Guideline

Request an Information Security Policy Exception

Summary

When a device doesn’t meet campus information security requirements, it poses a risk to all other devices on the network. Campus information security requirements are designed to protect our systems and data. Anything that doesn’t meet these requirements may face removal from the campus network if it poses a significant risk.

If you – or your department/unit – have a device or IT service that can’t meet campus information security requirements but must remain on the network, you should request a policy exception to avoid it...

Patching and Updates Guidelines

All UC Berkeley IT Resources and all devices connected to the UC Berkeley network or cloud services must comply with the Minimum Security Standard for Networked Devices. The recommendations below are provided as optional guidance to assist with achieving the “Patching and Updates” Requirements.

MSSND Patching and Updates Requirement

Devices connected to a UC...

Data Access Agreement Guidelines

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data. The recommendations below are provided as optional guidance to assist with achieving requirement 15.4, Data Access Agreement.

Requirement

Resource Proprietors must establish Data Access Agreements that define appropriate use and access to covered data, as well as procedures for obtaining approval for...

Managed Software Inventory Guideline

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data. The recommendations below are provided as optional guidance to assist with achieving requirement 2.1, Managed Software Inventory.

Requirement

Resource Custodians must manage and regularly review installed software, and install only software packages required for business...

Security Policy for NAT Devices - ARCHIVED

NOTE: This is the archived version of the NAT Policy, which was formally rescinded on 9/22/2023. See User Network Device Standards and Terms of Service for the current requirements.

In the past few years, it has become increasingly common for users to connect to the campus network equipment designed to allow many computers to share a single network connection. These devices, which may include routers...

Data Encryption in Transit Guideline

NOTE: The Information Security Office recently updated the UC Berkeley's Data Classification Standard and Protection Profiles for the Campus. These number changes are reflected on this page.

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data. The recommendations below are provided as optional guidance to assist with achieving the Data...

Incident Response Planning Guideline

Looking for the Campus Incident Response Plan? Go to Information Security Documents instead. The below Incident Response Planning Guideline refers to systems and applications that need to adhere to Campus MSSEI policy.

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data. The recommendations below are provided as optional...

Guidelines for Use of Campus Network Data Reports

Campus network data reports may be sent to campus departments by Network Operations and Services (NOS) or the Information Security Office (ISO), either because operational or security issues have been observed, or when otherwise requested by the departments. This access is given on the condition that the use of the data must respect all governing laws and policies. In particular, its use must comply with the University's firmly-held principles of academic freedom and shared governance, freedom of speech, and privacy, within the context of the University's legal and other obligations....

Administering Appropriate Use of Campus Computing and Network Services

Introduction

These Guidelines are intended to assist Berkeley Campus departments or units to ensure appropriate use of their computing and network services and to respond correctly to allegations of misuse.

Berkeley Campus departments or units may choose to provide or not provide computing and network services to defined categories of users, and may limit the types of services they do choose to provide. These decisions are based upon consideration of campus or local department or unit missions, available resources, or other academic or business needs and priorities.

Berkeley...

Continuous Vulnerability Assessment & Remediation Guideline

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data. The recommendations below are provided as optional guidance for continuous vulnerability assessment and remediation.

Requirement

Resource Custodians must continuously assess and remediate vulnerabilities on all covered devices.

...