Guideline

Incident Response Planning Guideline

Looking for the Campus Incident Response Plan? Go to Campus Incident Response Plan instead. The below Incident Response Planning Guideline refers to systems and applications that need to adhere to Campus MSSEI policy.

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data. The recommendations below are provided as additional guidance for the...

Read more about Incident Response Planning Guideline

General Monitoring and Detection Guideline

MSSEI Requirement 9.1.1

Summary: Units must...

Read more about General Monitoring and Detection Guideline

Commercial Software Assessment Guideline

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling Institutional Information. The recommendations below are provided as additional guidance for meeting security requirements for application software.

Requirement

From MSSEI requirement 1.1 Security Planning:
Information security requirements must be identified and addressed prior to development or acquisition of systems or software, and during all phases of development, from initiation through...

Read more about Commercial Software Assessment Guideline

Data Encryption in Transit Guideline

Read more about Data Encryption in Transit Guideline

Authenticated Scans Guideline

MSSEI Requirement 9.3 Privileged Scan:

Units must implement privileged scans for vulnerability assessment of high-risk P3, P4...

Read more about Authenticated Scans Guideline

Block Auto-run on Removable Devices Guideline - Retired

Guideline Retired - 2026

This Guideline was obsolete and has been retired as-of January 2026. Please refer to the current version of the Minimum Security Standards for Electronic Information (MSSEI) for current campus security requirements.

For questions, please contact security-policy@berkeley.edu

Read more about Block Auto-run on Removable Devices Guideline - Retired

Data Access Agreement Guidelines - Retired

Guideline Retired - 2026

For questions, please contact security-policy@berkeley.edu

Read more about Data Access Agreement Guidelines - Retired

Need to Know Access Control Guideline - Retired

Guideline Retired - 2026

This Guideline has been retired as-of March 2026. Please refer to section 5.8 of the current version of the Minimum Security Standards for Electronic Information (MSSEI), including the linked Implementation Information, for current campus security requirements around Controlled Access Based On Need-To-Know.

For questions, please contact security-policy@berkeley.edu

Read more about Need to Know Access Control Guideline - Retired

Patching and Updates Guidelines

All UC Berkeley IT Resources and all devices connected to the UC Berkeley network or cloud services must comply with the Minimum Security Standard for Networked Devices. The recommendations below are provided as guidance to assist with achieving the “Patching and Updates” Requirements.

MSSND Patching and Updates Requirement

Devices connected to a UC Berkeley...

Read more about Patching and Updates Guidelines

Administering Appropriate Use of Campus Computing and Network Services

Introduction

These Guidelines are intended to assist Berkeley Campus departments or units to ensure appropriate use of their computing and network services and to respond correctly to allegations of misuse.

Berkeley Campus departments or units may choose to provide or not provide computing and network services to defined categories of users, and may limit the types of services they do choose to provide. These decisions are based upon consideration of campus or local department or unit missions, available resources, or other academic or business needs and priorities.

Berkeley...

Read more about Administering Appropriate Use of Campus Computing and Network Services

1 of 2 View: Taxonomy term (Current page)
2 of 2 View: Taxonomy term
next › View: Taxonomy term
last » View: Taxonomy term