Viewable by the world

Help me!

Policies and Requirements

RPM PoliciesImplementing Documents

Lifecycle Management for Information, Hardware, Software, and ServicesThis policy establishes line management and individual responsibility for lifecycle management of Laboratory Information and Laboratory Information Technology (IT) assets at Berkeley Lab.

Security for Information Technology. This policy establishes the line management approach to secure computing and requires that employees and affiliates to meet a set of security requirements.

  • Minimum Security Requirements. Computers connected to the LBNL network must meet these requirements, which may change based on current risks. They establish a baseline of security for all systems on the LBNL network.

  • Open Web Server Requirements. These establish additional requirements for web server owners and system administrators.

  • Cyber Security Requirements. In addition to minimum and role-based requirements, the Computer Protection Program uses a variety of procedures to help protect Berkeley Lab. Use of Laboratory IT may not conflict with or interrupt these procedures.

Controlled and Prohibited Information Categories. Some information at LBNL requires additional protection, including Protected Information (e.g. personally identifiable and protected health information), Official Use Only, proprietary, export-controlled, and information with foreign national restrictions. This policy prohibits classified information.

  • Protected Information Requirements. Describes end-user requirements, including how to send/receive, store, remove, and share Protected Information. Describes functional (business) owner requirements, including business case approval and security planning, storage, user access review, sharing and disclosing Protected Information, and use of third party providers.
  • OUO Management and Storage Requirements. If you've received OUO materials, follow these requirements on managing OUO

Acceptable Use of Information Technology. Includes both business use and incidental personal use, subject to restrictions. The policy also defines and prohibits unacceptable use, e.g. violation of law, policy, use for personal gain, etc.

Privacy Policy. Defines no expectation of privacy in use of Laboratory IT, establishes authority to monitor and consent to monitoring, and defines policies for access without consent (i.e. access to an employees information or IT without their permission).

Records Management. This establishes line-management responsibility for managing scientific and operational records at Berkeley Lab. It also establishes and specifies responsibilities for Divisions and departments, Division records liaison officers, and the Laboratory-wide Archives and Records Office.

Scientific and Technical Publications Requirements. Describes Berkeley Lab requirements for the publication of scientific and technical information (STI), e.g. Credit Line, Author Affiliations, Copyright Notice, and Disclaimer Requirements

Requirements Management

Our DOE contract includes several DOE orders and contract clauses that apply to IT and cyber security.


  • No labels