Secure Logon for https://partners.jhuapl.edu

Johns Hopkins University Applied Physics Laboratory (JHU/APL)

Purpose and Scope

These Terms of Use (“Terms”) apply to either Member Users (“Members”) or External Collaborator Users (“Collaborators”) who have been invited into the Johns Hopkins University Applied Physics Laboratory, LLC (APL) Partners (OUTER) SharePoint instance (“APL’s Partners Instance”) and authorized access to one or more sites. A site is a shared resource between various authorized internal and external collaborators. By accessing or using this system, you agree to comply with all APL security, privacy, and export control requirements described herein.

System Authorization and Permitted Information Types

APL’s Partners Instance is approved for Unclassified Internal, Proprietary, Sensitive-Restricted, Controlled Unclassified Information (CUI), and, where authorized, ITAR/EAR export-controlled information.

However, APL’s Partners Instance is not approved for storage or transmission of Classified, Personally Identifiable Information (PII), or Protected Health Information (PHI).

All export-controlled material uploaded into APL’s Partners Instance must be marked with the export classification. Sites with non-US persons access must be reviewed by the Trade Program Lead in JHU/APL’s International Trade Compliance Office (ITCO) and have a Trade Authorization Request (TAR) documenting the type of data and project. If the TPL identifies an export license is required for non-US persons access (based on export classifications and country) the Project Management is responsible for pulling data for the license. JHU/APL may require PII information in order to submit such a license. Users agree to comply with the ITAR and EAR as they access, use and share data on the site.

APL’s Partners Instance is compliant with the ITAR/EAR encryption requirements, based on the U.S. Department of State and Department of Commerce IT requirements. APL’s Partners Instance meets FIPS 140-2 encryption requirements for information in-transit and at-rest, as required for ITAR/EAR export-controlled data.

Collaborators’ Devices and Security Attestation

By agreeing to these terms and connecting to APL’s Partners, you attest the following:

1. You are appropriately trained by your organization for the information types being exchanged, and the devices you are utilizing are authorized for processing these information types.
2. For users accessing CUI, that you are an authorized recipient and holder of CUI, and the devices that you are utilizing conform to applicable U.S. Government non-federal or federal information system requirements.
3. For users accessing ITAR/EAR export-controlled information for a particular site, that you are an authorized recipient and holder of ITAR/EAR export-controlled information for that particular site, and that the devices you are utilizing conform to applicable U.S. Government export-control requirements.
   NOTE: Not all users authorized to access APL’s Partners Instance will be authorized to access all CUI and/or export-controlled information, or the Partners sites on which those sorts of information are transmitted.
4. Connected devices enforce basic endpoint security controls, including but not limited to, secure authentication mechanisms, current security patches, encryption of data-at-rest, and active malware protection.
5. Your connected devices and external channels will not be used to store, share, or transmit content beyond the system’s approved capabilities and any external channel’s explicitly authorized information types.
6. You will not use any unauthorized cloud storage, forwarding, or messaging services to distribute Partners content beyond your authorized devices, and the users, sites, and lists approved to facilitate external collaboration.
7. While connected to APL’s Partners Instance, devices and accounts remain under your control and shall not be shared with any unauthorized individuals.
8. You further agree to immediately report any suspected or actual security incidents or unauthorized disclosures to your APL sponsor and the APL Help Desk (443-778-4357).

Monitoring and Consent to Disclosure

This computer system, including all related networks and devices, is for use only by employees of APL and explicitly authorized Collaborators. Your use of this system constitutes your consent, without restriction, to monitoring and disclosure of all data and communications, either in transit or at rest, to any third party authorized by APL — including the U.S. Government — for any lawful or legitimate purpose.

You are acknowledging that you have no reasonable expectation of privacy regarding your use of this system, and your use of this system constitutes your consent, without restriction, to these terms and to the monitoring and disclosure of all data and communications, either in transit or at rest, to any third party authorized by APL, including to the U.S. Government, for any legitimate purpose.

Prohibited Uses and Enforcement

Any use of APL’s Partners Instance that violates any law, regulation, export-control, or APL policy is strictly prohibited. Violations may result in revocation of access, reporting to appropriate authorities, and/or civil or criminal penalties as permitted under applicable U.S. law.