Overview
The MSSEI Assessment Service is a service for assessing compliance with campus data security policies that is required for all systems and applications that handle data classified as Protection Level 4. The service is provided for IT Resource Managers who maintain protected data systems on behalf of the campus. The assessment is managed by a member of the Information Security Office (ISO) Assessments Team.
The purpose of the MSSEI Assessment Service is to identify gaps in meeting campus security policy requirements for P4 data. As an outcome of the service, ISO will provide a report listing recommended actions to reduce the security risk to protected data.
Below is a an overview of the process:
Activities |
Description |
Responsible Party |
|
IT Service Provider |
ISO |
||
|
Identify the data types processed, stored, and transmitted by the system, any security and privacy regulations that apply, and the data classification is determined. |
✔ |
|
|
Document in the SSP the security controls in place (or planned) for meeting each MSSEI control requirement. The completion of the SSP is a prerequisite for the assessment. Note 1: Refer to the UC Berkeley System Security Plan Step-by-Step Guide for detailed information about how to complete and submit an SSP. Note 2: If you need assistance, you may create a ServiceNow ticket by emailing security-assessments@berkeley.edu(link sends e-mail). |
✔ |
|
|
Once the SSP is completed, submit it to ISO via the MSSEI Assessment Service Request Form. |
✔ |
|
|
A security analyst from the Assessments Team is selected to conduct the assessment and the SSP is reviewed to determine the extent to which the security controls implemented meet the MSSEI requirements for the system. |
✔ |
|
|
An assessment report is prepared to document the findings and recommendations from the assessment. An internal review of the report is performed and the report is delivered to the Unit. |
✔ |
|
|
Remediation actions are implemented necessary to resolve the findings identified in the assessment report. |
✔ |
|
|
The SSP is updated to reflect the remediation actions implemented and on an ongoing basis in response to changes. |
✔ |
Getting Started
To get started with an MSSEI assessment, follow the links below to start filling out the System Security Plan for your application.
- UC Berkeley System Security Plan (SSP) Step-by-Step Guide
- Download UC Berkeley System Security Plan Templates:
- P4 SSP Template (Make a Copy)
- P2/P3 SSP Template (Make a Copy)
- Submit Your UC Berkeley System Security Plan(form requires CalNet login)