Policy

Berkeley Lab’s institutional IT and cybersecurity policies focus on implementing DOE orders, UC requirements, and other laws, rules and regulations. Berkeley Lab also implements additional policies based on operational needs or to react to external risk factors.

RPM Policies

Controlled and Prohibited Information Categories

This policy establishes mandatory controls and approval processes for handling prohibited, controlled, and sensitive information at Berkeley Lab to ensure legal compliance, protect security, and support its open research mission.

Acceptable Use of Information Technology

This policy outlines the acceptable use of Lawrence Berkeley National Laboratory’s (Berkeley Lab) information technology (IT) resources, emphasizing their primary use for official Laboratory tasks, permitting incidental personal use under specific conditions, and prohibiting activities that violate laws, regulations, or Laboratory policies.

Privacy Policy

This policy outlines Berkeley Lab’s commitment to safeguarding personal information of its workforce, research subjects, and visitors by implementing risk-based privacy controls, ensuring compliance with applicable laws and regulations, and appointing a Privacy Officer to oversee privacy governance and training.

Scientific and Technical Publications Requirements

​This policy ensures open access to research conducted at Berkeley Lab, promotes wide dissemination of research results, enforces adherence to copyright obligations, and facilitates the appropriate assignment of intellectual property rights. ​

Security for Information Technology

​This policy establishes requirements to ensure that Berkeley Lab’s computing environment remains both open and appropriately secure.

Lifecycle Management for Information, Hardware, Software, and Services

​This policy establishes lifecycle management requirements for information, hardware, software, and services to promote efficient management of Laboratory Information and IT, while facilitating the scientific mission of Berkeley Lab.

Safety Software Quality Assurance Requirements

These requirements mandate the comprehensive lifecycle management for safety-related software to ensure reliability and compliance with DOE standards.

Protected Information

Protected Information Requirements

The Protected Information Requirements page outlines Berkeley Lab’s policies for handling Controlled Personal Information, specifying strict guidelines on storage, transmission, access, and disposal to ensure compliance with institutional security standards and regulatory obligations.

Controlled Unclassified Information (CUI)

The Controlled Unclassified Information (CUI) page outlines Berkeley Lab’s interim solution for handling CUI in compliance with DOE Order 471.7, providing guidelines for receiving, storing, and transmitting CUI.

OUO Management and Storage Requirements

The OUO Management and Storage Requirements page outlines Berkeley Lab’s policies for handling Official Use Only (OUO) information.

Additional Policies

External VPN Usage Policy

The External VPN Usage Policy mandates the use of LBL’s official Cisco VPN for off-campus work, prohibits commercial or free VPNs on LBL-owned devices, and outlines security risks associated with third-party VPNs, emphasizing data privacy, cybersecurity protections, and compliance with DOE policies.

Interim Policy on Smartwatches and Fitness Trackers

The Interim Policy on Smartwatches and Fitness Trackers restricts the purchase of these devices with Berkeley Lab funds, requiring Division Director approval, justification, and IT procurement oversight to ensure compliance with funding policies and prevent unauthorized luxury purchases.

QR Code Use Policy

The QR Code Use Policy outlines security risks associated with QR codes at Berkeley Lab and provides best practices for users to verify legitimacy and avoid cyber threats, as well as guidelines for Lab QR code creators to ensure safe and authenticated use.

Shortened URL Policy

The Shortened URL Policy mandates the use of go.lbl.gov for creating shortened links at Berkeley Lab, highlighting security risks of third-party shorteners and providing best practices to ensure transparency, legitimacy, and cybersecurity compliance.

Guidance

Use of Cameras and Recording Systems

The Guidance – Use of Cameras and Recording Systems page outlines Berkeley Lab’s use of cameras and recording systems for scientific, operational, security, and incidental personal purposes while addressing privacy concerns, cybersecurity measures, and appropriate usage protocols.

Using Generative AI tools

The Guidance on Using Generative AI tools page outlines best practices for the responsible use of generative AI tools at Berkeley Lab, emphasizing data security, licensing agreements, intellectual property considerations, and restrictions on handling sensitive information while also providing specific policies for AI use in Zoom and other platforms.