Effective Date: March 21, 2008
Expiration Date: December 21, 2016
It is NASA policy to ensure that information technology (IT) and information resources are acquired and managed in a manner that implements the policies, procedures, and priorities of the Agency and the Federal Government. To accomplish this, NASA shall perform the following activities:
a. Mission Enablement: Ensure that IT enables Agency missions, goals, and objectives; and promote the use of IT by the Agency to improve the productivity, efficiency, and effectiveness of Agency programs;
b. IT Infrastructure Management: Manage the IT infrastructure as an integrated end-to-end service to improve security, efficiency, and inter- Center collaboration;
c. IT Application Portfolio Management: Develop and maintain an application portfolio management process to drive application standardization and efficiency;
d. Enterprise Architecture and IT Planning: Develop, maintain, and implement the NASA Enterprise Architecture (EA), Information Resources Management (IRM) Strategic Plan, and other plans, standards, models, documents, and guidance that define the NASA IT environment;
e. IT Policy and Compliance Management: Develop and/or enforce applicable Federal and Agency policies, procedures, standards, and guidelines related to IT investments throughout the investments life cycle. Applicable policy, procedures, standards and guidelines include the management, use, availability, accessibility, integrity, privacy, disclosure, and preservation and disposal of records, information, and information systems;
f. IT Governance: Develop and maintain effective Agency IT governance structure and processes to ensure that IT strategy, investment, implementation, and operations decisions are integrated with organizational planning, budget, financial management, human capital management, and programmatic decisions and processes;
g. IT Investment Management: Ensure that NASA IT investments are selected, controlled, and evaluated through effective IT governance, investment management, and program/project management processes;
h. IT Security Management: Ensure the appropriate confidentiality, integrity and availability of information residing on, or processed by NASA's automated information systems through implementation and enforcement of risk-based policies, procedures, standards, guidelines, control techniques, and training mechanisms;
i. IT Budgeting: Implement Agency planning, programming, budgeting and execution, and program and project management processes to formulate, implement, and operate Agency IT services and initiatives;
j. IT Workforce Planning: Ensure appropriate competency of the NASA IT workforce through training, mentoring, and professional development. Ensure that required skills are identified, developed, recruited, retained, and available to support Agency activities;
k. E-Government: Conduct E-Government activities, represent the Agency in Federal activities involving IT or information management, and ensure the successful completion of actions related to these areas; and
n. IT Reporting: Report externally to the Office of Management and Budget (OMB), Congress, the Government Accountability Office and other entities, as required, on NASA's IT and information management activities.
a. This NPD applies to NASA Headquarters and NASA Centers, including component facilities and contractors to the extent specified in their contracts.
b. This NPD applies to all Agency IT and information resources, including specialized mission IT, unless expressly excluded by the NASA Chief Information Officer (CIO).
a. 42 U.S.C. 2473 (c)(1), section 203(c)(1) of the National Aeronautics and Space Act of 1958, as amended.
b. 44 U.S.C. 3601 et seq., E-Government Act of 2002 (Public Law 107-347), as amended.
c. 40 U.S.C. º 11101 et seq., Clinger-Cohen Act of 1996.
d. 44 U.S.C. 3501 et seq., Paperwork Reduction Act of 1995 (Public Law 104-13), as amended.
a. NPD 1000.0, Strategic Management and Governance Handbook.
b. NPD 1001.0, 2006 NASA Strategic Plan.
a. The NASA CIO has the responsibility, authority, and accountability for conducting the activities listed in the Policy section above. The NASA CIO shall:
(1) Advise and assist the Administrator and other Agency senior staff. Report to the Agency Strategic Management Council, Program Management Council and Operations Management Council to ensure that IT and information resources are managed in a manner that best serves the Agency and aligns with Federal policies and directions.
(2) Advise Agency senior managers on the strategic use of IT to support core business processes and to achieve mission-critical goals to ensure a structured environment for expanded and continual IT-enabled business process improvement, innovative strategic planning for IT services, and strategic alignment of business systems.
(3) Ensure NASA information systems meet customer and stakeholder requirements.
(4) Ensure effective communication and dissemination of information concerning NASA's IT activities.
b. Each Center Director and the Deputy Assistant Administrator for Headquarters Operations, with the NASA CIO's concurrence, shall:
(1) Appoint a Center CIO to represent their Center on IT matters.
(2) Ensure that the Center CIO has adequate resources and authority to adhere to this policy.
