| NODIS Library | Legal Policies(2000s) | Search |

NASA Ball NASA
Procedural
Requirements
NPR 2810.1A
Effective Date: May 16, 2006
Expiration Date: May 16, 2011
COMPLIANCE IS MANDATORY

(NASA Only)

Subject: Security of Information Technology

Responsible Office: Office of the Chief Information Officer


View all pages in PDF

Table of Contents

Preface

P.1 Purpose
P.2 Applicability
P.3 Authority
P.4 References
P.5 Cancellation

Section I NASA IT Security Program

Chapter 1 Introduction, Laws and Regulations, Capital Planning, and Metrics

1.1 Introduction
1.2 Laws and Regulations
1.3 Policy Requirements
1.4 Capital Planning
1.5 Metrics

Chapter 2 Roles and Responsibilities

2.1 Roles and Responsibilities Overview
2.2 Senior Management
2.3 IT Security System and Information Owners
2.4 Center IT Security Supporting Functions
2.5 Certification and Accreditation Roles

Figure 2-1, NASA Senior IT Security Management Working Relationship
Figure 2-2, Figure 2-2 IT Security System and Information Owners
Figure 2-3, Figure 2-3 Center IT Security Supporting Functions

Chapter 3 IT Program and System Security Assessments

3.1 IT Program and System Security Assessments Overview
3.2 IT Program and System Security Assessments Requirements
3.3 Additional IT Program and System Security Assessments References

Chapter 4 Contracts, Grants, and Agreements

4.1 Contracts, Grants, and Agreements Overview
4.2 Contract Instruments
4.3 Grants, Cooperative Agreements, and Special Volunteer Program Instruments
4.4 Additional Contract, Grant, and Agreement Instruments References

Section II Defining The System

Chapter 5 System Development Life Cycle

5.1 System Development Life Cycle Overview
5.2 System Development Life Cycle Requirements
5.3 Additional System Development Life Cycle Requirements

Figure 5-1 Life Cycle Phases and other IT Security Elements

Chapter 6 Information and Information System IT Security Strategy

Chapter 7 System Characterization, Information Categorization, System Types, and System Boundaries

7.1 System Characterization
7.2 Categorization of Information
7.3 Categorization of Information Requirements
7.4 Information Technology System Types
7.5 System Boundaries
7.6 Additional System Characterization, Information Categorization, System Types, and System Boundaries References

Figure 7-1 Security Category Expression

Chapter 8 Master and Subordinate IT Systems

8.1 Designation of Master and Subordinate IT Systems
8.2 Master and Subordinate IT Systems Requirements
8.3 Additional Master and Subordinate IT System References

Chapter 9 System Interconnectivity

9.1 Interconnected Systems
9.2 Interconnectivity Requirements
9.3 Additional Interconnected Systems References

Chapter 10 Products and Services

10.1 Acquisition of Products and Services
10.2 Acquisition Process Requirements
10.3 Selection of Services Requirements
10.4 Selection of Products Requirements
10.5 Additional Products and Services References

Chapter 11 Security Controls

11.1 Controls
11.2 NIST Security Controls
11.3 NASA-Wide Common Security Controls
11.4 Additional Security Controls References

Figure 11-1, Sample Security Controls Assessment Table
Figure 11-2, Appropriate Use Policy Statement
Figure 11-3, NASA-Approved Warning Banner
Figure 11-4, Information Appropriate for Publication on the Internet

Section III Management Controls

Chapter 12 IT Security Risk Management

12.1 IT Security Risk Management Overview
12.2 Risk Management Process Requirements
12.3 Additional IT Security Risk Management References

Chapter 13 IT System Security Planning

13.1 IT System Security Planning Overview
13.2 IT System Security Plan Requirements
13.3 Additional IT System Security Plan References

Chapter 14 System Certification and Accreditation

14.1 Certification and Accreditation
14.2 Certification Process
14.3 Certification Process Requirements
14.4 Accreditation Process
14.5 Accreditation Process Requirements
14.6 Additional Certification and Accreditation References

Figure 14-1 Authorizing Officials

Section IV Operational Controls

Chapter 15 System Contingency Planning

15.1 Contingency Planning
15.2 Business Impact Analysis
15.3 Contingency Planning Requirements
15.4 Additional System Contingency Planning References

Chapter 16 Network and System Monitoring

16.1 Monitoring of Electronic Data on NASA Computer Networks
16.2 Periodic Testing and Security Controls Assessment
16.3 Continuous Monitoring Requirements
16.4 Network Testing and Vulnerability Scanning
16.5 Configuration Management
16.6 Additional Network and System Monitoring References

Chapter 17 Security Incident Handling and Reporting

17.1 Incident Handling and Reporting
17.2 Incident Handling and Reporting Requirements
17.3 Additional Security Incident Handling and Reporting References

Figure 17-1 Incident Classification Framework

Chapter 18 IT Security Awareness and Training

18.1 Awareness and Training
18.2 Awareness and Training Requirements
18.3 Additional IT Security Awareness and Training References

Section V Technical Controls

Chapter 19 Account Management

19.1 Identification and Authentication
19.2 Account Management Requirements

Chapter 20 Logical Access

20.1 Logical Access Overview
20.2 Logical Access Requirements
20.3 Additional Logical Access References

Chapter 21 Audit Trails and Accountability

21.1 Audit Trails and Accountability Overview
21.2 Audit Trail and Accountability Requirements
21.3 Additional Audit Trail and Accountability References

Section VI Appendices

Appendix A Acronym List
Appendix B Glossary


DISTRIBUTION:
NODIS


This Document Is Uncontrolled When Printed.
Check the NASA Online Directives Information System (NODIS) Library
to Verify that this is the correct version before use: http://nodis3.gsfc.nasa.gov