U.S. Department of Health and Human Services
Rules of behavior: The Rules of Behavior describes the user responsibilities and expected behavior with regard to information system usage. The user should sign this document indicating that they have read, understand, and agree to abide by the rules of behavior, before they receive access to the information system.
Access: IT Administrators monitor system access to ensure that there is not an excessive or unusual number of individuals receiving high level or administrator–level access to the system. This could indicate a lack of controls–including least privilege and “need to know” controls.
Some positions may require a background check to be complete prior to obtaining access. The IT Administrator should have reasonable assurance that a check was conducted.
Page 2 of 4
Rules of Behavior and User Access