Parent Policy: Lifecycle Management for Information, Hardware, Software, and Services
Document #: 10.01.003.01
Service | Description |
|---|---|
Wireless Networking | Installation and attachment of wireless network equipment to LBLnet is not allowed. We monitor for and remove these 'rogue access points'. |
Wired Networking | LBLnet is the sole provider or wired networking. Installation of personal switches, firewalls, and NAT devices are allowed. Users need explicit permission to participate in routing protocols, runs DHCP servers, send RA's, send BPDU's, or otherwise attempt to manage the network. LBLnet staff reserves the right to disconnect equipment from LBLnet, including NAT devices, when it is deemed necessary to protect operational stability or security. |
IP Address and Host Name Allocations | Allocation of IP-related configurations (ip addresses, host names in lbl.gov, etc). This includes names of services inside and outside lbl.gov where such services could cause confusion with institutional services. IT may reject or change/require changes to hostnames or service names where they conflict with institutional services or appear to represent institutional services (e.g. A single science division may not manage "events.lbl.gov" or "projects.lbl.gov", nor can a single division utilize lbl.sharepoint.com or lbnl.slack.com etc...). |
Domain Name Server (DNS) | Advertising of DNS services to the internet |
Network Time Protocol (NTP) | Advertising of NTP services |
Domain Registrar | LBNL owned domain properly must use the LBNL IT Division registrar service. |
Telephony, including cellular | Provision of laboratory telephones, PBX, cell towers, and wiring |
Applications containing Protected Information | Protected Information includes Personally Identifiable Information. This information is most often contained in the Human Resources Information System (HRIS) and the Financial Management System (FMS). Berkeley Lab must protect this information as it faces fines in the event of inappropriate disclosure. |
Public address systems, radio communication, wired intercoms, and alarms. | All systems related to physical security and life safety communication, and spectrum management. |
Email Servers Exposed to Internet | All email servers with exposure to the internet must be approved. |
SSL certificates for systems in the lbl.gov namespace. | SSL certificates are purchased centrally so that they can be tracked. |
Data Centers and Closets | Any special purpose room that provides environmental controls designed for computing and networking must be coordinated with IT and Facilities. Datacenters and closets must be designed to meet efficiency standards and must be managed to ensure these standards are met. |
Specific Procurement Controlled Items | IT implements additional controls on the procurement of a small number of items to ensure appropriate security and appropriate use of resources. The full list can be found in Procurement's Restricted Item list and includes cellular phones, tablets with cellular service, all cellular services, laptops/desktops limited to specific channels (to ensure they are tagged), wireless access points, and items that require additional justification such as smartwatches and fitness trackers. This also includes internet service reimbursement which is subject to the procedures here: 9-02-320 - High Speed Remote Access Provisioning and Reimbursement |
| Operations and Directorate Web Services | With the launch of BLDS in 2022, all Ops and Directorate web development must take place in either OpsWeb, BLDS, or an IT approved alternative based on individual project needs. Email [email protected] for additional information. |
This document helps implement a Berkeley Lab policy in the Requirements and Policies Manual.
Send feedback to [email protected].
