| NODIS Library | Organization and Administration(1000s) | Search |

NPR 1600.4
Effective Date: August 01, 2012
Expiration Date: August 01, 2017
Printable Format (PDF)

(NASA Only)

Subject: Identity and Credential Management

Responsible Office: Office of Protective Services

| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | AppendixA | AppendixB | AppendixC | AppendixD | ALL |

Appendix A: Definitions

Access - The ability to obtain and use information and related information processing services; and/or enter specific physical facilities (e.g., Federal buildings, military establishments, and border crossing entrances).

Access Control - The process of granting or denying specific access requests.

Accreditation - Formal declaration by a Designated Approving Authority (DAA) that an IT system is approved to operate in a particular security mode for the purpose of processing CNSI, using a prescribed set of safeguards. Accreditation Authority is synonymous with DAA.

Adjudication - A fair and logical Agency determination, based upon established adjudicative guidelines and sufficient investigative information, as to whether or not an individual's access to classified information, suitability for employment with the U.S. Government, or access to NASA facilities, information, or IT resources is in the best interest of national security or efficiency of the Government.

Asset - A system, object, person, or any combination thereof that has importance or value; includes contracts, facilities, property, records, unobligated or unexpended balances of appropriations, and other funds or resources.

Authorized holder - Anyone who satisfies the conditions for access to classified information in accordance with Section 4.1 (a) in Exec. Order No. 13,526.

Authentication - (1) The validation and confirmation of a person's claim of identity. (2) The validation and identification of a computer network node, transmission, or message. (3) The process of establishing confidence of authenticity. (4) Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to facilities and information systems.

Authorization - The privilege granted to a subject (e.g., individual, program, or process) by a designated official to do something, such as access information based on the individual's need to know.

Background Investigation - The process of looking up and compiling criminal records, commercial records, and financial records of an individual.

Center Chief of Security (CCS) - The senior Center security official who is responsible for management of the Center security program.

Certification - A formal process used by the certifying official to ensure that an individual has met all established training requirements as necessary to perform their security responsibilities.

Component Facilities - NASA-owned facilities not located on any NASA Center (e.g., Michoud Assembly Facility, Wallops Flight Facility, White Sands Test Facility, and NASA IV&V).

Contractor - For the purpose of this NPR, any non-NASA entity or individual working on a NASA installation or accessing NASA IT for an employer who is subject to Executive Order 11246..

Credential - A physical/tangible or electronic object through which data elements associated with an individual are bound to the individual's identity. Credentials are presented to access control systems in order to gain access to assets.

Debarment - Official determination made in writing by the Center Director or CCS that bars, for cause, an individual from accessing NASA property.

Escort - The management of a visitor's movements and/or accesses implemented through the constant presence and monitoring of the visitor by appropriately designated and properly trained U.S. Government or approved contractor personnel. Training shall include the purpose of the visit, where the individual may access the Center, where the individual may go, whom the individual is to meet, authorized topics of discussion, etc.

Exception - The approved continuance of a condition authorized by the AA for Protective Services that varies from a requirement and implements risk management on the designated vulnerability.

Executive Order (EO) - An order issued by or on behalf of the President, usually intended to direct or instruct the actions of executive agencies or Government officials, or to set policies for the executive branch to follow.

Foreign National - A synonym for "foreign person" (see definition of "Foreign Person" below).

Foreign Person - Any person who is not a U.S. citizen and who is not a lawful permanent resident as defined by 8 U.S.C. 1101(a) (20) or any person who is not a protected individual as defined by 8 U.S.C. 1324b(a) (3). This also means any foreign corporation, business association, partnership, trust, society or any other entity or group that is not incorporated or organized to do business in the U.S., as well as any international organizations, any foreign government, and any agency or subdivision of foreign governments (e.g., diplomatic missions).

Grant Recipient - Organization (i.e., universities, nonprofits, etc.) or individual that has received official designation and funding to perform specific research on behalf of NASA.

I-9 document - One of the documents listed on the OMB Form I-9, Employment Eligibility Verification.

Identity - The set of attributes that uniquely identify an individual for the purpose of gaining logical and physical access to protected resources and identification in electronic transactions.

Identity Proofing - The process for providing sufficient information (e.g., identity history, credentials, and documents) to a Registration Authority (RA) when attempting to establish an identity or issue a credential.

Identity Verification - The process of confirming or denying that a claimed identity is correct by comparing the credentials (something you know, something you have, something you are) of a person requesting access with those previously proven and stored in the credential or system and associated with the identity being claimed.

Identity Vetting - A review of information about a person for possible approval or acceptance. In this document, a vetted person has been reviewed to determine eligibility for access to NASA physical and/or logical assets.

International Partners - Foreign entities or persons who are involved in a particular international program or project under an International Space Act Agreement (ISAA).

Lawful Permanent Resident (LPR) - Replaces the term "Permanent Resident Alien (PRA)" - A non-U.S. citizen, legally permitted to reside and work within the U.S. and issued the Resident Alien Identification (Green Card). Afforded all the rights and privileges of a U.S. citizen with the exception of voting, holding public office, employment in the federal sector (except for specific needs or under temporary appointments per 5 CFR, Part 7, Section 7.4), and access to classified national security information (CSNI). (NOTE: LPR's are not prohibited from accessing export controlled commodities, but will still have a work-related "need-to-know" and are still considered foreign nationals under immigration laws.

