Please note: If you are connecting to socreg.berkeley.edu from OFF CAMPUS you must first connect to the campus VPN to access the portal.
Security Contacts can register Protected Data (PD) Applications or systems that handle, store, or transmit institutional data restricted by laws and policies. This registration information is used to provide enhanced monitoring to the components within the PD Application and, in the case of a security incident, the registration information will serve as an inventory of what components may be involved. It is appropriate to register the same component in more than one PD Application if it is used that way. Read How are PD applications monitored? for more information.
Security Contacts are required to register PD Applications, including their components. They are also required to review the registration information at least annually for completeness and correctness.
Registration for applications or information systems with a Protected Data classification of P2 and higher is required. See the Berkeley Data Classification Standard to understand your application's classification level.
Registration for applications or information systems with an Availability Level (AL) classification of A3 and higher is highly recommended. See Classification of Availability Levels for summary definitions and key examples of each level.
Terms
|
Term |
Definition |
|
PD Application |
Any IT system (application, service, collection of devices, etc.) that stores, transmits, or otherwise handles institutional data classified as UC P2 or higher as defined by the Berkeley Data Classification Standard |
|
PD Services |
Shared IT services provided to multiple Campus units. Typically, these are Berkeley IT-managed services or other centralized IT services broadly available to Campus. PD Services can be components of PD Applications. Each PD Service is managed by its own Security Contact and can be a part of multiple PD Applications. |
|
Subnets |
Subnets are blocks of IP Address space and can be components of a PD Application. |
|
IP Addresses |
IP Addresses are network addresses and can be components of a PD Application. |
|
Offsite Hostnames |
Offsite Hostnames are Fully Qualified Domain Names (FQDN) in the Internet’s Domain Name Service (DNS). Offsite hostnames are within the ‘Berkeley.EDU’ domain but resolve to a non-Berkeley IP Address. Offsite Hostnames can be components of a PD Application. |
|
Devices |
Devices are specified by Ethernet MAC Address, which are unique identifiers tied to a network interface of a particular device. Devices can be components of a PD Application. |
|
Security Contact |
The Security Contact that registered the components used within a PD Application. See Security Contacts. |
|
PD Application Owner |
A PD Application Owner is the Security Contact that maintains the registration of a PD Application. |
PD Application Attributes
A description of each field and expected input is shown below:
|
Form Field |
Expected Input |
Example |
|
PD Application Name |
A human readable, friendly name for your PD Application. |
My Web App |
|
Description |
A brief description of your PD Application, its function, and types of data handled. Include any common names/acronyms of the application. |
The My UC P3 Web App (MPWA) stores student and staff Social Security Numbers for the purposes of enrollment. |
|
Data Protection Level |
Select the appropriate Data Protection Level for your PD Application according to the Berkeley Data Classification Standard |
P3 |
|
Data Protection Level Approved |
Whether ISO has reviewed and approved the Data Protection Level. (Field designated by ISO) |
|
|
Availability Level |
Impact on Business operations if the application or system goes down. |
A3 |
|
Availability Level Approved |
Whether ISO has reviewed and approved the Availability Level. (Field designated by ISO) |
|
|
Application URLs |
A list of URLs or Windows file share URLs used to access or identify your application or system. |
https://mpwa.berkeley.edu\\mpwa.berkeley.edu\P3_File_Share |
|
Record Quantity |
Approximate number of data records stored, transmitted, or handled by your application. |
> 5000 |
|
Link to Review Document |
If a review has been completed by ISO, a link will be available here. (Field designated by ISO) |
PD Application Components
PD Applications are made up of Cloud Accounts, Cloud Services, bIT Services, Subnets, IP Addresses, Subdomains, Offsite hostnames, and Devices.
Each of the above components can be registered to any Security Contact, not just the PD Application Owner. This model is designed to accommodate PD Applications consisting of multiple components managed by different groups or individuals.
For some components, you must choose a Scope:
|
Institutional Device |
Use this Scope for servers, credential stores, and other large data stores of Protected Data. |
|
Privileged Access Device - Individual P4 Workstation |
Use this Scope for devices where credentials are entered in order to gain privileged access (root, Administrator, database admin, etc.) to Institutional Devices handling Protected Data. Usually this Scope is specified for administrative endpoints or management devices. This scope is also used for P4 Individual Devices (Instructions for Registering P4 Workstations in Socreg). |