San Jacinto College Security Evaluation

Good afternoon, San Jacinto College, as part of its new application/vendor procurement process, is evaluating the security posture of Chimera and would like to ask for your help in procuring documentation that proves the security controls in place for the company. If you have any Information Security documentation you can share with us, it would be greatly appreciated. If an NDA needs to be signed, we would be happy to provide that to you. Documents that help: * HECVAT (one will be attached that can be filled out) * SJC Vendor Questionnaire (one will be attached that can be filled out) * Information security policies and procedures * Datacenters or Hosting Providers used. * Incident response plan * Disaster recovery plan * Business continuity plan * System and network architecture diagrams * Penetration testing reports * Vulnerability scan reports If you can provide the Data Centers that are used and the Hosting Providers, it will also help our evaluation process. Thank you in advance for your help. Please reach out if you have any questions. Regards, e Aaron C. Melendez Third-Party Risk Analyst The Office of Cybersecurity Cell: (281) 635-2940 (Please call x 2 or Text) San Jacinto Community College 4624 Fairmont Pkwy, Pasadena, TX 77504 Technical Support: Get help at SanJac ITS<https://www.sanjacits.org/> | call (281) 998-6137 www.sanjac.edu<https://www.sanjac.edu/> | www.facebook.com/sanjacintocollege<http://www.facebook.com/sanjacintocollege> | @SanJacCollege [2z5cr1lnO9iMtMLfMHSAYwzcMySsBwfq8SYpRxc6xBeRPF2c+m+YTgIc8IdrhL4f1IjMkJpGrM5AAAAAElFTkSuQmCC] “Under pressure, you don’t rise to the occasion, you sink to the level of your training.”

Sorry, we do not have nor are we able to provide any such documents. Note that we are an academic research group, not a software company. Also please note that the UCSF Chimera software is no longer actively developed or supported. Regards, Elaine ----- Elaine C. Meng, Ph.D. UCSF Chimera(X) team Department of Pharmaceutical Chemistry University of California, San Francisco
On Aug 9, 2023, at 12:52 PM, Melendez, Aaron via Chimera-users <chimera-users@cgl.ucsf.edu> wrote:
Good afternoon,
San Jacinto College, as part of its new application/vendor procurement process, is evaluating the security posture of Chimera and would like to ask for your help in procuring documentation that proves the security controls in place for the company.
If you have any Information Security documentation you can share with us, it would be greatly appreciated. If an NDA needs to be signed, we would be happy to provide that to you.
Documents that help:
• HECVAT (one will be attached that can be filled out) • SJC Vendor Questionnaire (one will be attached that can be filled out) • Information security policies and procedures • Datacenters or Hosting Providers used. • Incident response plan • Disaster recovery plan • Business continuity plan • System and network architecture diagrams • Penetration testing reports • Vulnerability scan reports
If you can provide the Data Centers that are used and the Hosting Providers, it will also help our evaluation process.
Thank you in advance for your help. Please reach out if you have any questions.
Regards,
e
Aaron C. Melendez Third-Party Risk Analyst The Office of Cybersecurity Cell: (281) 635-2940 (Please call x 2 or Text)
San Jacinto Community College 4624 Fairmont Pkwy, Pasadena, TX 77504 Technical Support: Get help at SanJac ITS | call (281) 998-6137 www.sanjac.edu | www.facebook.com/sanjacintocollege | @SanJacCollege
<image001.png>
“Under pressure, you don’t rise to the occasion, you sink to the level of your training.” <(Chimera) SJC Risk Assessment Questionnaire.xlsx><HECVAT-Lite.xlsx>_______________________________________________ Chimera-users mailing list -- chimera-users@cgl.ucsf.edu To unsubscribe send an email to chimera-users-leave@cgl.ucsf.edu Archives: https://mail.cgl.ucsf.edu/mailman/archives/list/chimera-users@cgl.ucsf.edu/

Ms. Elaine, Thank you for responding so quickly and explaining it to me. Hope you have a wonderful day. Is there anyone that could help me if I come across questions that may pertain to Chimera? For context, our assessments are mandated by the State of Texas for all higher education, so just in case there may be an issue I come across. Appreciate anything you can do for us here at San Jacinto. Best regards, e Aaron C. Melendez Third-Party Risk Analyst The Office of Cybersecurity Cell: (281) 635-2940 (Please call x 2 or Text) San Jacinto Community College 4624 Fairmont Pkwy, Pasadena, TX 77504 Technical Support: Get help at SanJac ITS<https://www.sanjacits.org/> | call (281) 998-6137 www.sanjac.edu<https://www.sanjac.edu/> | www.facebook.com/sanjacintocollege<http://www.facebook.com/sanjacintocollege> | @SanJacCollege [2z5cr1lnO9iMtMLfMHSAYwzcMySsBwfq8SYpRxc6xBeRPF2c+m+YTgIc8IdrhL4f1IjMkJpGrM5AAAAAElFTkSuQmCC] “Under