Legal

Overview

This Acceptable Use Policy has been designed with the intention to protect its users and assets from threats resulting from actions, either intentional or unintentional. Point North Networks’ goal is to maintain the confidentiality, integrity, and availability of the data and resources within the PNN Enclave system boundary. This system to be used for business purposes in serving the interests of the company, and of our clients and customers in the course of normal operations.

Purpose

The purpose of this Acceptable Use Policy (AUP) is to establish guidelines for the secure use of the Point North Networks Secure Enclave Virtual Desktop Infrastructure environment (PNN Enclave) for handling, processing, and storing Controlled Unclassified Information (CUI) and other sensitive information in compliance with the Cybersecurity Maturity Model Certification (CMMC) Level 2 requirements.

Scope

This policy applies to all authorized users, including employees, contractors, and third-party affiliates, who access the PNN Enclave for processing CUI.

Acceptable Use

• Users must access the PNN Enclave only for authorized business purposes related to handling CUI.
• All data stored or processed within the PNN Enclave must comply with CMMC Level 2 security controls.
• Users must ensure that their authentication credentials (e.g., passwords, multi-factor authentication tokens) remain confidential and are not shared.
• Only authorized devices that comply with organizational security policies may be used to access the PNN Enclave.
• All file transfers into or out of the PNN Enclave must follow approved procedures and will be logged for security auditing.
• Users must comply with all encryption, access control, and security monitoring policies while accessing CUI.

Prohibited Activities

• Storing, processing, or transmitting CUI outside the PNN Enclave.
• Using unauthorized personal devices to access the PNN Enclave.
• Installing or running unauthorized software within the PNN Enclave.
• Sharing login credentials or allowing unauthorized users to access the PNN Enclave.
• Attempting to disable, bypass, or interfere with security controls or monitoring mechanisms.
• Engaging in any activity that may compromise the confidentiality, integrity, or availability of CUI or the PNN Enclave.
• Using the PNN Enclave for personal activities or non-business-related tasks.

Data Security & Protection

• CUI must be classified, labeled, and handled in accordance with organizational policies and CMMC Level 2 requirements.
• Users must log out of the PNN Enclave when not in use.
• All security incidents or suspected violations must be reported immediately to the IT security team.
• Users must complete annual security training specific to handling CUI in the PNN Enclave.

Monitoring & Enforcement

• The PNN Enclave VDI environment is subject to continuous monitoring, logging, and security audits.
• Violations of this policy may result in disciplinary action, including revocation of access, termination of employment, and potential legal consequences.
• PNN reserves the right to modify this AUP as necessary to align with evolving security and compliance requirements.