Viewable by the world
The OCIO is responsible for managing and implementing IT and cyber-related contract requirements. This section describes how we implement those requirements and provide assurance regarding our implementation. This is not the record copy of applicable requirements.
Active (in contract)
DOE Orders and Policies
| Directive (from Contractor Requirements Document) | Effective Date | Description | Implementation Crosswalk |
|---|---|---|---|
| O 200.1A Information Technology Management | 4/3/2009 | Requires the use of sound business practices in the management of IT and compliance with applicable laws. | 200.1A Implementation |
| O 205.1B Department of Energy Cyber Security Program | 7/3/2014 | Requires a cyber security program that uses the Risk Management Approach and an assurance system that demonstrates that the program is working. | 205.1B Implementation |
| O 206.1 Department of Energy Privacy Program | 6/20/19 | Describes requirements related to Berkeley Lab's implementation of privacy controls such as reporting of security breaches impacting federal PII and | 206.1 Implementation |
| O 206.2 Identity, Credential, and Access Management (ICAM) | 6/3/2013 | Defines HSPD-12 requirements as well as additional requirements related to ICAM for DOE information systems. | 206.2 Implementation |
| O 241.1B Scientific and Technical Information Management | 12/2/2011 | Requires management and distribution of Scientific & Technical Information created through DOE-funded work. | 241.1B Implementation |
| O 243.1B Records Management Program | 7/3/2014 | Requires records management program per NARA regulations | 243.1B Implementation |
| O 415.1 Information Technology Project Management | 6/3/2013 | Requires best practices in IT project management. | 415.1 Implementation |
| O 471.3 Identifying and Protecting OUO Information | 12/2/2014 | Requirements for handling Official Use Only information | 471.3 Implementation |
| M 471.3-1 Manual for Identifying and Protecting OUO Information | 12/2/2014 | Manual requirements for handling Official Use Only information | 471.3-1 Implementation |
Contract Clauses (Mod. No. 1138)
| Contract Clause | Description | Implementation Crosswalk |
|---|---|---|
| Identifies certain Systems of Records (SOR) subject to the Privacy Act to be maintained by Berkeley Lab. | H.7 Implementation | |
| I.67 Privacy Act Notification (Apr 1984) (Prev. I.31) (FAR 52.224-1) | Identifies requirements related to Privacy Act compliance, workforce training, and subcontractor requirements. | Section I Implementation |
| I.68 Privacy Act (Apr 1984) (Prev. I.32) (FAR 52.224-2) | ||
| I.69 Privacy Training (Jan 2017) (PREV. I.163) (FAR 52.224-3) | ||
| I.108 Computer Security (AUG 2006) (PREV. I.124) (DEAR 952.204-77) | ||
I.124 Access to and Ownership of Records (OCT 2014) | Describes the approach for ownership and access of records created in the context of executing the Prime Contract. |
