As a School of Stanford (SU), as well as a contractor for the Department of Energy (DOE), SLAC must comply with various contract obligations, policies, orders, and directives regarding its cyber security posture. SLAC's specific compliance obligations are detailed below.
SLAC's institutional policies and requirements apply to everyone at SLAC. Find the complete list, including the Computing & IT Policies, here.
Cybersecurity Regulatory Compliance
The federal government requires partner organizations to maintain a strong security posture to protect data breaches, reduce cyber attacks, and ensure compliance with industry best practices. SLAC must comply with both DOE regulations as well as NIST 800-53.
Below are policies, guidelines, publications, and federal information processing standards that SLAC complies with.
In 2014, NIST (National Institute of Standards and Technology) established a framework for managing and reducing cybersecurity risk. It was designed to create a standard protocol for cybersecurity management, communications, and practices for U.S. Government organizations, contractors, subcontractors, and external parties.
Below are relevant resources from NIST regarding cybersecurity best practices.