TMF has implemented a firewall to prevent unauthorized computer network users at TMF from accessing the JPL-Pasadena intra-network (intranet). This is to comply with JPL directives to include but not limited to SPI 4-02-3, JPL D-7223, and JPL D-7155E, the main objective of these is to prevent foreign nationals from accessing export-controlled resources; the JPL-Pasadena intranet is considered an export-controlled resource.

The TMF network is defined as the site-wide, general-purpose computer network accessible to all authorized TMF users and does not include dedicated networks run for specific projects.

The firewall is installed between the TMF network and the connection to the Internet. With certain exceptions described in the next paragraph, all TMF network users trying to access the JPL-Pasadena intranet will be intercepted by the firewall and prompted for a username and password before being allowed access. Usernames and passwords are issued per the instructions in Sections I through VIII below. Users trying to access sites not part of the JPL-Pasadena intranet will not be prompted for usernames and passwords.

The JPL-Pasadena network includes some publicly accessible resources, which are available from any computer through internet service providers (ISP), e.g., Earthlink and America Online. Examples include web service at http://www.jpl.nasa.gov, and email service (POP and IMAP) at all mail servers in the jpl.nasa.gov domain. If a resource is available from a public ISP, TMF network users will not have to enter a username and password to access that resource. Also, because POP and IMAP services are considered an exception SMTP email service outbound from TMF will also be allowed without authentication.

JPL Security requires the computer user to protect the computer used to connect to the JPL-Pasadena intranet from viewing by foreign nationals. A password-protected screen saver with a maximum timeout of 15 minutes must be established unless the computer is in a locked room. The burden lies with the computer user to protect the computer from access by a foreign national, call either the TMF Network Security Officer or the TMF Site Operations Manager if there are any questions or concerns.

When at TMF, contact either the TMF Network Security Officer or the TMF Site Operations Manager to be shown how to change the password to something known only to the computer user.

TMF personnel are not responsible for clearing visits by Foreign Nationals, Affiliates, Contractors, Consultants, or Visitors. That remains the sole responsibility of the JPL employee requiring the services of the aforementioned individuals.

Either the TMF Network Security Officer (Dan Walsh, (760-249-4958)) or the TMF Site Operations Manager (Pam Glatfelter, (760-249-4151)) will establish the firewall account. The information will be left in an envelope with the TMF guard staff for the requester. The envelope will be marked "Personal-To Be Opened Only By [Your Name]" and will contain a temporary password. The requestor will have to present a JPL badge that shows that the requester is an "Employee" and are not a Foreign National to receive the password.

The JPL Employee who is a Foreign National and who seeks computer access must follow the procedure described in SPI 4-02-3. The procedure described in the referenced SPI limits the Intranet Sites that a JPL Employee who is a Foreign National may access.

JPL Computer Security will notify the TMF Network Security Officer and the TMF Site Operations Manager that the person has access to certain Intranet Sites and will provide them with the allowable IP addresses. Either the TMF Network Security Officer or the TMF Site Operations Manager will enter the approved IP addresses into the TMF Firewall System.

The remainder of the procedure is as described in Section I.

The JPL Manager of the JPL Affiliate must provide, in writing, both the TMF Network Security Officer and the TMF Site Operations Manager

2) the residence status of the Affiliate (e.g. U.s. citizen, resident alien, or foreign national)

Either the TMF Network Security Officer or the TMF Site Operations Manager will enter the approved IP addresses into the TMF Firewall System.

Either the TMF Network Security Officer (Dan Walsh, (760-248-4958)) or the TMF Site Operations Manager (Pam Glatfelter, (760-249-4151)) will establish the firewall account. The information will be left in an envelope with the TMF guard staff for the requestor. The envelope will be marked "Personal –To Be Opened Only By [Your Name]" and will contain a temporary password. The requestor will have to present appropriate identification in order to receive the temporary password.

Follow procedure described in Section II.

Follow procedure described in Section III.

Follow procedure described in Section II.

If at TMF for a tour, no computer access will be permitted. If at TMF for purposes of working, the visitor is required to follow the procedure described in Section III.

If at TMF for a tour, no computer access will be permitted. If at TMF for purposes of working, the visitor is required to follow the procedure describe in Section II.