pressure, you don’t rise to the occasion, you sink to the level of your training.” From: Elaine Meng <meng@cgl.ucsf.edu> Date: Wednesday, August 9, 2023 at 15:18 To: Melendez, Aaron <Aaron.Melendez@sjcd.edu> Cc: chimera-users@cgl.ucsf.edu <chimera-users@cgl.ucsf.edu> Subject: [External] Re: [Chimera-users] San Jacinto College Security Evaluation CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you validate the sender and know the content is safe. Please forward this email to techsupport@sjcd.edu<mailto:techsupport@sjcd.edu> if you believe this email is suspicious. Sorry, we do not have nor are we able to provide any such documents. Note that we are an academic research group, not a software company. Also please note that the UCSF Chimera software is no longer actively developed or supported. Regards, Elaine ----- Elaine C. Meng, Ph.D. UCSF Chimera(X) team Department of Pharmaceutical Chemistry University of California, San Francisco
On Aug 9, 2023, at 12:52 PM, Melendez, Aaron via Chimera-users <chimera-users@cgl.ucsf.edu> wrote:
Good afternoon,
San Jacinto College, as part of its new application/vendor procurement process, is evaluating the security posture of Chimera and would like to ask for your help in procuring documentation that proves the security controls in place for the company.
If you have any Information Security documentation you can share with us, it would be greatly appreciated. If an NDA needs to be signed, we would be happy to provide that to you.
Documents that help:
• HECVAT (one will be attached that can be filled out) • SJC Vendor Questionnaire (one will be attached that can be filled out) • Information security policies and procedures • Datacenters or Hosting Providers used. • Incident response plan • Disaster recovery plan • Business continuity plan • System and network architecture diagrams • Penetration testing reports • Vulnerability scan reports
If you can provide the Data Centers that are used and the Hosting Providers, it will also help our evaluation process.
Thank you in advance for your help. Please reach out if you have any questions.
Regards,
e
Aaron C. Melendez Third-Party Risk Analyst The Office of Cybersecurity Cell: (281) 635-2940 (Please call x 2 or Text)
San Jacinto Community College 4624 Fairmont Pkwy, Pasadena, TX 77504 Technical Support: Get help at SanJac ITS | call (281) 998-6137 https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sanjac.edu%2F&data=05%7C01%7CAaron.Melendez%40sjcd.edu%7C448212056703428f357a08db9915da95%7C514efd408efe4f15819f34e56acf1562%7C0%7C0%7C638272091381539660%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2Byi8FfQDE7koauN8d2BypQrzD%2FzWafHU3YOLz5FwR%2B8%3D&reserved=0<http://www.sanjac.edu/> | https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.facebook.com%2Fsanjacintocollege&data=05%7C01%7CAaron.Melendez%40sjcd.edu%7C448212056703428f357a08db9915da95%7C514efd408efe4f15819f34e56acf1562%7C0%7C0%7C638272091381539660%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=0jgavcD5As1GFMfanOUCtXBNT0AqlXJsHZsb7hUFlec%3D&reserved=0<http://www.facebook.com/sanjacintocollege> | @SanJacCollege
<image001.png>
“Under pressure, you don’t rise to the occasion, you sink to the level of your training.” <(Chimera) SJC Risk Assessment Questionnaire.xlsx><HECVAT-Lite.xlsx>_______________________________________________ Chimera-users mailing list -- chimera-users@cgl.ucsf.edu To unsubscribe send an email to chimera-users-leave@cgl.ucsf.edu Archives: https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.cgl.ucsf.edu%2Fmailman%2Farchives%2Flist%2Fchimera-users%40cgl.ucsf.edu%2F&data=05%7C01%7CAaron.Melendez%40sjcd.edu%7C448212056703428f357a08db9915da95%7C514efd408efe4f15819f34e56acf1562%7C0%7C0%7C638272091381539660%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Qlxz%2F0iKrO%2FgCTHTvIaUfK5s2I%2ByH%2FDR0V2RoT38VuQ%3D&reserved=0<https://mail.cgl.ucsf.edu/mailman/archives/list/chimera-users@cgl.ucsf.edu/>

Sorry no, not for these types of questions. I was responding on behalf of the entire Chimera development team here and have nothing to add to what I already said. Again, we don't even have funding to develop or support this program anymore. The chimera-users mailing list is for questions on how to use the software for its intended scientific applications. Best, Elaine ----- Elaine C. Meng, Ph.D. UCSF Chimera(X) team Department of Pharmaceutical Chemistry University of California, San Francisco
On Aug 9, 2023, at 1:24 PM, Melendez, Aaron via Chimera-users <chimera-users@cgl.ucsf.edu> wrote:
Ms. Elaine,
Thank you for responding so quickly and explaining it to me. Hope you have a wonderful day. Is there anyone that could help me if I come across questions that may pertain to Chimera? For context, our assessments are mandated by the State of Texas for all higher education, so just in case there may be an issue I come across. Appreciate anything you can do for us here at San Jacinto.
