TRACE policies regarding security and the acceptable use of TRACE resources are documented here. Questions about any of these policies should be directed to TRACE User Services.
See also policies for:

• Passwords

Security Measures

Security is very important to TRACE. These policies are intended to ensure that our machines are not misused and that your data is secure.

What You Can Do:

You play a significant role in security!  To keep your account and TRACE resources secure, please:

• Be aware of and comply with TRACE's policies on security, use and privacy found in this document
• Choose strong passwords and don't share them between accounts or with others. More information can be found in the TRACE password policies.
• Utilize your local security team for advice and assistance
• Keep your computer properly patched and protected
• Report any security concerns to the TRACE help desk ASAP by calling the TRACE hotline at: 412-268-4745 or email trace-it-help@andrew.cmu.edu

What We Will Never Do:

• TRACE will never send you unsolicited emails requesting confidential information.
• We will also never ask you for your password via an unsolicited email or phone call.

Remember that the TRACE help desk is always a  phone call away to confirm any correspondence at  412-268-4745.
If you have replied to an email appearing to be from TRACE and supplied your password or other sensitive information, please contact the help desk immediately.

What You Can Expect:

• We will send you email when we need to communicate with you about service outages, new HPC resources, and the like.
• We will send you email when your password is about to expire and ask you to change it by using the web-based TRACE password change utility.

Other Security Policies

• Users must connect to TRACE machines using ssh in order to avoid remote logins with clear text passwords.
• We vigilantly monitor our computer systems and network connections for security violations
• We are in close contact with the CERT Coordination Project with regard to possible Internet security violations

Reporting Security Incidents

To report a security incident you should contact our Hotline at 412-268-4745. To report non-emergency security incidents you can send email to trace-it-help@andrew.cmu.edu.

TRACE Acceptable Use Policy

TRACE's resources are vital to the scientific community, and we have a responsibility to ensure that all resources are utilized in a responsible manner. TRACE has legal and other obligations to protect its services, resources, and the intellectual property of users. Users share this responsibility by observing the rules of acceptable use that are outlined in this document. Your on-line assent to this Acceptable Use Policy is your acknowledgment that you have read and understand your responsibilities as a user of TRACE Services and Resources, which refers to all computers owned or operated by TRACE and all hardware, data, software, storage systems and communications networks associated with these computers. If you have questions, please contact TRACE User Services at 412-268-4745 or email trace-it-help@andrew.cmu.edu.
By using TRACE Services and Resources associated with your allocation, you agree to comply with the following conditions of use:

1. You will protect any access credentials (e.g., private keys, tokens & passwords) that are issued for your sole use by TRACE and not knowingly allow any other person to impersonate or share any of your identities.
2. You will not use TRACE Services and Resources for any unauthorized purpose, including but not limited to:
   1. Financial gain
   2. Tampering with or obstructing TRACE operations
   3. Breaching, circumventing administrative, or security controls
   4. Inspecting, modifying, distributing, or copying privileged data or software without proper authorization, or attempting to do so
   5. Supplying, or attempting to supply, false or misleading information or identification in order to access TRACE Services and Resources
3. You will comply with all applicable laws and relevant regulations, such as export control law or HIPAA.
4. You will immediately report any known or suspected security breach or misuse of TRACE access credentials to trace-it-help@andrew.cmu.edu.
5. Use of TRACE Services and Resources is at your own risk. There are no guarantees that TRACE Services and Resources will be available, that they will suit every purpose, or that data will never be lost or corrupted. Users are responsible for backing up critical data.
6. Logged information, including information provided by you for registration purposes, will be used solely for administrative, operational, accounting, monitoring and security purposes.
7. Violations of this Acceptable Use Policy and/or abuse of TRACE Services and Resources may result in loss of access to TRACE Services and Resources. Abuse will be referred to the TRACE User Services manager and/or the appropriate local, state and federal authorities, at TRACE's discretion.
8. TRACE may terminate or restrict any user's access to TRACE Services and Resources, without prior notice, if such action is necessary to maintain computing availability and security for other users of the systems.
9. Allocations are awarded solely for open research, intended for publication. You will only use TRACE Computing Resources to perform work consistent with the stated allocation request goals and conditions of use as defined by your approved TRACE project and this Acceptable Use Policy.
10. TRACE is entitled to regulate, suspend or terminate your access, and you will immediately comply with their instructions.

Privacy

TRACE is committed to preserving your privacy. This privacy policy explains exactly what information is collected when you visit our site and how it is used.
This policy may be modified as new features are added to the site. Any changes to the policy will be posted on this page.

• Any data automatically collected from our site visitors – domain name, browser types, etc. – are used only in aggregate to help us better meet site visitors' needs.
• There is no identification of individuals from our aggregate data. Therefore, unless you choose otherwise, you are totally anonymous when visiting our site.
• We do not share data with anyone for commercial purposes.

TRACE respects individual privacy and takes great effort in supporting web site privacy policy outlined above. Please be aware, however, that we may publish URLs of other sites on our web site that may not adhere to the same policy.