Effective Date: January 06, 2011
Expiration Date: January 06, 2016
|| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | AppendixA | AppendixB | AppendixC | ALL ||
This document establishes requirements and responsibilities for the policy set forth in NASA Policy Directive (NPD) 2800.1, Managing Information Technology, in order to properly manage identity, credential, and access management (ICAM) services as an integrated end-to-end service to improve security, efficiency, and inter-Center collaboration. In order to meet Federal requirements established by the Office of Management and Budget (OMB) and the National Institute of Standards and Technology (NIST), and documented in the Federal ICAM Roadmap and Implementation Guidance, this NASA Procedural Requirement (NPR) establishes Agency-wide enterprise services that all Centers and applications shall use.
This NASA Procedural Requirement (NPR) is applicable to NASA Headquarters and NASA Centers, including Component Facilities and Technical and Service Support Centers. This language applies to the Jet Propulsion Laboratory (JPL), other contractors, grant recipients, or parties to agreements only to the extent specified or referenced in the appropriate contracts, grants, or agreements.
a. NPD 2800.1, Managing Information Technology.
b. NPD 2810.1, NASA Information Security Policy.
c. NPR 1600.1, NASA Security Program Procedural Requirements.
d. NPD 2190.1, NASA Export Control Program.
a. National Institute of Standards and Technology (NIST) Special Publication (SP) 800-63, Electronic Authentication Guideline.
b. NIST SP 800-82, DRAFT Guide to Industrial Control Systems (ICS) Security.
c. x.509 Certificate Policy For The U.S. Federal PKI Common Policy Framework.
d. Personal Identity Verification Interoperability For Non-Federal Issuers.
e. IT-HBK-2841-001, Identity, Credential, and Access Management (ICAM) Services Handbook.
f. IT-SOP-2841-001, Identity Providers and Credential Service Providers Standard Operating Procedure (SOP).
g. IT-SOP-2841-002, ICAM Services Deviation SOP.
Two measurements used to determine compliance with this NPR are:
a. Are assets properly registered in the asset registration system (ref. 3.6.a)? To determine Center compliance with this NPR, the Office of the Chief Information Officer (OCIO) compares the asset registry with Information Technology (IT) System Security Plans, Internet Protocol (IP) address registrations, and other sources of asset data.
b. Are assets properly utilizing Agency identities, credentials, and access management services? To determine Center compliance with this NPR, OCIO reviews reports from the asset registration system, IT System Security Plans, and information from ICAM services.
Linda Y. Cureton
Chief Information Officer
| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | AppendixA | AppendixB | AppendixC | ALL |
|| NODIS Library | Legal Policies(2000s) | Search ||