Jack McCredie, CIO
Editor's note: the text of this article was originally a memo distributed via CALmessages on April 30, 2004.
At the core of UC Berkeley's information technology infrastructure is its communications network, with thousands of connected servers on campus and millions of other servers connected throughout the world. Faculty, students, and staff depend on the reliability and functionality of this network and on the associated applications, data resources, services, and online communities of colleagues for much of what they do. Unfortunately, incidents of attacks on these systems have increased dramatically. For example, the Blaster worm cost the campus hundreds of thousands of dollars and countless hours of time. Hackers are breaking into computers across campus every day. Far more dangerous and costly threats loom as viruses become increasingly malicious and hackers become more sophisticated.
In response to these threats, the Campus Information Security Committee developed an important new policy regarding the security and protection of campus electronic information resources. This policy was developed with input from campus administrators and staff representing many departments and the varied technology environments present on the Berkeley campus. It was unanimously approved by the e-Berkeley Steering Committee on January 29, 2004.
The purpose of this policy is to define a set of minimum security standards to be met by all computers and other devices connected to the campus network. The policy is available at
Because the impact of these standards is broad and implementation will take time, a one-year period is being allowed for compliance. That period will end on May 1, 2005. It is very important for everyone to use this time to ensure that all computers under their control are brought into compliance with these standards. Please review the policy and the accompanying implementation guide with your department's faculty, principal investigators, business officers, and information technology staff to determine the impact on your department or unit and to ensure that steps are taken to comply.
This summer, I will be following up with Control Units to see how much progress has been made. Once the implementation period has ended, noncompliant computers may be disconnected from the campus network without notice. This new policy is part of the foundation of policies and procedures designed to strengthen UC Berkeley's growing online environment. If you or your staff have any questions regarding this policy, please contact Campus Information Systems Security Officer Craig Lant,
[ iNews | Search | IST | UC Berkeley Computing | UC Berkeley ]
iNews: UC Berkeley information technology news channels
Copyright 2004, The Regents of the University of California