Best regards, e
Aaron C. Melendez Third-Party Risk Analyst The Office of Cybersecurity Cell: (281) 635-2940 (Please call x 2 or Text)
San Jacinto Community College 4624 Fairmont Pkwy, Pasadena, TX 77504 Technical Support: Get help at SanJac ITS | call (281) 998-6137 www.sanjac.edu | www.facebook.com/sanjacintocollege | @SanJacCollege
<image001.png>
“Under pressure, you don’t rise to the occasion, you sink to the level of your training.”
From: Elaine Meng <meng@cgl.ucsf.edu> Date: Wednesday, August 9, 2023 at 15:18 To: Melendez, Aaron <Aaron.Melendez@sjcd.edu> Cc: chimera-users@cgl.ucsf.edu <chimera-users@cgl.ucsf.edu> Subject: [External] Re: [Chimera-users] San Jacinto College Security Evaluation
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you validate the sender and know the content is safe. Please forward this email to techsupport@sjcd.edu<mailto:techsupport@sjcd.edu> if you believe this email is suspicious.
Sorry, we do not have nor are we able to provide any such documents. Note that we are an academic research group, not a software company.
Also please note that the UCSF Chimera software is no longer actively developed or supported.
Regards, Elaine ----- Elaine C. Meng, Ph.D. UCSF Chimera(X) team Department of Pharmaceutical Chemistry University of California, San Francisco
On Aug 9, 2023, at 12:52 PM, Melendez, Aaron via Chimera-users <chimera-users@cgl.ucsf.edu> wrote:
Good afternoon,
San Jacinto College, as part of its new application/vendor procurement process, is evaluating the security posture of Chimera and would like to ask for your help in procuring documentation that proves the security controls in place for the company.
If you have any Information Security documentation you can share with us, it would be greatly appreciated. If an NDA needs to be signed, we would be happy to provide that to you.
Documents that help:
• HECVAT (one will be attached that can be filled out) • SJC Vendor Questionnaire (one will be attached that can be filled out) • Information security policies and procedures • Datacenters or Hosting Providers used. • Incident response plan • Disaster recovery plan • Business continuity plan • System and network architecture diagrams • Penetration testing reports • Vulnerability scan reports
If you can provide the Data Centers that are used and the Hosting Providers, it will also help our evaluation process.
Thank you in advance for your help. Please reach out if you have any questions.
Regards,
e
Aaron C. Melendez Third-Party Risk Analyst The Office of Cybersecurity Cell: (281) 635-2940 (Please call x 2 or Text)
San Jacinto Community College 4624 Fairmont Pkwy, Pasadena, TX 77504 Technical Support: Get help at SanJac ITS | call (281) 998-6137 https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sanjac.... | https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.faceboo... | @SanJacCollege
<image001.png>
“Under pressure, you don’t rise to the occasion, you sink to the level of your training.” <(Chimera) SJC Risk Assessment Questionnaire.xlsx><HECVAT-Lite.xlsx>_______________________________________________ Chimera-users mailing list -- chimera-users@cgl.ucsf.edu To unsubscribe send an email to chimera-users-leave@cgl.ucsf.edu Archives: https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.cgl.u...
_______________________________________________ Chimera-users mailing list -- chimera-users@cgl.ucsf.edu To unsubscribe send an email to chimera-users-leave@cgl.ucsf.edu Archives: https://mail.cgl.ucsf.edu/mailman/archives/list/chimera-users@cgl.ucsf.edu/

We actively develop and support ChimeraX which is the successor to Chimera and strongly encourage people to use ChimeraX. ChimeraX 1.0 was released 3 years ago and the current version is 1.6. But like Chimera we have no security documentation for ChimeraX. Both are desktop applications that do not listen on network ports. They both fetch data files from research databases using https and run about a half-dozen molecular calculations on web services hosted at UCSF and other academic research organizations. Here is a list of web services and databases that Chimera may use https://www.rbvi.ucsf.edu/chimera/docs/webservices.html and here is the list for ChimeraX https://www.rbvi.ucsf.edu/chimerax/docs/webservices.html Tom ChimeraX developer
On Aug 9, 2023, at 2:19 PM, Elaine Meng via Chimera-users <chimera-users@cgl.ucsf.edu> wrote:
Sorry no, not for these types of questions. I was responding on behalf of the entire Chimera development team here and have nothing to add to what I already said.
