TThe following summarizes INL HPC use policies, procedures, and security rules that apply to individual end users of INL HPC resources, which in total makes up the INL HPC Appropriate Use Policy. Users are responsible for ensuring that these policies, procedures, and security rules are followed. Users must understand and explicitly agree to abide by INL’s HPC Appropriate Use Policy to be granted access to the systems.
The DOE Office of Nuclear Energy (DOE-NE) is a primary sponsor for INL’s HPC resources through the Nuclear Science User Facility (NSUF) Program. Therefore, the priority for these systems is nuclear energy research, development, and demonstration. This includes activities that support DOE-NE’s R&D programs, organizations performing work associated with DOE through grants and awards, and openly published research of benefit to the nuclear energy community. Additionally, access to INL HPC computing resources are available to users that support INL’s non-nuclear energy research activities as well as education and workforce development. All access requires an appropriate justification.
Further information on all INL HPC policies and practices can be found on the INL HPC homepage.
HPC User Accountability
Each HPC user is accountable for their actions. Violations of policy, procedure, and security rules may result in applicable administrative sanctions or legal actions against the violator.
HPC Resource Use
INL HPC resources are to be used only for activities authorized by the U.S. Department of Energy (DOE) or the INL Advanced Scientific Computing Director.
The use of INL HPC resources should be consistent with the intended usage documented on the account request submission. Any changes in a user’s intended use from what was approved must be requested and approved in advance by emailing email@example.com. For example, if an HPC account request states that the intended usage is density function theory computations, but the research focus changes and astrophysics simulations are needed, that would need to be reported and approved in advance.
Users must not use INL HPC resources to support illegal, fraudulent, or malicious activities. Users must not use any INL HPC resources to facilitate any transaction that would violate U.S. export control regulations.
The United States DOE and the Management and Operating Contractor of INL make no express or implied warranty with respect to the use of INL HPC resources. Neither DOE nor the Management and Operating Contractor of INL shall be liable in the event of any HPC system failure or loss of data.
Intent to Publish
I will use best efforts to publish the results from my use of the INL HPC Resources in an open scientific journal or significant industry technical journal or conference proceedings. I will acknowledge use of the INL HPC Resources in the publication and notify the INL of any publications that result from my use of the computing resources.
HPC Use by Foreign Nationals
INL complies with U.S. export control policies and regulations. HPC use by foreign nationals is generally permitted regardless of whether access to INL HPC resources is from the United States or abroad. However, the Office of Foreign Assets Control (OFAC) of the U.S. Department of the Treasury administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals and prohibits use of HPC resources by individuals and companies on the OFAC sanctioned list. In alignment with this policy, INL will not permit access to HPC resources to citizens of – or companies/individuals physically located in – countries listed on OFAC website. This access restriction also applies to companies owned or controlled by, or acting for or on behalf of, the listed countries.
Usernames and Passwords
A user identifier (username) and an associated password are required of all INL HPC users. Individuals who have an INL-assigned user identifier are responsible for protecting the associated password. Passwords must be changed on a regular basis per HPC Password Policy or at INL’s request. Password renewal notifications are sent to users when the password is about to expire. Passwords not changed in the allotted timeframe will result in the user’s account being disabled. All passwords must conform to the INL HPC guidelines. Passwords must not be shared with any other person and must be changed as soon as possible after an unacceptable exposure, suspected compromise, or at the direction of INL personnel. These requirements apply equally to any two-factor authentication is provisioned by INL staff for HPC access.
HPC users connecting to INL HPC resources from offsite will be issued a multifactor token generation device, which will be in the form of software installed on a smartphone, or a physical hardware token. Only under special circumstances is the physical token made available. When account entitlement ends, the HPC user’s token will be disabled. Physical tokens remain the property of INL and must be returned upon completion of approved activities. Two-factor PINs and tokens are not to be shared with any other individual or transferred to another person. If a physical token is no longer required, it must be returned to INL.
Users are not permitted to share accounts, passwords, PINs, or tokens with others. If a user is found in violation of this, they will have their account terminated immediately.
Users must immediately notify firstname.lastname@example.org promptly if they become aware that any of their accounts used to access INL HPC resources have been compromised. Upon actual or suspected loss, disclosure, or compromise of the multifactor authentication physical or virtual token and associated password, users must immediately notify email@example.com.
Users must promptly inform INL of any changes in contact information or affiliation.
HPC users with multiple affiliations may, under very limited and controlled circumstances, be permitted to have multiple accounts on INL HPC resources. The intent of this policy is to allow individuals with multiple affiliations the opportunity to manage proprietary data or licensed code access, enabling physical separation of said data or codes. Copying of proprietary data or licensed codes between accounts is strictly forbidden. If other, non-restricted data needs to be copied between accounts, written permission from the originating account sponsor must be obtained in advance. Failure to follow this procedure may result in the loss of HPC account access.
INL HPC policy requires external users to renew their accounts annually. As part of the renewal process, users must provide project summaries describing their work that involved use of INL HPC resources. The account renewal request is effectively a user’s proposal to continue to access INL HPC resources and as such, should clearly communicate intended use and potential research impact. Failure to submit account renewal in the allotted timeframe will result in the account being disabled until the required information is provided.
