MSSEI Assessment Service

A service overview and catalog of MSSEI Assessment Service provided by the UC Berkeley IT Service Hub.

Description

The MSSEI Assessment provides a comprehensive evaluation of IT systems and applications against the University’s Minimum Security Standards for Electronic Information (MSSEI). This service acts as a compliance enabler, ensuring that campus technology deployments are resilient and secure.

Benefits & Features

System Security Plan (SSP) Evaluation: A rigorous review conducted by ISO Security Analysts to identify gaps in technical, administrative, or physical security controls.
Assessment Report: A formal deliverable summarizing identified risks, prioritized by severity to guide decision-making.
Remediation Roadmap: Tailored, actionable recommendations designed to bridge security gaps and achieve full compliance.

In-Scope: This service is specifically targeted at IT infrastructure and services classified at:

Protection Levels: P3 or P4
Availability Level: A4

For more information, see the Details of the MSSEI Assessment Service.

Getting Started

How to Request an MSSEI Assessment

1. Classify Your Data

Before starting, you must identify the sensitivity of your information. This determines which security controls apply to your system.

Action: Use the Data & IT Resource Classification Standard to determine your Protection Level ( P3–P4) and Availability Level ( A4).

2. Complete Your Security Plan (SSP)

The System Security Plan (SSP) is your roadmap for meeting security requirements.

Action: Download the template that matches your classification (see KB0015331).
Note: Fill out all sections regarding existing or planned security controls.

3. Grant ISO Access

To allow the Information Security Office (ISO) to review and provide feedback, you must share your document electronically before submitting your formal request.

Action: Share your SSP Google Doc with: ciso-mssei-ssp@calgroups.berkeley.edu.
Permission Level: Set to " Editor" (this allows for direct collaborative comments).

4. Submit the Service Request Form

Once your SSP is complete and shared, formally initiate the review.

Action: Complete the MSSEI Assessment Service Request Form.
What you'll need: Your Unit Name, System Name, and the sharing link for the SSP.

Service Details

Eligibility	This service is available to IT Providers.
Contact	Request the Service: To request assessment, please complete the MSSEI Assessment Service Request Form.
Availability	Available 24/7. Support is provided Monday–Friday, 8:00 AM – 5:00 PM PT, excluding University holidays and curtailment periods.
Cost	There are no direct costs associated with this service.
Data Classification	This service is rated for P3, A2, and R1 data. Compliance: Users are responsible for ensuring data handled within this service complies with the Data and IT Resource Classification Standards.