Acceptable Use Policy
- I understand that I have the primary responsibility to safeguard the information collected by a UAS from unauthorized or inadvertent use, modification, disclosure, and denial of service.
- Access: Blue UAS operations are for official use and authorized purposes.
- Availability: Use of Blue UAS is permitted in all locations where the gaining organization of the platform covered by the ATO has obtained the appropriate flight, safety, and spectrum approvals. Gaining organization is responsible for abiding by all applicable rules and regulations of the Country, Base, AOR, and region they are operating in as well as any applicable international agreements, to include spectrum and operating restrictions that would require additional evaluation, security, risk acceptance, and approvals from the gaining organization.
- Training: Users shall complete applicable cyber-security training before using any Blue UAS as well as all organizational directed UAS training.
- Information Processing: Users must comply with information security program requirements established in DoDM 5200.01, DoDI 8500.01, as well as all Department, Service, and unit level policies and procedures for information processing.
- Authority to Operate Compliance: Users must adhere to conditions outlined in the Authority to Operate and provide all applicable RMF security controls not identified in the Blue UAS type accreditation.
- Required controls for all Blue UAS:
- Do not connect a Blue sUAS to a DoW network without establishing an Authority to Connect
- Do not connect unauthorized systems to the UAS via external ports
- Ensure physical custody of the UAS while not in operation
- Only operate in environments where the system may not be compromised if lost
- Ensure application of any system directed credentialing
- Flight/mission logs must either be disabled or encrypted
- All software updates must be completed in accordance with the ATO
- Only allowable payloads/attachments are those that have been assessed as part of the ATO, Blue UAS Framework, or do not interface with a critical component
Do you agree to the above terms for use of a Blue UAS?