Guideline

Incident Response Planning Guideline

Looking for the Campus Incident Response Plan? Go to Information Security Documents instead. The below Incident Response Planning Guideline refers to systems and applications that need to adhere to Campus MSSEI policy.

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data. The recommendations below are provided as...

Data Encryption in Transit Guideline

NOTE: The Information Security Office recently updated the UC Berkeley's Data Classification Standard and Protection Profiles for the Campus. These number changes are reflected on this page.

--------------------

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data. The recommendations below are provided as optional guidance to assist with achieving the...

Data Access Agreement Guidelines

NOTE: The Information Security Office recently updated the UC Berkeley's Data Classification Standard and Protection Profiles for the Campus. These number changes are reflected on this page.

--------------------

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data. The recommendations below are provided as optional guidance to assist with achieving...

Patching and Updates Guidelines

All UC Berkeley IT Resources and all devices connected to the UC Berkeley network or cloud services must comply with the Minimum Security Standard for Networked Devices. The recommendations below are provided as optional guidance to assist with achieving the “Patching and Updates” Requirements.

MSSND Patching and Updates Requirement

Devices connected...

Security Policy for NAT Devices

In the past few years, it has become increasingly common for users to connect to the campus network equipment designed to allow many computers to share a single network connection. These devices, which may include routers, firewalls, and wireless access points, use a technology called Network Address Translation (NAT) to allow many systems to communicate on the network using the same publicly available IP address. While such devices permit many computers to connect to the network cheaply and easily, there are serious security implications for these devices that must be considered before...

Continuous Vulnerability Assessment & Remediation Guideline

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data. The recommendations below are provided as optional guidance for continuous vulnerability assessment and remediation.

Requirement

Resource Custodians must continuously assess and remediate vulnerabilities on all covered devices.

...

Passphrase Complexity Guidelines

UC Berkeley security policy mandates that all devices connected to the UCB network comply with the Minimum Security Standard for Networked Devices. The recommendations below are provided as optional guidance to assist with achieving the Passphrase Complexity requirement.

Requirement

When passphrases are used, they must meet the following complexity...

Email Oops, and How to Avoid Them

Overview

Email is still one of the primary ways we communicate, both in our personal and professional lives. However, we can often be our own worst enemy when using it. Here are the four most common mistakes people make with email and how to avoid them.

Autocomplete

Autocomplete is a common feature in most email clients. As you type the name of the person you want to email, your...

Secure Coding Practice Guidelines

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data. The recommendations below are provided as optional guidance for application software security requirements.

Requirement

Resource Proprietors and Resource Custodians must ensure that secure coding practices, including security training and reviews, are incorporated into each phase of the...

Administering Appropriate Use of Campus Computing and Network Services

Introduction

These Guidelines are intended to assist Berkeley Campus departments or units to ensure appropriate use of their computing and network services and to respond correctly to allegations of misuse.

Berkeley Campus departments or units may choose to provide or not provide computing and network services to defined categories of users, and may limit the types of services they do choose to provide. These decisions are based upon consideration of campus or local department or unit missions, available resources, or other academic or business needs and priorities.

Berkeley...