IT Policy Library

• Administering Appropriate Use of Campus Computing and Network Services

• Data and IT Resource Classification Standard
• Minimum Security Standards for Electronic Information (MSSEI)
• Minimum Security Standards for Networked Devices (MSSND)

• Mass Email Communication Guideline
• Procedures for Blocking Network Access
• Copyright Notices on Campus Websites

Archived: Computer Use Policy 

Superseded by: Campus Acceptable Use Policy

• Administering Appropriate Use of Campus Computing and Network Services

• Data and IT Resource Classification Standard - version 2.1, updated 6/13/2024
• Data and IT Resource Classification Guideline
• Data Classification and Protection Profiles

• Administering Appropriate Use of Campus Computing and Network Services
• Approval to Access Berkeley Campus Electronic Communications
• Accessing a former employee's email or files
• Guidelines for Use of Campus Network Data Reports

• UC Berkeley Box and Google Data Use Agreement
• Cautions in the Use of Email
• Mass Email Communication Guideline
• Terms and Conditions of Appropriate Use for bMail

• Information Security Policy Exception Process Overview
• Full Information Security Policy Exception Process

• UC systemwide policy
• UC Berkeley IS-3 Information
• UC Berkeley's Implementation of IS-3
• Campus Information Security Management Program
• Campus Incident Response Plan
• Information Security Policy Guide for Units

• UC Berkeley Digital Accessibility Program

Updated: Minimum Security Standards for Electronic Information Home Page - links to full Standard and implementation information

Previous Version: Minimum Security Standards for Electronic Information

• MSSEI Requirement Finder (authentication + campus network or campus VPN required)
• Request for Exception: Berkeley Campus Minimum Security Standards

Guidelines for previous version of MSSEI:

• Secure Deletion Guideline
• Covered System Registration Guideline
• Registration Review Guideline
• Managed Software Inventory Guideline
• Secure Device Configuration Guideline
• Continuous Vulnerability Assessment & Remediation Guideline
• Authenticated Scans Guideline
• Intrusion Detection Guideline
• Device Physical Security Guideline
• Secure Coding Practice Guidelines
• Application Security Testing Program
• Commercial Software Assessment Guideline
• Mobile and Wireless Device Guideline
• Security and Privacy Training Guideline
• Separation of System Resources Guideline
• Use of Admin Accounts on Secure Devices Guideline
• Admin Account Security Guideline
• Managed Hardware Firewall Guideline
• Protected Subnet Guideline
• Audit Logging Guideline
• Security Audit Log Analysis Guideline
• Need to Know Access Control Guideline
• Account Monitoring and Management Guideline
• Data Encryption in Transit Guideline
• Data Encryption on Removable Media Guideline
• Data Access Agreement Guidelines
• Incident Response Planning Guideline
• Incident Response Plan Availability Guideline
• Incident Reporting Training Guideline
• Request for Exception: Berkeley Campus Minimum Security Standards

• Minimum Security Standards for Networked Devices (MSSND) - full Standard
• Request for Exception: Berkeley Campus Minimum Security Standards
• MSSND: How to Secure Devices
• Guide to MSSND Changes

• How to Write an Effective Website Privacy Statement

• Full Policy: Roles and Responsibilities for the Protection of University Institutional Information and IT Resources
• Information Security Policy Glossary

• Detailed Routine Monitoring Practices (login required)
• Electronic Communications Policy (ECP)
• Guidelines for Use of Campus Network Data Reports