Procedural
Requirements
Effective Date: August 10, 2007
Expiration Date: June 28, 2013
|
|
NASA Procedural Requirements |
NPR 1382.1 Effective Date: August 10, 2007 Expiration Date: June 28, 2013 |
| | TOC | ChangeHistory | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | AppendixA | AppendixB | AppendixC | AppendixD | AppendixE | AppendixF | AppendixG | AppendixH | AppendixI | ALL | |
| Responsible Party | Requirement | Measure | Frequency | Party with Measure Responsibility |
|---|---|---|---|---|
| Application Owner | Log and verify all computer-readable data extracts from databases holding PII and extracts erasure within 90 days. | Spot sample as part of an annual review conducted by the NASA OCIO. | Annual | NASA OCIO |
| Application & System Owner | Ensure that PII for individuals is protected. | As part of its C&A process, the NASA OCIO will verify compliance via an annual sampling of IPTAs and PIAs will be accomplished by the NASA OCIO of completed IPTAs and PIAs to verify accurate reflection of the data being collected and appropriateness of system controls. | Annual | NASA OCIO |
| System Owner | Ensure that system meets requirements in this NPR for remote access of PII. | As part of an annual review, spot sample systems to ensure they: • Only allow remote access to system PII via two-factor authentication. • Employ a "time-out" function for remote access, requiring user reauthentication after 30 minutes of inactivity. | Annual | NASA OCIO |
| SOR System Owner | Log disclosures from the SOR. | Review a sampling of SOR disclosure logs and ensure compliance with approved uses. | Every four years | NASA OCIO |
| SOR System Owner | Publication of a SORN for new or modified SORs. | Review a sampling of IPTAs for proper citation of an appropriate SORN for applications and systems maintaining IIF that is retrieved by name or personal identifier. | Biennial | NASA OCIO |
| SOR System Owner | Compliance with SOR requirements in this NPR. | Review a sampling of NASA SORs to verify: • Existence of proper contract clauses in contracts for which NASA SORs are managed by contractors. • Functioning procedures to dispose of records in accordance with approved retention schedules. • SOR logs reveal information disclosures only in accordance with approved uses. • Implemented procedures to ensure system record accuracy, relevance, timeliness, and completeness. • Effective presentation of required Privacy Act statements at points of collection. • Proper training of persons involved in the design, development, operation, or maintenance of SORs. | Biennial | NASA OCIO |
| NASA OCIO | Review and approve all fully completed PIAs. | Conduct an assessment at the end of each fiscal year to validate that the number of PIAs made public equal the number of PIAs approved. | Annual | NASA OCIO |
| Users | Encrypt all PII on mobile computers/devices. | Spot sample as part of an annual review. | Annual | NASA OCIO |
| Web Site Curators | Ensure the proper linking to and posting of Web privacy statements, as required, as they relate to the NASA policy and the sites' use of persistent cookies and collection of PII from the public, including children. | Checks on a sampling of Web sites for appropriate privacy policy statements as prescribed in this NPR. | Annual | NASA OCIO |
| Web Site RNOs | Ensure reasonable efforts to provide parents or legal guardians of children with notice of the site's information practices and obtain verifiable parental consent to those practices before IIF is collected from a child. | Spot sample as part of a review conducted by the NASA OCIO. | Annual | NASA OCIO |
| Web Site RNOs | For Web sites employing persistent cookies, obtain prior approval from the NASA CIO to use persistent tracking. | Annual | NASA OCIO |
| TOC | ChangeHistory | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | AppendixA | AppendixB | AppendixC | AppendixD | AppendixE | AppendixF | AppendixG | AppendixH | AppendixI | ALL | |
| | NODIS Library | Organization and Administration(1000s) | Search | |