Limited privileged access - Granted to a user to use system-level commands and files to bypass security controls for part of a system.

Logical Access - Access to information records, data, information technology systems and applications. Name check - A background check procedure performed by the Federal Bureau of Investigation (FBI). The FBI name check is performed by the FBI as a part of the National Name Check Program which dates back to EO 10450, issued during the Eisenhower Administration. The FBI name check for an individual involves a search of the FBIs Central Records System Universal Index for any appearance of the name of the individual, as well as close phonetic variants and permutations of that name, in any of the records stored in the Universal Index. If any such occurrences are found, the name check also involves retrieval and analysis of the relevant paper and electronic files from local FBI offices and from other law-enforcement agencies. NASA-Controlled Facility - NASA Centers and individual facilities where access is controlled by issuance and mandatory use of photo-identification badges, armed security force personnel, and electronic access control systems to ensure only authorized personnel are admitted.

NASA PHOTO-ID - Refers to the NASA photo-ID that has any number of imbedded and external technologies capable of activating any type of facility, IT, or personal recognition access control system. Technology shall include: Exterior bar code and magnetic stripe embedded proximity chip, and embedded "smart card" chip.

NASA National Agency Check - A Check conducted electronically by NASA Security Offices of the files of the FBI (including fingerprint files), Office of Defense Central Index of Investigations (DCII), the Office of Personnel Management (OPM), or other Government agencies, as appropriate. The files of the Bureau of Immigration and Customs Enforcement (BICE), the Central Intelligence Agency (CIA), and the U.S. State Department shall be reviewed, as available, when the individual is a resident alien or naturalized citizen of the United States.

National Agency Check (NAC) - The NAC is a search of the following four indices:

a. U.S. Office of Personnel Management (U.S. OPM) Security/Suitability Investigations Index (SII) contains investigations completed by U.S. OPM and by other Federal agencies.

b. Federal Bureau of Investigation (FBI) Identification Division (FBIF) contains a fingerprint index and name file.

c. FBI Records Management Division (FBIN) contains files and records of all other investigations (e.g., background, criminal, loyalty, intelligence); and

d. Defense Clearance and Investigations Index (DCII) contains investigations, including criminal investigations, conducted on civilian and military personnel in the Department of Defense.

(Note: The NAC is not a background investigation. It is one of the components that make up a background investigation.)

National Agency Check and Inquiries (NACI) - The NACI is a NAC that also includes written inquiries sent to employers, educational sources, law enforcement agencies, and references. The NACI is the minimum acceptable investigation for access to government facilities.

Non-designated Country - A country with which the United States has favorable diplomatic relations.

Permanent Resident Alien (PRA) - A non-U.S. citizen legally permitted to reside and work within the United States and issued the Resident Alien Identification (Green Card). Afforded all the rights and privileges of a U.S. citizen with the exception of voting, holding public office, employment in the Federal sector (except for specific needs or under temporary appointments per 5 CFR, Part 7, Section 7.4), and access to CNSI.

(NOTE: PRA's are not prohibited from accessing export controlled commodities but will still have a work related "need-to-know" and are still considered Foreign nationals under immigration laws.)

Privileged Access - Access granted to a user so that files, processes, and system commands are readable, writable, executable, and/or transferable. This allows a user to bypass security controls.

Protected Persons - A non-U.S. citizen allowed into the country under "refugee," "displaced person," and "religious or political" persecution status.

Revocation - The removal of an individual's eligibility to access physical or logical assets based upon an adjudication that continued access poses a risk to the Agency.

Risk Acceptance - An official acknowledgement by a management official that they accept the risk posed by not implementing a recommendation or requirement, designed to reduce or mitigate the risk.

Risk Assessment - A formal process whereby a project, program, or event is evaluated to determine the types and level of risk associated with its implementation.

Risk Management - A means whereby NASA management implements select measures designed to reduce or mitigate known risks.

Smartcard - Credential issued with an individual's unique vetted identity information encoded and physically printed on the exterior and with embedded integrated circuits which can process data.

Transient - A person (i.e., construction worker, club member, childcare drop off/pickup, delivery driver, retiree, Center transit, and others approved by Center Chiefs of Protective Services/Security) who requires intermittent access for 180 days or more.

U.S. Person (non-U.S. Citizen) - For the purpose of implementing protection and accountability under the ITAR; a person who is a LPR as defined by 8 U.S.C. 1101(a)(20) or who is a protected individual as defined by 8 U.S.C. 1324b(a)(3). It also means any corporation, business association, partnership, society, trust, or any other entity, organization or group that is incorporated to do business in the U.S. It also includes any governmental (Federal, state, or local) entity. It does not include any foreign person as defined in this chapter.

Visitor - Any person who needs physical access to a NASA facility for less than 30 days.

Waiver - The approved continuance of a condition authorized by the AA for Protective Services that varies from a requirement and implements risk management on the designated vulnerability.

| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | AppendixA | AppendixB | AppendixC | AppendixD | ALL |
| NODIS Library | Organization and Administration(1000s) | Search |


This Document Is Uncontrolled When Printed.
Check the NASA Online Directives Information System (NODIS) Library
to Verify that this is the correct version before use: http://nodis3.gsfc.nasa.gov