APJ Enterprise LLC
Acceptable Use Policy (AUP) / Rules of Behavior
FedRAMP Moderate | NIST SP 800-53 Rev. 5 | DoD-Aligned
1. Purpose
To define acceptable and prohibited use of APJ Enterprise LLC information systems, protecting confidentiality, integrity, and availability of data under FedRAMP Moderate controls.
2. Applicability
Applies to all users accessing company or client systems, including employees, contractors, and third-party service providers.
3. Policy
3.1 Authorized Use
- Use systems only for approved business functions.
- Limited personal use is allowed if it does not affect productivity or security.
3.2 Monitoring and Privacy
- All activity may be monitored or audited.
- Users have no expectation of privacy when using company resources.
3.3 Data Protection
- Protect all Controlled Unclassified Information (CUI) and PII per NIST SP 800-171.
- Do not email sensitive data to unapproved destinations.
3.4 Prohibited Activities
- Installing unauthorized software or connecting personal devices.
- Circumventing security controls, sharing passwords, or using others’ credentials.
- Streaming, gaming, or using systems for personal gain.
- Copying data to removable media without encryption and authorization.
3.5 Incident Reporting
- Report suspected or confirmed security incidents within 1 hour to the ISSM/ISSO.
- Users must not attempt self-investigation.
3.6 Acknowledgment
All users must sign this AUP before system access.
Signed copies are retained for one year after account termination.
4. Control Mappings
| Control | Framework | Description | |———-|————|————-| | PL-4 | FedRAMP Moderate | Rules of Behavior | | PS-6 | NIST SP 800-53 Rev 5 | Access Agreements | | AC-8 | FedRAMP Moderate | System Use Notification | | IR-6 | NIST SP 800-53 Rev 5 | Incident Reporting | | MP-7 | FedRAMP Moderate | Media Use Controls |
5. References
- FedRAMP Moderate Baseline (PL, PS, AC Families)
- DoDI 8500.01 Cybersecurity
- DoDI 8550.01 DoD Internet Services
- NIST SP 800-171 Protecting CUI
- NIST SP 800-53 Rev 5 Security Controls