Again, we don't even have funding to develop or support this program anymore.
The chimera-users mailing list is for questions on how to use the software for its intended scientific applications.
Best, Elaine ----- Elaine C. Meng, Ph.D. UCSF Chimera(X) team Department of Pharmaceutical Chemistry University of California, San Francisco
On Aug 9, 2023, at 1:24 PM, Melendez, Aaron via Chimera-users <chimera-users@cgl.ucsf.edu> wrote:
Ms. Elaine,
Thank you for responding so quickly and explaining it to me. Hope you have a wonderful day. Is there anyone that could help me if I come across questions that may pertain to Chimera? For context, our assessments are mandated by the State of Texas for all higher education, so just in case there may be an issue I come across. Appreciate anything you can do for us here at San Jacinto.
Best regards, e
Aaron C. Melendez Third-Party Risk Analyst The Office of Cybersecurity Cell: (281) 635-2940 (Please call x 2 or Text)
San Jacinto Community College 4624 Fairmont Pkwy, Pasadena, TX 77504 Technical Support: Get help at SanJac ITS | call (281) 998-6137 www.sanjac.edu | www.facebook.com/sanjacintocollege | @SanJacCollege
<image001.png>
“Under pressure, you don’t rise to the occasion, you sink to the level of your training.”
From: Elaine Meng <meng@cgl.ucsf.edu> Date: Wednesday, August 9, 2023 at 15:18 To: Melendez, Aaron <Aaron.Melendez@sjcd.edu> Cc: chimera-users@cgl.ucsf.edu <chimera-users@cgl.ucsf.edu> Subject: [External] Re: [Chimera-users] San Jacinto College Security Evaluation
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you validate the sender and know the content is safe. Please forward this email to techsupport@sjcd.edu<mailto:techsupport@sjcd.edu> if you believe this email is suspicious.
Sorry, we do not have nor are we able to provide any such documents. Note that we are an academic research group, not a software company.
Also please note that the UCSF Chimera software is no longer actively developed or supported.
Regards, Elaine ----- Elaine C. Meng, Ph.D. UCSF Chimera(X) team Department of Pharmaceutical Chemistry University of California, San Francisco
On Aug 9, 2023, at 12:52 PM, Melendez, Aaron via Chimera-users <chimera-users@cgl.ucsf.edu> wrote:
Good afternoon,
San Jacinto College, as part of its new application/vendor procurement process, is evaluating the security posture of Chimera and would like to ask for your help in procuring documentation that proves the security controls in place for the company.
If you have any Information Security documentation you can share with us, it would be greatly appreciated. If an NDA needs to be signed, we would be happy to provide that to you.
Documents that help:
• HECVAT (one will be attached that can be filled out) • SJC Vendor Questionnaire (one will be attached that can be filled out) • Information security policies and procedures • Datacenters or Hosting Providers used. • Incident response plan • Disaster recovery plan • Business continuity plan • System and network architecture diagrams • Penetration testing reports • Vulnerability scan reports
If you can provide the Data Centers that are used and the Hosting Providers, it will also help our evaluation process.
Thank you in advance for your help. Please reach out if you have any questions.
Regards,
e
Aaron C. Melendez Third-Party Risk Analyst The Office of Cybersecurity Cell: (281) 635-2940 (Please call x 2 or Text)
San Jacinto Community College 4624 Fairmont Pkwy, Pasadena, TX 77504 Technical Support: Get help at SanJac ITS | call (281) 998-6137 https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sanjac.... | https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.faceboo... | @SanJacCollege
<image001.png>
“Under pressure, you don’t rise to the occasion, you sink to the level of your training.” <(Chimera) SJC Risk Assessment Questionnaire.xlsx><HECVAT-Lite.xlsx>_______________________________________________ Chimera-users mailing list -- chimera-users@cgl.ucsf.edu To unsubscribe send an email to chimera-users-leave@cgl.ucsf.edu Archives: https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.cgl.u...
_______________________________________________ Chimera-users mailing list -- chimera-users@cgl.ucsf.edu To unsubscribe send an email to chimera-users-leave@cgl.ucsf.edu Archives: https://mail.cgl.ucsf.edu/mailman/archives/list/chimera-users@cgl.ucsf.edu/
_______________________________________________ Chimera-users mailing list -- chimera-users@cgl.ucsf.edu To unsubscribe send an email to chimera-users-leave@cgl.ucsf.edu Archives: https://mail.cgl.ucsf.edu/mailman/archives/list/chimera-users@cgl.ucsf.edu/
participants (3)
-
Elaine Meng
-
Melendez, Aaron
-
Tom Goddard