U.S. DEPARTMENT OF AGRICULTURE
WASHINGTON, D.C. 20250
|
DEPARTMENTAL
REGULATION
|
Number: 3160-001 |
|
|
SUBJECT: Computer Software Piracy |
DATE: March 29, 2007 |
|
|
|
||
1
PURPOSE
This Departmental
Regulation (DR) establishes the policy for preventing
Computer Software
Piracy within the United States Department of Agriculture (USDA).
2
BACKGROUND
The United States
Government is the world’s largest purchaser of computer - related services and
equipment, purchasing more than $60 billion annually as of fiscal year
2006. It is incumbent on the USDA to
ensure that its practices as a purchaser and user of computer software are
carried out effectively, efficiently, and in compliance with all applicable
legislation.
3
REFERENCES
Executive Order 13103 of September
30, 1998
The Digital Millennium Copyright Act
of 1998
OMB Circular NO. A-130 Appendix III,
Security of Federal Automated Information Resources
National Institute of Standards and
Technology (NIST) Special Publication 800-12
Copyright Law of the United States
of America Title 17, United States Code (Copyright Act)
4
SCOPE/APPLICABILITY
This Directive
applies to all USDA employees, contractors, and volunteers that are authorized
to use USDA-supplied software in performing their functions.
5
POLICY
a
Use of software not properly licensed
to USDA is without the consent of the Agency. Employees, contractors, and
volunteers who duplicate copyrighted material without authorization may be
subject to disciplinary action and/or civil liability. The Department or
employing agency will not defend or indemnify employees or contractors in
copyright violation suits if the violation resulted from willful negligence or
very high degree of culpability.
b
USDA agencies and staff offices shall
issue the following Information Technology Asset Management (ITAM) procedures
and practices:
(1)
Establish and enforce agency software
standards;
(2)
Establish centralized software
acquisition whenever possible;
(3)
Establish a software controller
function;
(4)
Establish accurate supported software
inventories and maintain them;
(5)
Establish and maintain a software
library;
(6)
Establish and enforce software
disposal procedures; and
(7)
Perform spot audits of installed
software base.
c
USDA agencies and staff offices shall
ensure that policies, procedures and practices of the agency related to
copyrights protecting software are appropriate, and also fully implement
policies set forth in this policy directive.
d
USDA agencies and staff offices as
part of their annual third quarter computer security program review (Federal Information Security
Management Act (FISMA)), shall submit copies of policies,
procedures developed, and ITAM results pursuant to this directive to the USDA
Chief Information Officer.
e
Nothing in this DR shall be construed
to require the disclosure of law enforcement investigative sources or methods,
or to prohibit or otherwise impair a lawful investigative or protective
activity undertaken by or on behalf of the USDA.
f
This directive shall take effect
immediately.
6
RESPONSIBILITIES
a
Office of the Chief Information
Officer shall:
(1)
Maintain oversight and final approval
authority of all monitoring
and review activities;
(2)
Support the Department’s information
technology (IT) strategic
planning/performance measurement
process by developing and
codifying in a software piracy
policy, performance measures related
to the effectiveness of controls to
prevent software piracy;
(3)
Review annual policies, procedures
developed, and ITAM results
provided by Agency/staff offices;
(4)
Enforce the use of shared internal and
interdepartmental
procedures, practices, products and
services to prevent software
piracy;
(5)
Expand piracy-related elements in
future computer security
reviews; and
(6)
Expand computer security training to
include information on
software piracy guidance for
employees, contractors, and
volunteers.
b USDA agencies and staff offices Heads
shall establish controls to
ensure that their organization
complies with section 5 of this directive.
-END-