...
- Follow Berkeley Lab procurement rules (which permit click through for low risk software agreements).
- Use the Berkeley Lab Data Security Appendix for Covered and Non-Covered Data (login required) if appropriate.
- Ensure the information remains the property of UC/DOE.
- Identify a technical point of contact both at the cloud service and at Berkeley Lab.
- e.g. Who to contact if something isn't working right.
- Enable and understand all available cyber security features.
- Turn on extensive logging,
- Use off-site backups,
- Change passwords frequently, etc.
- Keep any installed software up to date.
- Ensure any installed software is legitimate and free of malware, spyware, etc.
- Where applicable, implement Recommended Cloud Configurations
Required Controls: Red
| Warning |
|---|
You are required to contact the Cyber Security ([email protected]) if your project has risks in the Red category prior to acquiring or using the cloud service. |
...
This form contains several questions that will help Cyber Security track cloud resources and understand what controls are needed for them. Please submit this form before requesting DNS records or making your cloud resources public:
https://go.lbl.gov/cloud-hosting-form
