Security and Acceptable Use Policy
Acceptable Use Policy
The guidance notes herein are in accordance with MOD JSP740 (Acceptable Use Policy)
1. This page defines the general Ministry of Defence (MOD) Acceptable Use Policy governing the use of its external Internet resources by MOD staff and by general internet users.
2. It applies to everyone who uses MOD owned or leased Information Technology equipment and Telecommunications networks (MOD IT and Telecoms) including personal computers (whether or not connected to a network), laptops, terminals, Personal Digital Assistants (PDAs), computer kiosks, printers, fax machines, photocopiers, video conference facilities and telephones of all types.
3. All MOD information systems are liable to a recording and monitoring regime intended to maintain security and to ensure that MOD internet services remains available to all users, which include both automated and manual audit procedures to identify unauthorized attempts to upload or change information, or otherwise cause damage. Any information recorded is not used to identify individual users or their usage habits unless required for duly authorised security or law enforcement activities. Raw data logs are used and retained for no other purposes. See the Privacy page for further information on our privacy policies.
3. MOD Websites are published under the authority of the Secretary of State for Defence, and contain information duly sanctioned for release to the general public. They are bound by the Copyright regulations laid down elsewhere on this site.
4. Unauthorized attempts to upload information or change information on these services are strictly prohibited and is punishable under the Computer Misuse Act 1990.
Official Domain Names
5. The UK Ministry of Defence (MOD) is the operating authority for a number of Internet domains, which are as follows:
6. Any Internet resource purporting to relate to being an official asset (for instance a website URL or email address) should therefore normally be expected to utilise one of these Official Domain Names. There are a number of legacy instances where this convention is not yet followed, which will mainly be from the general UK Governmental '.gov.uk' address space which MOD shares with Central and Local Government users, in particular email accounts in the form of '@gtnet.gov.uk'. If any doubt exists as to the authenticity of an Internet resource not falling within these naming conventions, please contact email@example.com.
7. All MOD internet mail servers are configured to prevent their use as open mail relays, and any attempt by non-authorised personnel to use such servers will be treated as misuse. Any suspected abusive email from a genuine or forged MOD address should be reported to firstname.lastname@example.org.
8. The practice of sending unsolicited bulk mail ("spam") or e-mail floods ("mailbombing") to MOD addressees may be considered as an attempt to cause a denial of service, and as such will be considered as a serious security matter that may therefore be pursued with the postmaster of the orginating address.
9. The UK Ministry of Defence has established procedures whereby any security relevant matter affecting its external Internet services, such as use of these resources in a manner contrary to the Usage Policy, can be passed to an appropriate authority for investigation.
10. The following specific email addresses should be used:
- Enquiries - email@example.com
- Abuse (including spam alleged to have originated from MOD addresses) - firstname.lastname@example.org
- Vulnerability reporting - email@example.com