Cybersecurity Certification Process
Learn the steps to certify your lab or work environment.
Governance is a shared responsibility, and, as individuals entrusted with our academic and research mission, certification of the baseline cybersecurity efforts falls to faculty and researchers.
For most labs, the process to certify security will require only three steps.
Certification
1. Collect Project Information
Begin by collecting the information that will be required to complete the request for certification form.
Only a project's Principal Investigator and staff will know what data or artifacts are difficult or impossible to reproduce and are most likely to need secure backup. These are the people who will document a lab's information and complete the certification form.
Project information includes:
- Lab contact and description information
- Information about the lab itself such as where it exists on the campus network
- Acknowledgement that computing equipment is running the campus-required anti-malware and vulnerability identification software, where possible (Active Directory sign-on required. Please use your @ucsd.edu login, not @health.ucsd.edu or @eng.ucsd.edu.)
(UC Health/Health Sciences users, find instructions at Pulse Anti-malware and vulnerability page - requires login) - A description of your data backup strategy (Active Directory sign-on required. Please use your @ucsd.edu login, not @health.ucsd.edu or @eng.ucsd.edu.)
Download this Excel workbook to simplify the process of collecting the information needed for a certification request before logging in to the Certification Request application form. Line-by-line instructions are included in the workbook.
The Lab Environment
Reference is made to the 'lab' environment throughout the certification process. A lab can differ, depending on the researcher:
- Individuals whose research does not involve a physical lab should complete the documentation for yourself and your research-related computing equipment. This may be as little as a workstation or laptop.
- Researchers with multiple labs submit a separate certification request for each lab.
- Researchers who rely on a separate support organization such as SDSC for lab data should provide as much of the information as is relevant. While organizations such as SDSC provide highly secure enclaves, ultimate responsibility for the secure handling of data and its backup remains that of the Principal Investigator.
2. Complete the Certification Request Form
Information must be manually transferred from the Excel data collection workbook to corresponding fields in the Cybersecurity Certification for Research request form.
Access the Cybersecurity Certification for Research request form at certify.assure.ucsd.edu. (Active Directory sign-on required. Please use your @ucsd.edu login, not @health.ucsd.edu or @eng.ucsd.edu.)
3. PI Review and Submit
Submission Reviews
A workgroup of research IT and security personnel will review certification submissions:
- All labs that have been pre-identified as high-risk will be reviewed. See What is a “High-Risk” Lab?
- A random subset of all labs not deemed high-risk will be reviewed
PIs may request a more rigorous assessment than the basic program at no charge, with fee-based options, by emailing ccr-support@ucsd.edu.
What is a ‘High-Risk’ Lab?
A high-risk lab is a lab with specific DoD or security requirements from the sponsoring agency, a very extensive IT infrastructure, or a research topic known to be a high-value target.
Faculty and researchers whose research is determined to be high-risk will be notified.
Support:
Campus faculty and researchers, email ccr-support@ucsd.edu for assistance.
Health Sciences faculty and researchers, email 3help@health.ucsd.edu.