| NODIS Library | Legal Policies(2000s) | Search |

NASA Ball NASA
Procedural
Requirements 		NPR 2810.1A
Effective Date: May 16, 2006
Expiration Date: May 16, 2016
COMPLIANCE IS MANDATORY
(NASA Only)

Subject: Security of Information Technology (Revalidated with Change 1, dated May 19, 2011)

Responsible Office: Office of the Chief Information Officer


View all pages in PDF

Table of Contents

Change History

Preface

P.1 Purpose
P.2 Applicability
P.3 Authority
P.4 Applicable Documents
P.5 Measurement/Verfication
P.6 Cancellation

Chapter 1 Information Security Management

1.1 Overview
1.2 Roles and Responsibilities

Chapter 2 Management Controls

2.1 Program Management (PM)
2.2 Security Assessment and Authorization (CA)
2.3 Planning (PL)
2.4 Risk Assessment (RA)
2.5 System and Services Acquisitions (SA)

Chapter 3 Operational Controls

3.1 Awareness and Training (AT)
3.2 Configuration Management (CM)
3.3 Contingency Planning (CP)
3.4 Incident Response and Management (IR)
3.5 Maintenance (MA)
3.6 Media Protection (MP)
3.7 Physical and Environmental Protection (PE)
3.8 Personnel Security (PS)
3.9 System and Information Integrity (SI)

Chapter 4 Technical Controls

4.1 Access Control (AC)
4.2 Audit and Accountability (AU)
4.3 Identifcation and Authentication (IA)
4.4 System and Communications Protection (SC)

Appendix A Definitions
Appendix B Acronym
Appendix C Responsibility Cross-Walk
Appendix D Role Definitions
Appendix E References


DISTRIBUTION:
NODIS

This Document Is Uncontrolled When Printed.
Check the NASA Online Directives Information System (NODIS) Library
to Verify that this is the correct version before use: http://nodis3.gsfc.nasa.gov