Protected Data Applications: Summary & Terms

Summary

A Protected Data (RD) Application is any IT system (application, service, collection of devices, etc.) that stores, transmits, or otherwise handles institutional data classified as UC P2 or higher as defined by the Berkeley Data Classification Standard.

A PD Application is comprised of one or more of the following components:

  • PD Services (shared IT services provided to multiple Campus units, e.g. UC Backup)
  • Subnets
  • IP Addresses
  • Offsite Hostnames
  • Devices (specified by MAC Address)

Each of the above components can be registered to any Security Contact, not just the PD Application Owner. This model is designed to accomodate PD Applications consisting of multiple components managed by different groups or individuals. 

Security Contacts whose components are part of a PD Application are “PD Partners” of that PD Application.

Terms

Term Definition
PD Application A Protected Data (PD) Application is any IT system (application, service, collection of devices, etc.) that stores, transmits, or otherwise handles institutional data classified as UC P2 or higher as defined by the Berkeley Data Classification Standard.
PD Services Shared IT services provided to multiple Campus units. Typically, these are IST-managed services or other centralized IT services broadly available to Campus. PD Services are components of PD Applications, but each PD Service is managed by its own Security Contact and can be a part of multiple PD Applications.
Subnets Subnets are a subdivision of IP networks and are components of a PD Application.
IP Addresses IP Addresses are network addresses and locators assigned to a device and are components of a PD Application.
Offsite Hostnames Offsite Hostnames are Fully Qualified Domain Names (FQDN) used to uniquely identify a device/system in DNS. Offsite Hostnames are components of a PD Application.
Devices  Devices are specified by MAC Address, which are unique identifiers tied to a network interface of a particular device. Devices are components of a PD Application.
Security Contact Security Contacts are individuals that are the primary contact for one or more registered components (Subnets, IP Addresses, Offsite Hostnames, etc.).
PD Application Owner A PD Application Owner is the individual that maintains the registration of a PD Application.
PD Partner

A PD Application might include a component that is not registered to the PD Application Owner.  In this case, the Security Contact that did register that component will be an PD Partner in the PD Application.  That means they will be able to add or subtract their own components from the PD Application.