Covered System Registration Guideline

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data. The recommendations below are provided as optional guidance for covered system registration requirement.

Requirement

Resource Proprietors, in conjunction with Resource Custodians, must register all covered Core System and Sys Admin devices in the campus data registry system.

Description of Risk

Attackers can discover and compromise covered data on devices not authorized to store, process, or transmit such data. If data on a device is not correctly registered, it will not receive sufficient security monitoring and appropriate prioritization of response to vulnerabilities and compromises.

Recommendations

Registration of covered devices requires a two-step process to create appropriate entries in two campus data registry applications:

  1. Restricted Data Management (RDM)
  2. Security Contact

Restricted Data Management

Resource proprietors and custodians should register devices in Restricted Data Management (RDM) that are used to store, process and transmit sensitive data as covered in MSSEI. Information entered in RDM should follow the guidelines below:

  • email address is current and actively monitored for security-related communication
  • data elements are accurately and completely documented
  • IP address(es) and device (host) names for covered devices are accurate and complete
    • If the device is using dynamically allocated IP address (DHCP), please ensure the device is registered in the campus DHCP service
  • Use text fields after Machine Type and Operation System to note version number. For example:
    • Machine Type: Local Database Server. Microsoft SQL 2008
    • Operating System: Windows. Windows 2008 R2

By registering in RDM, covered devices are entitled to the following security services:

  • More frequent scanning -- network vulnerability scans for RDM registered devices occur nightly
  • A greater range of intrusion detection signatures are reviewed with notifications sent to the security contact
  • Elevated responses to alerts – Information Security and Policy (ISP) staff are alerted immediately and will attempt to reach an administrator as soon as possible
  • Longer retention of network data for future analysis if a breach is confirmed -- this can help to confirm if a hacker was able to access the restricted data during the breach incident

Security Contact

In addition to RDM, ISP refers to a database of IP addresses and associated contact information when it needs to notify contact persons of any security issues regarding a computer under their responsibility. To implement this procedure, each department needs to appoint and enter a primary security contact and one or more backup contacts into the Security Contact application. (See Updating a Department's Security Contact Email Address) The following guidelines provide additional details on requirements of the Security Contacts registration:

  • Accurate IP address range(s) is essential to timely and effective response to security incidents in the future.
  • All security contacts for a given department should be reachable through a single email address (e.g.,security@me.berkeley.edu).
  • There should be at least a single email address with encryption key for exchanging secure messages with central campus security personnel.  The email address for secure communication can be a personal email address of departmental security personnel.  
  • Security contacts must respond to security incident reports from central campus security staff and pass them on to responsible departmental or third party support personnel as appropriate.
  • Security contacts need to have some familiarity with the computers in their department and be able to determine who a responsible technical person is; it is not necessary for the contact to have extensive security expertise.
  • Groups of departments may agree to share contacts for efficiency.

Security contacts are responsible for ensuring that appropriate personnel take action in response to each security incident (including escalating the incident to an appropriate departmental authority if action is not taken) and that resolution of each incident is reported tosecurity@berkeley.edu.

For detailed instructions on how to setup Security Contact profiles, please refer to procedures to setup Security Contact profiles.

Additional Resources