- Description of our cyber security program. Use this for budgets, proposals, and other documents.
- IT Policy question? Contact us at itpolicy at lbl.gov
Policies and Requirements
|RPM Policies||Implementing Documents|
Lifecycle Management for Information, Hardware, Software, and Services. This policy establishes line management and individual responsibility for lifecycle management of Laboratory Information and Laboratory Information Technology (IT) assets at Berkeley Lab.
Security for Information Technology. This policy establishes the line management approach to secure computing and requires that employees and affiliates to meet a set of security requirements.
Controlled and Prohibited Information Categories. Some information at LBNL requires additional protection, including Protected Information (e.g. personally identifiable and protected health information), Official Use Only, proprietary, export-controlled, and information with foreign national restrictions. This policy prohibits classified information.
Acceptable Use of Information Technology. Includes both business use and incidental personal use, subject to restrictions. The policy also defines and prohibits unacceptable use, e.g. violation of law, policy, use for personal gain, etc.
Privacy. Defines no expectation of privacy in use of Laboratory IT, establishes authority to monitor and consent to monitoring, and defines policies for access without consent (i.e. access to an employees information or IT without their permission).
Archives and Records Management Policy. This establishes line-management responsibility for managing scientific and operational records at Berkeley Lab. It also establishes and specifies responsibilities for Divisions and departments, Division records liaison officers, and the Laboratory-wide Archives and Records Office.
|Scientific and Technical Publications Requirements. Describes Berkeley Lab requirements for the publication of scientific and technical information (STI), e.g. Credit Line, Author Affiliations, Copyright Notice, and Disclaimer Requirements|
Our DOE contract includes several DOE orders and contract clauses that apply to IT and cyber security.
Crosswalk of IT and Cyber Directives and Contract Clauses. These crosswalks describe how we implement everything related to IT and cyber in the contract.
- Requirements Management and Policy Flow for IT and Cyber Security