Summary
Some proposals and program documentation ask for a short statement about the Lab's approach to cyber security. We recommend the statement below. Requirements for these statements differ - if you have any questions at all or if it doesn't just say "Please provide an overview of the cyber security program," don't hesitate to get in touch with itpolicy at lbl.gov
If a proposal requires specific protections or if you see words related to foreign national controls or FIPS 199 Moderate or High, you are at risk of violating LBNL policy. If you see words like these, immediately contact security at lbl.gov - we'll help you navigate this situation and keep you and the lab out of trouble.
Recommended Statement
Berkeley Lab operates an integrated set of cyber security protections designed to efficiently protect research and operational data while enabling cutting edge research. LBNL's systems are Certified and Accredited under NIST 800-53 and have Authority to Operate from the Department of Energy.
LBNL's information protection systems include advanced intrusion detection systems, deep forensic logging, vulnerability detection and remediation, and configuration management. In addition, all employees receive annual cyber security awareness training in addition to job-specific training and awareness and ongoing awareness activities conducted by the Laboratory.
A continuous monitoring program provides assurance that the systems are providing appropriate protection, and internal and external audits provide ongoing oversight of our operations. LBNL constantly adjusts its protections to changing risks and threats with the goal of optimally protecting scientific work.
