The objective of this policy is to establish a minimum level of control for Internet access and use in executive branch agencies. Internet access and use controls are necessary to reduce latency and network traffic and to serve as tools for managing and controlling Internet usage.

This policy applies to any agency, authority, board, department, division, commission, institution, institution of higher education, bureau or like governmental entity of the executive branch of state government and encompasses all decisions and activities affecting or affected by access or use of the Internet.

"Cache" is a means to save and store a temporary copy or copies on a server of HTML pages, images and files that are most demanded by clients. The copy will be used as it is requested instead of asking the source (original server). The benefits include reduction in latency and network traffic that results in (perceived) faster response time for the client. Cache may also be used to log the requests for purposes of monitoring.

"Cache freshness" is the concept of keeping cached objects consistent with the original object on the source content server. Generally, this is accomplished by configuring the cache refresh interval and cache expiration rules on the server to force a retrieval of the original object periodically.

"Latency" is the time it takes for a packet of data to get from one designated point to another. Latency and bandwidth combined define the speed and capacity of the network.

A "Proxy" is a server, in an organization that uses the Internet, that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service. The proxy intercepts all requests to the Internet server to see if the request from the user is authorized and can be fulfilled. This is a means to filter requests and prevent access to a specific set of Web sites. However, a proxy may be set only to log site access and produce reports for management review.

All executive branch agencies shall plan for and implement a proxy and/or cache methodology for Internet access. Proxy and cache servers shall be placed as close to the agency's local area network (LAN) as possible.

Agency management shall establish the control level of the proxy/cache implementation to meet the needs of the individual agencies. Control levels are as follows:

1. Authentication only

   Authentication is the lowest level of control. It is the process of determining whether someone or something is, in fact, who or what it is declared to be.

2. Monitoring and authentication

   This is a middle level of control. The monitoring aspect refers to the tracking of Internet use through the examination of logs.

3. Blocking and authentication

Agencies shall select the proxy and cache products that best fit the agency's GroupWare and Network Operating System (NOS) and meet the technical standards of the New Jersey Enterprise Information Technology Architecture.

Agencies shall comply with the requirements of Section 512 of the Federal Copyright Act which enables the State to limit its liability as it relates to caching. Specifically, agencies shall ensure that cache freshness is maintained in accordance with generally accepted technology standards and practices, and cached objects must be provided to subsequent users without modification.

Some or all information collected in the process of monitoring Internet Usage may be subject to the New Jersey Right to Know laws. Agencies shall consult with their legal counsel if issues arise concerning the Right to Know laws and information collected during the course of monitoring. Agencies shall dispose of information collected for monitoring purposes in accordance with the appropriate record retention schedules.

Agency Management

• Determine the level of control necessary to meet agency needs.
• For proxy implementations where blocking is employed, identify the Internet sites that should be blocked.
• Establish internal reporting requirements to track the Internet use.
• Establish and implement procedures for reporting and handling of Internet use abuse.
• Develop any additional policy(ies) to augment the Acceptable Use of the Internet for New Jersey State Agency Employee policy.
• Ensure that agency employees are aware of all policies, guidelines and practices for Internet use, including agencies' Internet monitoring practices.
• Notify employees that information collected concerning Internet usage may be subject to the Right to Know laws.
• Train and retain personnel to administer the server based or local cache proxy.

Agency Information Technology Unit

• Administer the agency proxy/cache servers.
• Provide agency management with reports on Internet use based on management requirements.
• For proxy implementations, implement the request from agency management to block Internet sites.
• Report Internet use abuse in accordance with agency procedures.
• Maintain confidentiality of information discovered in the course of administering the proxy or cache, allowing for access in accordance with the Right to Know laws
• Adhere to the technical standards for Proxy and Cache Servers as enumerated in the Enterprise Information Technology Architecture.

Office of Information Technology

• OIT will assist departments too small to take advantage of a department wide implementation of proxy/cache.
• Web-site developers should take advantage of cache functions where feasible.

Acceptable Use of the Internet for New Jersey State Agency Employee

New Jersey Enterprise Information Technology Architecture.