl.gov. For example, if on your HPC account request you state that your intended usage is density function theory computations but then decide to change research focus and run astrophysics simulations, that would need to be reported and approved in advance.
You must not use INL HPC resources to support illegal, fraudulent, or malicious activities. You must not use of INL HPC resources to facilitate any transaction that would violate U.S. export control regulations.
The United States DOE and the Management and Operating Contractor of INL make no express or implied warranty with respect to the use of INL HPC resources. Neither DOE nor the Management and Operating Contractor of INL shall be liable in the event of any HPC system failure or loss of data.
HPC Use by Foreign Nationals
INL complies with U.S. export control policies and regulations. HPC use by foreign nationals is generally permitted regardless of whether access to INL HPC resources is from the United States or abroad. However, the Office of Foreign Assets Control (OFAC) of the U.S. Department of the Treasury administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals and prohibits use of HPC resources by individuals and companies on the OFAC sanctioned list. INL will also not permit access to HPC resources to citizens of – or companies/individuals physically located in – the following countries: Cuba, Iran, Syria, Sudan, North Korea, and Crimea Region of Ukraine. This access restriction also applies to companies owned or controlled by, or acting for or on behalf of, the listed countries.
Usernames and Passwords
A user identifier (username) and an associated password are required of all INL HPC users. Individuals who have an INL-assigned user identifier are responsible for protecting the associated password. Passwords must be changed on a regular basis per HPC policy or at INL's request. Password renewal notifications are sent to users when password is about to expire. Passwords not changed in the allotted timeframe will result in user's account being disabled. All passwords must conform to the INL HPC guidelines. Passwords must not be shared with any other person and must be changed as soon as possible after an unacceptable exposure, suspected compromise, or at the direction of INL personnel. These requirements apply equally to any two-factor authentication PIN and token that is provisioned by INL staff for HPC access.
Multifactor Tokens
HPC users connecting to INL HPC resources from offsite will be issued a multifactor token which will be a virtual token software installed on a smartphone. Under special circumstances, a physical token may be made available. When account entitlement ends, the HPC user's token will be disabled. Physical tokens remain the property of INL and must be returned upon completion of approved activities. Two-factor PINs and tokens are not to be shared with any other individual nor transferred to another person. If a physical token is no longer required, it must be returned to INL.
Account Usage
You are not permitted to share your accounts, passwords, PINs, or tokens with others. If you are found in violation of this, you will have your account terminated immediately.
Notification
You must immediately notify hpcaccounts@inl.gov upon if you become aware that any of the accounts used to access INL HPC resources have been compromised. Upon actual or suspected loss, disclosure, or compromise of the multifactor authentication physical or virtual token and associated password, you must immediately notify hpcaccounts@inl.gov.
You must promptly inform INL of any changes in contact information or affiliation.
Account Renewal
INL HPC policy requires external users to renew their accounts annually. As part of the renewal process, you must provide project summaries describing your work that used the INL HPC resources. The account renewal request acts as your proposal to continue to access INL HPC resources. Failure to submit account renewal by the allotted timeframe will result in your account being disabled until required information is provided.
Software and Data
INL HPC resources are operated as research systems and should only be used to access and store data related to research. These research systems are categorized as moderate per FIPS-199 and protected to the NIST 800-53 moderate security control baseline.
INL HPC resources control data access via username and password authentication for network access and UNIX directory and file permissions for data storage. Network access and data storage systems provide no explicit encryption. HPC home directories are accessible by the directory owner only; system protections ensure that home directories cannot be shared. Project directories are accessible only by the directory owner and others designated in written communication with HPC staff.
HPC users are responsible for protecting data files and acknowledge and understand that INL’s HPC security control implementation is sufficient for research data access and storage. Users recognize that files stored in temporary, or scratch, storage areas might not have the same level of data protection as files stored in home or project directories.
HPC users must ensure that when using HPC resources that all software is acquired and used according to appropriate licensing. Possession, use, or transmission of illegally obtained software on HPC resources is prohibited. HPC users shall not copy, store or transfer copyrighted software or data using HPC resources, except as expressly permitted by the copyright owner.
THE USE OF INL HPC RESOURCES TO STORE, MANIPULATE, OR REMOTELY ACCESS CLASSIFIED INFORMATION IS EXPRESSLY PROHIBITED.
Data Retention
INL reserves the right to remove any data at any time and/or transfer data to other individuals (such as Principal Investigators working on a same or similar project) after a user account is deleted or a user no longer has a business association with INL.
Although INL takes steps to ensure the integrity of stored data, INL does not guarantee that data files are protected against destruction. INL uses standard enterprise data storage systems with features such as snapshots and remote replication but is not liable for data loss due to major system failures or catastrophic events. HPC users are strongly encouraged to read the INL HPC Data Protection and Retention Policy and to make backup copies of all critical data and important software.
Deviations from Athorized Privileges Not Allowed
HPC users may not deviate from the terms of this INL HPC Appropriate Use Policy in any way, including, but not limited to, the following prohibitions:
Unauthorized Access: HPC users are prohibited from attempting to send or receive messages or access information by unauthorized means, such as imitating another system, impersonating another user or other person, misusing legal user credentials (usernames, passwords, etc.), or causing some system component to function incorrectly.
Altering Authorized Access: HPC users are prohibited from changing or circumventing access controls to allow the user or others to perform actions outside authorized privileges.
Reconstruction of Information or Software: HPC users are prohibited from reconstructing or re-creating information or software outside authorized privileges.
Data Modification or Destruction: HPC users are prohibited from taking actions that intentionally modify or delete information or programs outside authorized privileges.
Malicious Software: HPC users are prohibited from introducing or using malicious software, including, but not limited to, computer viruses, Trojan horses, or worms.
Denial of Service Actions: HPC users are prohibited from using INL HPC resources to interfere with any service availability, either at INL, or at other sites.
Pornography: HPC users are prohibited from using INL HPC resources to access, upload, download, store, transmit, create, or otherwise use sexually explicit or pornographic material.
Harassment: HPC users are prohibited from engaging in offensive or harassing actions toward another individual or organization.
Cryptocurrency: HPC users are prohibited from any cryptocurrency mining. Additionally, any cryptocurrency transaction support including clearing and validating is explicitly prohibited.
Monitoring and Privacy
HPC users have no explicit or implicit expectation of privacy. INL retains the right to actively monitor all HPC resources, activities on INL systems and networks, and to access any file without prior knowledge or consent of HPC users, senders, or recipients. INL may retain copies of any network traffic, computer files, or messages indefinitely without user's prior knowledge or consent. INL may, at its discretion, share information gathered through monitoring with the Department of Energy, other incident response organizations, and local, state, federal, and international law enforcement organizations.
INL personnel and HPC users are required to address, safeguard against, and report misuse, abuse and criminal activities. Misuse of INL HPC resources can lead to temporary or permanent disabling of accounts, administrative sanctions, and/or legal actions.