(3) Implement a Center IT governance process that is supportive of, and aligned with, Agency IT governance processes.
c. The IT Strategy and Investment Board (SIB), chaired by the NASA CIO, is chartered with making decisions associated with the Agency's IT and information management strategy, enterprise architecture, and prioritization/selection of the Agency's IT investments. The IT SIB is comprised of senior management from all Mission Directorates, all NASA Centers, and select mission support and staff organizations. The IT Program Management Board and IT Management Board are subordinate to the IT SIB. Lower level subboards and working groups may be chartered by this board, as necessary.
d. The IT Program Management Board (PMB), chaired by the NASA Deputy CIO, is chartered with overseeing IT programs, projects, and initiatives in the formulation and implementation phase of the system lifecycle to ensure cost, schedule, performance and risk objectives are met. The IT PMB includes stakeholder membership from a subset of the Mission Directorates, NASA Centers, Mission Support Offices, and staff offices. Lower level subboards and working groups may be chartered by this board, as necessary.
e. The IT Management Board (ITMB), chaired by the NASA CIO, or designee, is chartered with making decisions regarding performance, integration, and other issues pertaining to operational systems. The ITMB also serves as a senior-level Configuration Control Board (CCB) for Agency infrastructure projects, reviewing, and approving high-level infrastructure requirements. The ITMB membership includes the Associate CIO for Architecture and Infrastructure, Center CIOs, the Deputy CIO for IT Security, the Agency Enterprise Architect, and a representative from each Mission Directorate. Lower level subboards and working groups may be chartered by this board, as necessary.
f. The NASA CIO shall collaborate with the following Agency officials on matters pertaining to specific IT areas:
(1) The Chief Financial Officer (CFO) for financial management systems as required by the CFO Act and the Clinger-Cohen Act;
(2) The Assistant Administrator for Security and Program Protection for matters pertaining to information protection and crimes involving information systems;
(3) The Assistant Administrator for Human Capital Management for activities related to the strategic management of the Agency's IT workforce;
(4) The Chief Engineer and Chief for Safety and Mission Assurance for IT-related matters that impact engineering, program and project management, and mission safety;
(5) The Deputy Chief Acquisition Officer for matters concerning the acquisition of IT, and the flow down of IT-related policies and regulations into procurement instruments;
(6) The Assistant Administrator for Diversity and Equal Opportunity for assistance, advice, and coordination to ensure voluntary compliance with equal opportunity requirements regarding the accessibility of electronic and information electronic technology and comparable access to information for persons with disabilities;
(7) The Chief Health and Medical Officer for IT-related matters concerning the development and implementation of an Agency-wide electronic health records system;
(8) The General Counsel for legal advice concerning the development and implementation of IT policies and relative to the flow down of policies and regulations into applicable Space Act Agreements;
(9) The Inspector General for activities related to the security and management of NASA's critical IT assets and their protection from threats, vulnerabilities, and unauthorized use;
(10) Mission Directorates and Mission Support Offices to ensure the following IT-related functions are carried out, to the extent they are appropriate and necessary, within Mission Directorates and Mission Support Offices: (1) Relationship Management, (2) EA, and (3) IT Security; and
(11) Mission Directorates on the determination of highly-specialized mission IT and its applicability to policies listed in Attachment A.
The NASA CIO delegates to the Center CIOs the responsibility, authority, and accountability to ensure that Center IT investments, support, services, solution architectures, policies, procedures, standards, guidelines, and practices align with Federal and Agency requirements and directions. They shall support the NASA CIO in the review of IT investments and ensure Center compliance with the Agency's IT and information management policies and procedures, including CPIC, EA, IT security, records management, and privacy.
Center CIOs shall ensure the following functions are performed: (1) Relationship management, (2) EA, (3) IT Security, (4) Governance and Policy, (5) Resource Management, (6) Innovation Management, (7) Service Management and Delivery, (8) Project Management, and (9) Performance Management.
Performance measures relative to implementation of this policy are outlined in NASA's Annual Information Resources Management Strategic Plan, Federal Information Security Management Act reporting, and Agency E-Government Implementation Plan. Verification is ensured through the NASA CIO internal controls program, the Agency's annual statement of assurance process, and the OMB quarterly E-Government scorecard assessment.
NPD 2800.1A, dated August 18, 2004.
ATTACHMENT A: (TEXT)
a. NPD 1000.3, The NASA Organization.
c. NPD 1440.6, NASA Records Management.
d. NPD 1490.1, NASA Printing, Duplicating and Copy Management.
e. NPD 2081.1, Nondiscrimination in Federally Assisted and Conducted Programs of NASA.
f. NPD 2200.1, Management of NASA Scientific and Technical Information (STI).
g. NPR 2800.1, Managing Information Technology.
h. NPD 2810.1, NASA Information Security Policy.
i. NPR 2810.1, Security of Information Technology.
j. NPD 2820.1, NASA Software Policies.
k. NPD 2830.1, NASA Enterprise Architecture.
l. NPR 2830.1, NASA Enterprise Architecture Procedures.
m. NPD 7120.4, Program/Project Management.
n. NPR 7120.5, NASA Program and Project Management Processes and Requirements.
o. NPR 7120.7, NASA Information Technology and Institutional Infrastructure Program and Project Management Requirements.
p. NPR 7150.2, NASA Software Engineering Requirements.
q. Management of Federal Information Resources, OMB Circular A-130.
r. Preparation, Submission, and Execution of the Budget, OMB Circular A-11.