Summary:
Some proposals and program documentation ask for a short statement about the Lab's approach to cyber security. We strongly suggest the following one. Please note, requirements for these statements differ - if you have any questions at all or if it doesn't just say "Please provide an overview of the cyber security program," don't hesitate to get in touch with itpolicy at lbl.gov
CAUTION:
If you are being asked to commit to specific protections in a proposal document or if you see words related to foreign national controls or FIPS 199 Moderate or High, you are about to be in violation of LBL policy in a bad way. If you see words like these, immediately get in touch with adstone at lbl.gov or cppm at lbl.gov - we can help you navigate this situation and keep you and the lab out of trouble.
Statement:
Berkeley Lab operates an integrated set of cyber security protections
designed to efficiently protect research and operational data while
enabling cutting edge research. LBL's systems are Certified and
Accredited under NIST 800-53 and have Authority to Operate from the
Department of Energy.
LBL's information protection systems include advanced intrusion
detection systems, deep forensic logging, vulnerability detection and
remediation, and configuration management. In addition, all employees
receive annual cyber security awareness training in addition to
job-specific training and awareness and ongoing awareness activities
conducted by the Laboratory.
A continuous monitoring program provides assurance that the systems
are providing appropriate protection, and internal and external audits
provide ongoing oversight of our operations. LBL constantly adjusts
its protections to changing risks and threats with the goal of
optimally protecting scientific work.
