Overview
Berkeley's Minimum Security Standards for Electronic Information (MSSEI) are security controls that systems must meet in order to handle campus data.
The Information Security Office (ISO) offers an assessment service using the MSSEI to identify technical and procedural weaknesses in campus applications that store, process, or transmit UC P2/P3 and UC P4 data.
The MSSEI assessment service is designed to reduce risk to campus by assessing systems against minimum security standards. System and service operators benefit by being able to assure customers (campus) that they are meeting minimum security standards and protecting institutional data.
For more information, see the Details of the MSSEI Assessment Service.
How to Get Started
The first step is to fill out and submit a UC Berkeley System Security Plan. See the UC Berkeley System Security Plan (SSP) Step-by-Step Guide for detailed instructions.
Requirements
-
System owner(s) are required to review and update UC Berkeley System Security Plans (SSPs) annually.
-
SSPs for high-risk P3, P4, and A4 IT Infrastructure and Services must be submitted to and reviewed by the Information Security Office upon creation and at least every three years.
Service Details and Additional Information
- Details of the MSSEI Assessment Service
- UC Berkeley System Security Plan Step by Step Guide
- MSSEI Self Assessment Plan Templates (links create a copy in Google Docs):
- UC P4 SSP Template
- UC P2/P3 SSP Template
- NOTE: We are currently working on creating new SSP templates to reflect the updated MSSEI v3.0 policy. Our estimated timeline for the updated SSP templates is by the end of 2024. In the meantime, we recommend documenting new/changed MSSEI v3.0 controls in the existing SSP templates, with a focus on High Priority requirements. If you have recently updated your SSP, you could wait to update with the new template.
- Submit Your UC Berkeley System Security Plan (form requires CalNet login)