Effective Date: August 01, 2012
Expiration Date: August 01, 2017
|| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | AppendixA | AppendixB | AppendixC | AppendixD | ALL ||
a. This NASA directive establishes Agency-wide identity and credential management policy and establishes high-level implementation requirements as set forth in NASA Policy Directive (NPD) 1600.2, NASA Security Policy, as amended. Identity and credential management are the activities that deal with identifying individuals and controlling their access to resources (e.g. facilities and IT systems) by associating user rights and restrictions with the established identity.
b. This NASA directive prescribes personnel responsibilities and procedural requirements for the creation, usage, and management of identities and the creation and issuance of identity credentials to assist NASA Centers and Component Facilities in executing the NASA security program to protect people, property, and information.
a. This NASA directive is applicable to NASA Headquarters and NASA Centers, including Component Facilities and Technical and Service Support Centers. This language applies to JPL (a Federally Funded Research and Development Center), other contractors, grant recipients, or parties to agreements only to the extent specified or referenced in the appropriate contracts, grants, or agreements.
b. This NASA directive is applicable to all other personnel completing work through Space Act Agreements or Memorandums of Agreement/Understanding, those assigned or detailed under the Intergovernmental Personnel Act, partners, cooperative agreements, and visitors.
National and Commercial Space Programs, 51 U.S.C. § 20132, Public Law 111-314, 124 Stat. 3328 (2010).
a. E-Gov Act of 2002, Pub. L. No.107-347, 116 Stat. 2899 (2002), 44 U.S.C. Ch 36.
b. Rehabilitation Act of 1973, Public Law 93-112, 29 U.S.C. Ch 29.
c. Privacy Act of 1974, U.S. Pub. L. No.93-579, 88 Stat. 1896, (1974).
d. Security requirements for Government employment Exec. Order No. 10450, 3 CFR 936 (1949-1953).
e. Equal employment opportunity Exec. Order No.11246.
f. Access to Classified Information Exec. Order No.12968, 3 CFR 391 (1995 Comp).
g. Suitability Determinations - Subpart B, 5 CFR § 731.202 and 5 CFR § 731.501.
h. Office of Management and Budget (OMB) Memo M-05-24, August 5, 2005, "Implementation of Homeland Security Presidential Directive (HSPD)-12 Policy for a Common Identification Standard for Federal Employees and Contractors."
i. NASA Procedural Requirement (NPR) 1382.1, NASA Privacy Procedural Requirements.
j. NPR 1600.1, Security Program Procedural Requirement.
k. NPR 2190.1, NASA Export Control Program.
l. NPR 2810.1, Security of Information Technology.
m. NASA Grant Information Circular (GIC) 06-02, September 22, 2006.
n. Federal Acquisition Regulation Clause 52.204-9, Personal Identity Verification (PIV) of Contractor Personnel.
o. Federal Information Processing Standards Publication 201 (FIPS 201).
p. NIST Special Publication (SP) 800-79, Guidelines for the Certification and Accreditation of PIV Card Issuing Organizations.
q. NIST SP 800-104, A Scheme for PIV Visual Card Topography.
r. Homeland Security Presidential Directive 12 (HSPD-12).
s. X.509 Certificate Policy for the U.S. Federal Public Key Infrastructure (PKI) Common Policy Framework, v2.5 October 16, 2006.
t. NPR2841.1, Identity, Credential, and Access Management Services.
u. NPR 1600, NASA Personnel Security.
v. Office of Personnel Management (OPM) Federal Investigations Notice No. 10-05, May 17, 2010, "Reminder to Agencies of the Standards for Issuing Credentials under HSPD-12."
w. NIST Special Publication (SP) 800-53, May 1, 2010, Recommended Security Controls for Federal Information Systems and Organizations.
x. Office of Management and Budget (OMB) Memo M-11-11, February 3, 2011, "Continued Implementation of Homeland Security Presidential Directive (HSPD)-12 Policy for a Common Identification Standard for Federal Employees and Contractors."
To determine compliance with this NASA directive, the Office of Protective Services (OPS) shall provide assessments/audits of the application of this policy requirement. This will consist of periodic reporting from the Centers, including information collected for the satisfaction of OMB. The specific metrics utilized will conform to those described in Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance, Version 1.0, November 10, 2009.
a. NPD 1600.2E, NASA Security Policy dated April 28, 2004.
b. NPR 1371.2, Processing Requests for Access to NASA Installations or Facilities by Foreign Nationals or U.S. Citizens Who are Reps of Foreign Entities dated April 7, 2003, cancelled on June 3, 2011.
c. NPR 1600.1, NASA Protective Services Program Requirements, Appendix J, dated August 1, 2012.
d. NASA Memorandum (NM) 1600-46, Security Identification System Requirements dated January 19, 2007.
e. NM 1600-50, Photo Identification Color-Coding Requirements dated September 6, 2006.
f. NM 1600-52, Personal Identity Verification Policy and Procedures dated May 24, 2007.
g. NM 1600-95, NASA Interim Directive (NID): NASA Identity and Credential Management dated June 3, 2011.
h. NASA Interim Directive (NID) 1600-96 NASA Personnel Security dated July 20, 2011.
i. Memorandum for Center Chiefs of Security, Center ICAM Business Leads signed by OPS AA Jack L. Forsythe, July 20, 2010, "Changes to Foreign National Processing."
j. Letter signed by Will Morrison for Jack L. Forsythe, May 2, 2008, "Interim Guidance for the Vetting of Foreign Nationals Post Issuance of Homeland Security Presidential 12 (HSPD-12)."
k. Letter signed by OSPP AA David A. Saleeba, December 4, 2007, "Interim Revision to Foreign National Escort Policy Requirements."
Dr. Woodrow Whitlow, Jr.
Mission Support Directorate
| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | AppendixA | AppendixB | AppendixC | AppendixD | ALL |
|| NODIS Library | Organization and Administration(1000s) | Search ||