A-Z Policy Catalog

• Application System Development Guidelines

Campus Information Technology Security Policy

• UC Berkeley User Network Device Standards

• Mass Email Communication Guideline
• Procedures for Blocking Network Access

• Administering Appropriate Use of Campus Computing and Network Services

Data Classification Standard

Data Classification Standard - Archived

• Data Classification Guideline
• Data Classification and Protection Profiles
• Data Classification Guideline - Archived

Updated: Departmental Information Security Contact Policy

• Highlighting Changes to the Departmental Information Security Contact Policy

• Administering Appropriate Use of Campus Computing and Network Services
• Approval to Access Berkeley Campus Electronic Communications
• Accessing a former employee's email or files

UC & Berkeley Campus

• UC Berkeley Box and Google Data Use Agreement
• Cautions in the Use of Email
• Mass Email Communication Guideline
• Terms and Conditions of Appropriate Use for bMail

• UC systemwide policy
• UC Berkeley IS-3 Information
• UC Berkeley's Implementation of IS-3
• Campus Information Security Management Program
• Information Security Policy Guide for Units

UC & Berkeley Campus

• Secure Deletion Guideline
• Covered System Registration Guideline
• Registration Review Guideline
• Managed Software Inventory Guideline
• Secure Device Configuration Guideline
• Continuous Vulnerability Assessment & Remediation Guideline
• Authenticated Scans Guideline
• Intrusion Detection Guideline
• Device Physical Security Guideline
• Secure Coding Practice Guidelines
• Application Security Testing Program
• Commercial Software Assessment Guideline
• Mobile and Wireless Device Guideline
• Security and Privacy Training Guideline
• Separation of System Resources Guideline
• Use of Admin Accounts on Secure Devices Guideline
• Admin Account Security Guideline
• Managed Hardware Firewall Guideline
• Protected Subnet Guideline
• Audit Logging Guideline
• Security Audit Log Analysis Guideline
• Need to Know Access Control Guideline
• Account Monitoring and Management Guideline
• Data Encryption in Transit Guideline
• Data Encryption on Removable Media Guideline
• Secure Deletion Guideline
• Data Access Agreement Guidelines
• Incident Response Planning Guideline
• Incident Response Plan Availability Guideline
• Incident Reporting Training Guideline
• Request for Exception: Berkeley Campus Minimum Security Standards

• Minimum Security Standards for Networked Devices (MSSND)
  • Minimum Security Standards for Networked Devices (MSSND) - Archived
• Request for Exception: Berkeley Campus Minimum Security Standards
• MSSND: How to Secure Devices
• Guide to MSSND Changes

• How to Write an Effective Website Privacy Statement

• Guidelines for Use of Campus Network Data Reports
• Request for Exception: Berkeley Campus Minimum Security Standards
• Notice Triggering Data Review Requirement
• Campus Incident Response Plan

• Roles and Responsibilities Policy

• Information Security Policy Glossary

• Electronic Communications Policy (ECP)

Updated: Security Requirements for Networked Devices (including NAT)

Archived: Security Policy for NAT Devices 

• Archived: NAT Policy Compliance Guidelines