Policy

Berkeley Lab’s institutional IT and cybersecurity policies focus on implementing DOE orders, UC requirements, and other laws, rules and regulations. Berkeley Lab also implements additional policies based on operational needs or to react to external risk factors.

RPM Policies

Controlled and Prohibited Information Categories

Acceptable Use of Information Technology

Privacy Policy

Scientific and Technical Publications Requirements

Security for Information Technology

Lifecycle Management for Information, Hardware, Software, and Services

Safety Software Quality Assurance Requirements

Protected Information

Protected Information Requirements

The Protected Information Requirements page outlines Berkeley Lab’s policies for handling Controlled Personal Information, specifying strict guidelines on storage, transmission, access, and disposal to ensure compliance with institutional security standards and regulatory obligations.

Controlled Unclassified Information (CUI)

The Controlled Unclassified Information (CUI) page outlines Berkeley Lab’s interim solution for handling CUI in compliance with DOE Order 471.7, providing guidelines for receiving, storing, and transmitting CUI.

OUO Management and Storage Requirements

The OUO Management and Storage Requirements page outlines Berkeley Lab’s policies for handling Official Use Only (OUO) information.

Additional Policies

External VPN Usage Policy

The External VPN Usage Policy mandates the use of LBL’s official Cisco VPN for off-campus work, prohibits commercial or free VPNs on LBL-owned devices, and outlines security risks associated with third-party VPNs, emphasizing data privacy, cybersecurity protections, and compliance with DOE policies.

Interim Policy on Smartwatches and Fitness Trackers

The Interim Policy on Smartwatches and Fitness Trackers restricts the purchase of these devices with Berkeley Lab funds, requiring Division Director approval, justification, and IT procurement oversight to ensure compliance with funding policies and prevent unauthorized luxury purchases.

QR Code Use Policy

The QR Code Use Policy outlines security risks associated with QR codes at Berkeley Lab and provides best practices for users to verify legitimacy and avoid cyber threats, as well as guidelines for Lab QR code creators to ensure safe and authenticated use.

Shortened URL Policy

The Shortened URL Policy mandates the use of go.lbl.gov for creating shortened links at Berkeley Lab, highlighting security risks of third-party shorteners and providing best practices to ensure transparency, legitimacy, and cybersecurity compliance.

Guidance

Use of Cameras and Recording Systems

The Guidance – Use of Cameras and Recording Systems page outlines Berkeley Lab’s use of cameras and recording systems for scientific, operational, security, and incidental personal purposes while addressing privacy concerns, cybersecurity measures, and appropriate usage protocols.

Using Generative AI tools

The Guidance on Using Generative AI tools page outlines best practices for the responsible use of generative AI tools at Berkeley Lab, emphasizing data security, licensing agreements, intellectual property considerations, and restrictions on handling sensitive information while also providing specific policies for AI use in Zoom and other platforms.