Viewable by the world
Group Access to CIO
Can VIEW the space: cio-editors ,  anonymous ,  all-lbnl-users ,  confluence-administrators , 
Can EDIT the space: confluence-administrators , 
Can ADMINISTER the space: confluence-administrators , 
Individual Access to CIO
Can VIEW the space: [email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected]
Can EDIT the space: [email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected]
Can ADMINISTER the space: [email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected]

Versions Compared

Old Version 3

changes.mady.by.user Joy Ellyn Bonaguro

Saved on

compared with

New Version 4

changes.mady.by.user Joy Ellyn Bonaguro

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Laboratory completed its new System Authorization Process (formally Authority to Operate / Certification and Accreditation). During this period we completed full reviews of our systems and updated and revised the contractor assurance system for cyber security at LBLLBNL. The independent assessors we hired as part of this process characterized our program as “very successful”. Additional details are in the Assessments section.

...

Follow up to PNNL/JLab Attacks

Established Procedures for Emergency Cyber Security Attacks:

  • Purpose: To articulate a clear process and guiding principles for considering highly disruptive actions (e.g. disconnecting Lab)
  • Obtained delegated authority from Lab Director to Chief Information Officer to Cyber Security Team for executing highly disruptive actions

2. Emergent Security Risks and Evolving Threats

...

  1. Ongoing review of Incidents and Threats / Ongoing / Internal Assessment
  2. System Authorization Cycle with Assessments / Complete / Internal and External

2. System Authorization Cycle: External Assessment

Summary: “Of the 263 controls required by NIST, 22 controls were determined not applicable to LBNL systems and 236 were determined adequately documented, in place, and functioning as intended, indicating a highly effective, NIST-compliant cyber security program. LBNL should take note that compliance with 98% of the required NIST controls shows that the planning and execution of their CSPP was very successful.”

...

Laboratory Management Performance Measures

Cyber Security Incident Analysis

Berkeley Lab experienced a "normal" incident profile in Q4 aside from the RDP scanning mentioned above. Instances of malicious code were within current trends and there were no instances of mal code escalation or compromise of other hosts at the Laboratory. Newer detection measures implemented over the past 18 months continue to pay dividends in terms of speedy detection of these issues. Details provided on Operations Dashboard.

System Availability and Function Data

Cyber security systems experienced normal uptime profiles during this quarter.

Training Completion

92% of individuals are up to date (target is 90%)

Training Feedback

3.8 on a scale of 1-5. Selected comment: "In general, I appreciated the attitude of the course and the material covered, so it was one of the better courses (rated 5)."

...