[Micronet] MSSEI Updates: Clarifications and Exceptions Affecting Data Protection Requirements

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[Micronet] MSSEI Updates: Clarifications and Exceptions Affecting Data Protection Requirements

Lisa Ho
Dear Campus IT Community,

Security standards for student records and other non-public information (Protection Level 1) that were approved and published last year are now required across campus. Minimum Security Standards for Electronic Information (MSSEI) effective July 1, 2014 

In response to questions about the standard, Information Security and Policy has published multiple clarifying updates to the standard as well as guidelines that include several important exceptions. 

Topics addressed include: 
  • Encryption in Transit
  • Definition of Privileged Access Devices
  • Inventory and Registration
Because the updates clarify the original intent of the requirements and do not impose additional requirements (in some cases the changes are more lenient than the original) the changes are effective immediately.

Please see https://security.berkeley.edu/content/cispc-april-17-2014 (agenda item 3) for a redlined (track changes) version of the standard and analysis of changes.

Contact [hidden email] with questions or comments.


Lisa Ho
IT Policy Manager
Information Security and Policy
University of California, Berkeley

The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:


Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.