Lab Logo
Lawrence Berkeley National Laboratory
Main | Search | Phone | Today | Notice
 
Office of the Chief Information Officer: Rosio Alvarez, PhD
Home | Policy | Privacy | Assurance | Federal Enterprise Architecture | CPIC | IT Division | Organizations and Committees

 

Certification and Accreditation Landing Page
     
Summary, Keywords, Notes   IT Policy: Management of Certification and Accreditation, Enclaves, Corrective Actions, and Federal Compliance

This policy relates to the high level management of cyber security at LBNL. While applicable to all systems, its intended audience is the Enclave Security Managers.

 

This policy is specific to enclave security management and was promulgated by the CPPM 5/17/2007.

.

 

 

 

 

Summary
Like EH&S at LBNL, Cyber Security is regulated by the Department of Energy and University of California Policy. This page describes the overarching relationships that define this regulation. It is for information purposes and should generally be outside the view of most users at LBNL - that is, these regulatory issues should appear integrated into the work of individual end users, and not as exogenous regulation.

Certification and Accreditation
LBNL systems operate under an authority to operate which is granted by the Department of Energy. This authority is like a license and the license is granted based on the program in place to protect the security of LBNL computing systems, assurance mechanisms to ensure that they are operating as intended, and an understanding of the risks, both mitigated and residual, that result from the operation of the systems.

 

The following policies of the Office of the CIO describe how systems are grouped and managed.

Policy on Certification and Accreditation

Policy on Corrective Actions and Plans of Action and Milestones (POAMs)

Guidance on Testing and Managing Disaster Recovery, Contingency Planning, and Business Continuity Planning.

 

Core 2007 Certification and Accreditation Documentation (Sept 2007-Sept 2010:

2007 Risk Assessment

2007 Common Controls Plan for LBL

2007 Common Controls 800-53 Crosswalk (being reformatted for distribution)

2007 Research and Operational Enclave Plan

2007 ST&E Review of LBL

2007 Cyber Security Assurance Plan

 

Supporting and Governing Guidance:

NIST 800-37, NIST 800-53

Office of Science SCMS / PCSP

 

 

     
     

 

 

  Home | Policy | Privacy | Assurance | Federal Enterprise Architecture | CPIC | IT Division | Organizations and Committees  
 
Lab Logo
Lawrence Berkeley National Laboratory
University of California: It Starts Here
 
This page is and all subsequent pages are covered by the University's Privacy and Security Notice and Policies