This is not the record copy of applicable Directives. The record copy is located at UCOP. This is not a complete listing of all applicable crosswalks, just a handy guide.
Directive |
Effective Date |
Comments |
LBL Implementation |
200.1 Information Management Program |
13-JUN-97 |
Requires the use of sound business practices in the management of IT and compliance with applicable laws. |
RPM: Stewardship Policy in 9.01 |
| 205.1A Energy Cyber Security Management |
24-May-07 |
Makes the Office of Science PCSP a governing document. |
Lab's approved ATO is the implementation (including deviations) of the SC PCSP. |
241.1A Scientific and Technical Information Management |
01-JUN-05 |
Requires LBNL to manage all publications and transmit useful information to OSTI. |
RPM 5.02 |
O 243.1 Records Management |
26-NOV-07 |
Covers records management program managed by ARO. |
See ARO Website for specific disposition and mgt. guidance. |
O 243.2 Vital Records |
03-May-07 |
Requires vital records preservation and management. |
Archives and Records policy in the RPM, combined with Laboratory Business Continuity and Emergency Management Plans implement this Directive. |
1450.4 Consensual Listening-In to or Recording Telephone/Radio Conversations |
23-DEC-93 |
Recording of phone conversations is prohibited. . |
Reflected in RPM 9.01 |
| 226.1A Implementation of DOE Oversight Policy |
02-OCT-07 |
Requires a robust program of management oversight for several areas including cyber security. OCIO is lead for the cyber security assurance mechanisms. |
Assurance plan is within CSPP and also here |
Preserved for Posterity (no longer current)
|
|
|
|
P 205.1 Departmental Cyber Security Management Policy |
NO LONGER IN CONTRACT |
Describes core principes like "line management owns security" |
RPM |
205.1 Energy Cyber Security Management |
NO LONGER IN CONTRACT |
Soon to be updated with current 201.1A |
Existing requirements are reflected in the Cyber Security Program Plan. |
N 205.2 Foreign National Access to DOE Cyber Systems |
NO LONGER IN CONTRACT
07-JAN-00 |
Indicate FN acess requirements in CSPP, conduct risk assessments, and prohibit offsite UCNI/NNPI access. |
FN access requirements are in CSPP, RA reflects assessment, UCNI/NNPI are prohibited per RPM. |
N 205.3 Password Generation, Protection, and Use |
NO LONGER IN CONTRACT
16-MAR-00 |
Requirements for passwords . |
Reflected in RPM 9.02 |
N 205.4 Handling Cyber Security Alerts & Advisories & Reporting Cyber Security Incidents |
NO LONGER IN CONTRACT
09-APR-02 |
Requires reporting to CIAC. |
Conducted by Computer Protection Program, reflected in CSPP. |
N 205.8 Cyber Security Requirements for Wireless Devices and Information Systems |
NO LONGER IN CONTRACT
01-JUN-05 |
Requires risk assessment prior to wireless deployment. |
Reflected in CSPP> |
N 205.9 Certification and Accreditation Process for Information Systems Including National Security Systems |
NO LONGER IN CONTRACT
01-JUN-05 |
Requires C&A |
Reflected in LBNL CSPP. |
N 205.10 Cyber Security Requirements for Risk Management |
NO LONGER IN CONTRACT
01-JUN-05 |
Conduct Risk Assessments |
Reflected in LBNL CSPP. LBNL conducts annual risk assesments. |
N 205.11 Security Requirements for Remote Access to DOE and Applicable Contractor Information Technology Systems |
NO LONGER IN CONTRACT
01-JUN-05 |
Sets requirements for remote access. |
Implemented in CSPP. |
N 205.12 Clearing, Sanitizing, and Destroying Information System Storage Media, Memory Devices, and Other Related Hardware |
NO LONGER IN CONTRACT
01-JUN-05 |
Sets requirements for destruction of media. |
Implemented by Property Mgt and Excess when media is disposed of. Policy is reflected in CSPP and RPM. |
