This policy relates to the high level management of cyber security at LBNL. While applicable to all systems, its intended audience is the Enclave Security Managers.

This policy is specific to enclave security management and was promulgated by the CPPM 5/17/2007.

.

Summary
Like EH&S at LBNL, Cyber Security is regulated by the Department of Energy and University of California Policy. This page describes the overarching relationships that define this regulation. It is for information purposes and should generally be outside the view of most users at LBNL - that is, these regulatory issues should appear integrated into the work of individual end users, and not as exogenous regulation.

Certification and Accreditation
LBNL systems operate under an authority to operate which is granted by the Department of Energy. This authority is like a license and the license is granted based on the program in place to protect the security of LBNL computing systems, assurance mechanisms to ensure that they are operating as intended, and an understanding of the risks, both mitigated and residual, that result from the operation of the systems.

The following policies of the Office of the CIO describe how systems are grouped and managed.

Policy on Certification and Accreditation

Policy on Corrective Actions and Plans of Action and Milestones (POAMs)

Guidance on Testing and Managing Disaster Recovery, Contingency Planning, and Business Continuity Planning.

Core 2007 Certification and Accreditation Documentation:

2007 Risk Assessment

2007 Common Controls Plan for LBL

2007 Common Controls 800-53 Crosswalk (being reformatted for distribution)

2007 Research and Operational Enclave Plan

2007 ST&E Review of LBL

Supporting and Governing Guidance:

NIST 800-37, NIST 800-53

Office of Science SCMS / PCSP