Welcome to the IT Policy Blog

Well, this is just kind of an experiment. Given that we're in the middle of certification and accreditation seasons for the cyber security programs, this blog is unlikely to get very much attention at the moment. Nevertheless, here's a quick update on IT Policy issues at LBNL right now.

1. C&A for Cyber Systems
We're in the midst of the Certification and Accreditation of the Cyber Security Program at LBNL. This is a big exercise in which we triannually certify to DOE that everything is working correctly, and they, in turn, accept the unmitigated residual risks associated with the program. We just recently completed our peer readiness review, and soon we'll have an external consulting firm provide independent verification and validation of our security test and evaluation program.

2. 9.01 Updated.
After a few years with just minor updates, RPM 9.01 was updated to reflect new requirements and expectations - especially the notion of stewardship of IT assets which is the foundational concept of the newly proposed UC Stewardship Policy. Coming up next, 9.02-9.05 get updated.