A-Z Policy Catalog

• Application System Development Guidelines

Campus Information Technology Security Policy

• UC Berkeley User Network Device Standards

• Mass Email Communication Guideline
• Procedures for Blocking Network Access

• Administering Appropriate Use of Campus Computing and Network Services

New: Data and IT Resource Classification Overview - links to full Standard and Guidelines

• Updated: Data and IT Resource Classification Standard - version 2.1, updated 6/13/2024
• Data and IT Resource Classification Guideline
• Data Classification and Protection Profiles

Departmental Information Security Contact Policy

• Highlighting Changes to the Departmental Information Security Contact Policy

Updated: Domain Name System (DNS) Service Policy and Resources

Archived: Domain Name System (DNS) Service Policy

• Administering Appropriate Use of Campus Computing and Network Services
• Approval to Access Berkeley Campus Electronic Communications
• Accessing a former employee's email or files
• Guidelines for Use of Campus Network Data Reports

UC & Berkeley Campus

• UC Berkeley Box and Google Data Use Agreement
• Cautions in the Use of Email
• Mass Email Communication Guideline
• Terms and Conditions of Appropriate Use for bMail

• Information Security Policy Exception Process Overview
• Full Information Security Policy Exception Process

• UC systemwide policy
• UC Berkeley IS-3 Information
• UC Berkeley's Implementation of IS-3
• Campus Information Security Management Program
• Campus Incident Response Plan
• Information Security Policy Guide for Units

UC & Berkeley Campus

Updated: Minimum Security Standards for Electronic Information Home Page - links to full Standard and implementation information

Previous Version: Minimum Security Standards for Electronic Information

• Secure Deletion Guideline
• Covered System Registration Guideline
• Registration Review Guideline
• Managed Software Inventory Guideline
• Secure Device Configuration Guideline
• Continuous Vulnerability Assessment & Remediation Guideline
• Authenticated Scans Guideline
• Intrusion Detection Guideline
• Device Physical Security Guideline
• Secure Coding Practice Guidelines
• Application Security Testing Program
• Commercial Software Assessment Guideline
• Mobile and Wireless Device Guideline
• Security and Privacy Training Guideline
• Separation of System Resources Guideline
• Use of Admin Accounts on Secure Devices Guideline
• Admin Account Security Guideline
• Managed Hardware Firewall Guideline
• Protected Subnet Guideline
• Audit Logging Guideline
• Security Audit Log Analysis Guideline
• Need to Know Access Control Guideline
• Account Monitoring and Management Guideline
• Data Encryption in Transit Guideline
• Data Encryption on Removable Media Guideline
• Data Access Agreement Guidelines
• Incident Response Planning Guideline
• Incident Response Plan Availability Guideline
• Incident Reporting Training Guideline
• Request for Exception: Berkeley Campus Minimum Security Standards

• Minimum Security Standards for Networked Devices (MSSND)
• Request for Exception: Berkeley Campus Minimum Security Standards
• MSSND: How to Secure Devices
• Guide to MSSND Changes

• How to Write an Effective Website Privacy Statement

• Roles and Responsibilities Policy

• Information Security Policy Glossary

• Electronic Communications Policy (ECP)
• Guidelines for Use of Campus Network Data Reports

Updated: Security Requirements for Networked Devices (including NAT)

Archived: Security Policy for NAT Devices 

• Archived: NAT Policy Compliance Guidelines