Minimum Security Requirements
Parent Policy: Security for Information Technology
Document #: 10.01.002.001
Computers connected to the Berkeley Lab network must meet minimum security requirements. Minimum security requirements establish a baseline of security for all systems on the Berkeley Lab network. Non-compliant devices may be disconnected from the network.
Cyber Security Operations will modify these requirements based on changing technology and evolving threats.
= Required = Not applicable
Tips on Implementing
Install antivirus software and set to automatic updates.
Download Sophos for home and personal use at software.lbl.gov.
Install critical application patches. When available, enable automatic update functionality. Cyber Security enforces patching of critical patches.
Windows and Apple: download BigFix from software.lbl.gov for easy desktop application patching.
Clear text Authentication
Encrypt passwords when authenticating; do not transmit passwords in clear text.
Do not use Telnet as it is unencrypted.
Only employees or affiliates may have institutional accounts (i.e. Berkeley Lab Identity/LDAP and Active Directory).
The Account Management FAQ describes procedures for obtaining and managing accounts.
Log to the central logging servers.
Apple and Linux: Use Central Syslog Server instructions.
Secure network services on your computer as follows:
Windows: Contact the Help Desk and ask to be joined to Active Directory. This will help secure some of your network services.
Passwords used on Laboratory IT must meet one of the approved password requirement templates.
Template 1 is in place for Berkeley Lab Identity (LDAP) passwords and Template 2 is in place for Active Directory (AD) passwords.
In all cases the following apply.
Mobile Device PIN lock screen
Mobile devices, both personal and Lab issued, used to authenticate to institutional resources must be protected by a PIN lock screen. Some examples of institutional resources included Gmail, Google Calendar, LETS, and multifactor authenticator tokens in Google Authenticator.
Biometric authentication, including fingerprint or facial recognition, and lock screen patterns are an acceptable alternative.
Operating System Patches
Install critical operating system patches. When available, enable automatic update functionality. Cyber Security enforces patching of critical patches.
Windows: use "Automatic Updates" and contact the Help Desk and ask to be joined to Active Directory.
Install the Window Security Template to automatically configure baseline security settings.
To install the security template, contact the Help Desk and ask to be joined to Active Directory.
Complete Training Requirements appropriate for your position.
The JHA (or new WPC) system will notify you of your cyber training requirements.