GSA IT General Rules of Behavior

Number: 2104.1C CIO
Status: Active
Signature Date: 11/05/2024
Expiration Date: 11/30/2027

Purpose:

This Order sets forth the General Services Administration’s (GSA’s) Information Technology (IT) General Rules of Behavior and lists the responsibilities and expected behavior of users of GSA’s IT resources and applications to safeguard GSA’s assets and data.

Background:

Office of Management and Budget (OMB) Circular A-130, “Managing Information as a Strategic Resource” requires Federal agencies to establish rules of behavior for employees and contractors that have access to Federal information, including Personally Identifiable Information (PII) and Controlled Unclassified Information (CUI), and information systems. This Order addresses these requirements. The IT General Rules of Behavior implement the Federal policies and GSA directives provided in the References section of this Order.

Applicability:

This Order applies to:

  1. All GSA employees and contractors using GSA IT resources and applications as they perform their duties;
  2. Third parties with a gsa.gov account who access GSA IT resources to conduct business on behalf of, or with, GSA or GSA-supported Government organizations;
  3. The Office of Inspector General (OIG) only to the extent that the OIG determines it is consistent with the OIG’s independent authority under Public Law 110-409, “Inspector General Reform Act of 2008,” and it does not conflict with other OIG policies or the OIG mission; and
  4. The Civilian Board of Contract Appeals (CBCA) only to the extent that the CBCA determines it is consistent with the CBCA’s independent authority under Public Law 95-563, “Contract Disputes Act of 1978,” and it does not conflict with other CBCA policies or the CBCA mission.

Cancellation:

This Order cancels and supersedes CIO 2104.1B CHGE 2, GSA Information Technology (IT) General Rules of Behavior, dated April 1, 2022.

Summary of Changes:

  1. Updated document to conform with OAS 1832.1C.
  2. Added rules regarding Artificial Intelligence.
  3. Edited and updated all rules to reflect current user behavior requirements.

Roles and Responsibilities:

GSA Supervisors - Must ensure compliance with this order for their employees who access GSA IT resources and applications.

Contracting Officers - Must insert a clause into the contract or task order, ensuring compliance of contractor employees with this order in accordance with the General Services Acquisition Manual (GSAM) part 511.171.

Employees/Contractors - Must acknowledge these IT General Rules of Behavior within 30 calendar days of their first use of a GSA IT resource and annually thereafter.

Print Page
Last updated: Nov 7, 2024
Top