Gateways hosted on Jetstream agree to abide by the usage policies defined on https://iujetstream.atlassian.net/wiki/spaces/JWT/pages/1914634248/Acceptable+Use+Policies+and+Research+and+Export+Control+Guidance. We also recommend having an Acceptable Usage Policy (AUP) on your gateway.
We recommend adding a statement to any acceptable use agreement that targets export control issues, such as the language below:
Ensure that data that must be protected by Federal security or privacy laws (e.g., HIPAA, FERPA, ITAR, classified information, export control, etc.) are not stored on this system unless such storage and usage is specifically authorized by the responsible University administrator and complies with any processes for management of access to such information. For export controlled information, including ITAR information, approval of the University Export Compliance Office is required prior to use of the [name of system] systems for storage/processing of export controlled data. The [name of system] system is not intended, by default, to meet the security requirements of these laws or regulations and specific usage related controls or restrictions may be required prior to authorization of the use of the [name of system] system for such purposes.
Ensure that the project does not violate any export control end use restrictions contained in Part 744 of the EAR.
The TrustedCI project – https://www.trustedci.org/ - maintains a sample AUP that you may use to model your gateway’s policy on.