Parent Policy: Lifecycle Management for Information, Hardware, Software, and Services
Document #: 10.01.003.01

Service

Description

Wireless Networking

Installation and attachment of wireless network equipment to LBLnet is not allowed. We monitor for and remove these 'rogue access points'.

Wired Networking

LBLnet is the sole provider or wired networking. Installation of personal switches, firewalls, and NAT devices are allowed. Users need explicit permission to participate in routing protocols, runs DHCP servers, send RA's, send BPDU's, or otherwise attempt to manage the network. LBLnet staff reserves the right to disconnect equipment from LBLnet, including NAT devices, when it is deemed necessary to protect operational stability or security.

IP Address and Host Name Allocations

Allocation of IP-related configurations (ip addresses, host names in lbl.gov, etc). This includes names of services inside and outside lbl.gov where such services could cause confusion with institutional services. IT may reject or change/require changes to hostnames or service names where they conflict with institutional services or appear to represent institutional services (e.g. A single science division may not manage "events.lbl.gov" or "projects.lbl.gov", nor can a single division utilize lbl.sharepoint.com or lbnl.slack.com etc...).

Domain Name Server (DNS)

Advertising of DNS services to the internet

Domain Registrar

LBNL owned domain properly must use the LBNL IT Division registrar service.

Telephony, including cellular

Provision of laboratory telephones, PBX, cell towers, and wiring

Applications containing Protected Information

Protected Information includes Personally Identifiable Information. This information is most often contained in the Human Resources Information System (HRIS) and the Financial Management System (FMS). Berkeley Lab must protect this information as it faces fines in the event of inappropriate disclosure.

Public address systems, radio communication, wired intercoms, and alarms.

All systems related to physical security and life safety communication, and spectrum management.

Email Servers Exposed to Internet

All email servers with exposure to the internet must be approved.

SSL certificates for systems in the lbl.gov namespace.
 

SSL certificates are purchased centrally so that they can be tracked.

Data Centers and Closets

Any special purpose room that provides environmental controls designed for computing and networking must be coordinated with IT and Facilities.  Datacenters and closets must be designed to meet efficiency standards and must be managed to ensure these standards are met.

Specific Procurement Controlled Items

IT implements additional controls on the procurement of a small number of items to ensure appropriate security and appropriate use of resources. The full list can be found in Procurement's Restricted Item list and includes cellular phones, tablets with cellular service, all cellular services, laptops/desktops limited to specific channels (to ensure they are tagged), wireless access points, and items that require additional justification such as smartwatches and fitness trackers.

Policy Implementing Document

This document helps implement a Berkeley Lab policy in the Requirements and Policies Manual.

Feedback

Send feedback to ITpolicy@lbl.gov.

 

 

  • No labels

Adaptavist ThemeBuilder EngineAtlassian Confluence