This policy relates to the high level management of cyber security at LBNL. While applicable to all systems, its intended audience is the Enclave Security Managers.

This policy is specific to enclave security management and was promulgated by the CPPM 5/17/2007.

Review is required by 5/17/2010

1. It is the policy of LBNL to follow best practices and internal, DOE, and UC policies in its management of corrective actions as they relate to IT and Cyber Security.

2. The institutional point of contact for all corrective actions related to all information technology and cyber security issues at LBNL is the Office of the CIO. The Office of the CIO maintains a Liaison function to coordinate audits and corrective actions.

3. The LBNL CATS system is utilized for tracking Corrective Actions. IT and Cyber Security weaknesses may be identified from self-assessments, audits, peer reviews, by the CPP, or by individual responsible managers. The Liaison is responsible for approving any identified corrective action, per the structure of the CATS program.
4. The CATS user manual describes the level of certification necessary to close findings in CATS. Individual auditors may have specific requirements for closing corrective actions. The Liaision coordinates these activities.