AC-8 System Use Notification

Description

System use notifications can be implemented using messages or warning banners displayed before individuals log in to information systems. System use notifications are used only for access via logon interfaces with human users and are not required when such human interfaces do not exist.

Organizations consider system use notification messages/banners displayed in multiple languages based on specific organizational needs and the demographics of information system users. Organizations also consult with the Office of the General Counsel for legal review and approval of warning banner content.

Applicability

This Control applies to all TAMU-CC information resources.

The intended audience for this Control includes all information resource owners, custodians, and users of information resources.

Implementation

System identification/logon banners shall have warning statements that include the following topics:

  • Unauthorized use is prohibited;
  • Usage may be subject to security testing and monitoring;
  • Misuse is subject to criminal prosecution; and
  • Users have no expectation of privacy except as otherwise provided by applicable privacy laws.

The information system shall:

  1. Display a TAMU-CC approved banner to users before granting access to the system that provides privacy and security notices consistent with applicable federal laws, executive orders, directives, policies, regulations, standards, and guidance and states that:
    1. Users are accessing a U.S. Government information system;
    2. Information system usage may be monitored, recorded, and subject to audit;
    3. Unauthorized use of the information system is prohibited and subject to criminal and civil penalties; and
    4. Use of the information system indicates consent to monitoring and recording;
  2. Retain the notification message or banner on the screen until users acknowledge the usage conditions and take explicit actions to log on to or further access the information system; and
  3. For publicly accessible systems:
    1. Displays TAMU-CC system use information during login, before granting further access;
    2. Displays references, if any, to monitoring, recording, or auditing that are consistent with privacy accommodations for such systems that generally prohibit those activities; and
    3. Includes a description of the authorized uses of the system.
  4. Publish a privacy notice on websites owned by the organization which contains, at a minimum, the content contained on the Texas A&M University System website.

Revision History

Last Updated: February 21, 2025

Previous Versions:

  • June 29, 2023
  • May 31, 2022
  • March 25, 2021
  • September 16, 2019

Chief Information Security and Privacy Officer

Submit a Ticket

News

See All News

Events

See All Events