Software and Data
INL HPC resources are operated as research systems and should only be used to access and store data related to research. These research systems are categorized as moderate per FIPS-199 and protected to the NIST 800-53 moderate security control baseline.
INL HPC resources control data access via username and password authentication for network access and UNIX directory and file permissions for data storage. Network access and data storage systems provide no explicit encryption. HPC home directories are accessible by the directory owner only; system protections ensure that home directories cannot be shared. Project directories are accessible only by the directory owner and others designated in written communication with HPC staff.
HPC users are responsible for protecting data files and acknowledge and understand that INL’s HPC security control implementation is sufficient for research data access and storage. Users recognize that files stored in temporary, or scratch, storage areas might not have the same level of data protection as files stored in home or project directories.
HPC users must ensure, when using HPC resources, that all software is acquired and used according to appropriate licensing. Possession, use, or transmission of illegally obtained software on HPC resources is prohibited. HPC users shall not copy, store, or transfer copyrighted software or data using HPC resources, except as expressly permitted by the copyright owner. In certain cases, HPC staff will require proof of end-user license or access approval.
THE USE OF INL HPC RESOURCES TO STORE, MANIPULATE, OR REMOTELY ACCESS CLASSIFIED INFORMATION IS EXPRESSLY PROHIBITED.
INL reserves the right to remove any data at any time and/or transfer data to other individuals (such as principal investigators working on the same or a similar project) after a user account is deleted or a user no longer has a business association with INL.
Although INL takes steps to ensure the integrity of stored data, INL does not guarantee that data files are protected against destruction. INL uses standard enterprise data storage systems with features such as snapshots and remote replication but is not liable for data loss due to major system failures or catastrophic events. HPC users are strongly encouraged to read the INL HPC Data Protection Policy and the INL HPC Retention and Backup Policy and to make backup copies of all critical data and important software.
Deviations from Authorized Privileges Not Allowed
HPC users may not deviate from the terms of this INL HPC Appropriate Use Policy in any way, including, but not limited to, the following prohibitions:
- • Unauthorized Access: HPC users are prohibited from attempting to send or receive messages or access information by unauthorized means, such as imitating another system, impersonating another user or other person, misusing legal user credentials (usernames, passwords, etc.), or causing a system component to function incorrectly.
- • Altering Authorized Access: HPC users are prohibited from changing or circumventing access controls to allow the user or others to perform actions outside authorized privileges.
- • Reconstruction of Information or Software: HPC users are prohibited from reconstructing or re-creating information or software outside authorized privileges.
- • Data Modification or Destruction: HPC users are prohibited from taking actions that intentionally modify or delete information or programs outside authorized privileges.
- • Malicious Software: HPC users are prohibited from intentionally introducing or using malicious software, including, but not limited to, computer viruses, Trojan horses, or worms.
- • Denial of Service Actions: HPC users are prohibited from using INL HPC resources to interfere with any service availability, either at INL or at other sites.
- • Pornography: HPC users are prohibited from using INL HPC resources to access, upload, download, store, transmit, create, or otherwise use sexually explicit or pornographic material.
- • Harassment: HPC users are prohibited from engaging in offensive or harassing actions toward another individual or organization.
- • Cryptocurrency: HPC users are prohibited from any cryptocurrency mining. Additionally, any cryptocurrency transaction support, including clearing and validating, is explicitly prohibited.
Monitoring and Privacy
HPC users have no explicit or implicit expectation of privacy. INL retains the right to actively monitor all HPC resources and activities on INL systems and networks, and to access any file without prior knowledge or consent of HPC users, senders, or recipients. INL may retain copies of any network traffic, computer files, or messages indefinitely without user’s prior knowledge or consent. INL may, at its discretion, share information gathered through monitoring with the Department of Energy, other incident response organizations, and local, state, federal, and international law enforcement organizations.
INL personnel and HPC users are required to address, safeguard against, and report misuse, abuse, and criminal activities. Misuse of INL HPC resources can lead to temporary or permanent disabling of accounts, administrative sanctions, and/or legal actions.
U.S. Government funds support INL HPC resources and the use of HPC resources by users. Absent any statutory provision or express waiver of intellectual property rights by the U.S. Government, the U.S. Government owns any patentable inventions that may be conceived or first actually reduced to practice through use of the INL HPC. If the use of the INL HPC resources is funded by a U.S. Government research grant, cooperative agreement, or other U.S. Government contract the intellectual property terms (if any) of that grant, agreement, or contract will govern ownership of such intellectual property. If an HPC user is employed by a federal government agency, National Laboratory, University, or private entity, the intellectual property terms (if any) of such employment will govern the use of INL HPC resources.
I will disclose, to the U.S. Government and the INL Contactor, any invention conceived as a part of the work on INL HPC and will protect the invention until a patent application can be filed. I understand that the U.S. Government retains rights to practice and have others practice the invention and may own the invention.