Parent Policy: Security for Information Technology
Document #: 10.01.002.001
Computers connected to the Berkeley Lab network must meet minimum security requirements. Minimum security requirements establish a baseline of security for all systems on the Berkeley Lab network. Non-compliant devices may be disconnected from the network.
Cyber Security Operations will modify these requirements based on changing technology and evolving threats.
= Required = Not applicable
Tips on Implementing
You must run antivirus software, the Lab recommends Crowdstrike.
Download Crowdstrike from software.lbl.gov.
Install critical application patches. When available, enable automatic update functionality. Cyber Security enforces patching of critical patches.
Windows and Apple: download BigFix from software.lbl.gov for easy desktop application patching.
Clear text Authentication
Encrypt passwords when authenticating; do not transmit passwords in clear text.
Do not use Telnet as it is unencrypted.
Only employees or affiliates may have institutional accounts (i.e. Berkeley Lab Identity/LDAP and Active Directory).
The Account Management FAQ describes procedures for obtaining and managing accounts.
Log to the central logging servers.
Apple and Linux: Use Central Syslog Server instructions.
Secure network services on your computer as follows:
Passwords used on Laboratory IT must meet one of the approved password requirement templates.
Template 1 is in place for Berkeley Lab Identity (LDAP) passwords and Template 2 is in place for Active Directory (AD) passwords.
In all cases the following apply.
Mobile Device PIN lock screen
Mobile devices, both personal and Lab issued, used to authenticate to institutional resources must be protected by a PIN lock screen. Some examples of institutional resources included Gmail, Google Calendar, LETS, and multifactor authenticator tokens in Google Authenticator.
Biometric authentication, including fingerprint or facial recognition, and lock screen patterns are an acceptable alternative.
Operating System Patches
Install critical operating system patches. When available, enable automatic update functionality. Cyber Security enforces patching of critical patches.
Windows: use "Automatic Updates".
Complete Training Requirements appropriate for your position.
The JHA (or new WPC) system will notify you of your cyber training requirements.