1. Background, Purpose, and Scope: Information assets owned by the Florida Department of Transportation (“FDOT” or the “Department”), including but not limited to FDOT data and information, computing devices, cell phones, and removable storage devices, are strategic assets intended for official business use only and are entrusted to staff for the performance of their job-related duties. The scope of this policy extends to all Information Technology Resources owned or operated for FDOT-related business and to all employees or other personnel authorized to use these Information Technology Resources (“Authorized Users”). All Authorized Users must use and protect FDOT information assets and resources in accordance with this policy and applicable information security and privacy policies. Authorized Users are responsible for systems security to the degree that his or her job requires the use of information and associated systems. All Authorized Users are responsible for using information resources only for the purposes for which they are intended, to comply with all controls established by information resource owners and custodians, and for protecting sensitive information against unauthorized disclosure. 2. General Use: a. Use of Computing Devices: Computing devices that use VPN to connect to the FDOT network must be properly protected with the most current software and updates available to ensure that data exchanged is not compromised and does not contain viruses or malware. Non-FDOT computing devices used for FDOT business purposes, such as but not limited to e-mail, must be made available for audit and inspection. All FDOT-related information must be removed from non-FDOT computing devices when employment or a contract is terminated with FDOT. b. Passwords and Personal Information: Information, methodologies or devices used for authentication and authorization purposes (passwords, Personal Identification Numbers [PIN], security questions/answers, security tokens [e.g., smartcard, key fob]) shall remain confidential. c. Badges: Authorized Users are responsible for safeguarding their ID Access Badge, where applicable. Lost or stolen ID Access Badges must be reported immediately to the FDOT Service Desk at FDOT.ServiceDesk@dot.state.fl.us. Guests, employees, or other personnel (including contractors and consultants) without a badge must go to the lobby to obtain a guest or temporary badge. Badges must always be worn and kept visible at all FDOT locations. Badges must be safeguarded and stored in a private location after hours.
