![[NASA Logo]](../Images/nasaball.gif)
| |
NASA Procedures and Guidelines |
This Document is Obsolete and Is No Longer Used.
|
|
P.1 Purpose
P.2 Applicability
P.3 Authority
P.4 References
P.5 Cancellation
1.1 Introduction
1.2 Role of the CIO in Managing IT
2.1 IT Governance/IT Authority Requirement
2.2 Background
2.3 IT Governance Roles and Responsibilities
2.4 IT Authority Roles and Responsibilities
3.1 IT Policy and Compliance Management Requirement
3.2 Background
3.3 IT Policy and Compliance Management Roles and Responsibilities
4.1 Enterprise Architecture and IT Planning Requirement
4.2 Background
4.3 Enterprise Architecture and IT Planning Roles and Responsibilities
5.1 IT Investment Management Requirement
5.2 Background
5.3 IT Investment Management Roles and Responsibilities
6.1 IT Infrastructure Management Requirement
6.2 Background
6.3 IT Infrastructure Management Roles and Responsibilities
7.1 Application Portfolio Management Requirement
7.2 Background
7.3 Application Portfolio Management Roles and Responsibilities
8.1 IT Security Management Requirement
8.2 Background
8.3 IT Security Management Roles and Responsibilities
9.1 IT Budget Management Requirement
9.2 Background
9.3 IT Budget Management Roles and Responsibilities
10.1 IT Workforce Management Requirement
10.2 Background
10.3 IT Workforce Management Roles and Responsibilities
11.1 E-Government Requirement
11.2 Background
11.3 E-Government Roles and Responsibilities
12.1 IT Reporting Requirement
12.2 Background
12.3 IT Reporting Roles and Responsibilities
This document establishes requirements and responsibilities for information technology (IT) Management relative to the policy set forth in NASA Policy Directive (NPD) 2800. IT is defined as any equipment or interconnected system(s) or subsystem(s) of equipment that is used in the automatic acquisition, storage, analysis, evaluation, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the Agency. By implementing IT procedures and requirements that are aligned with NASA`s Strategic Plan and integrated with its strategic management process, NASA seeks to make measurable improvements in mission performance, cost of program/project development and operations, and service delivery to the public through the strategic application of IT.
This NPR is applicable to NASA Headquarters and NASA Centers, including Component Facilities and Technical and Service Support Centers. This language applies to Jet Propulsion Laboratory (JPL), a Federally Funded Research and Development Center (FFRDC), other contractors, grant recipients, or parties to agreements only to the extent specified or referenced in the appropriate contracts, grants, or agreements.
a. 31 U.S.C. 1101 note, Government Performance and Results Act of 1993 (Public Law 103-62).
b. 40 U.S.C. 11101 et seq., Subtitle III, "Information Technology Management," revised, codified, and enacted as Title 40, United States Code, "Public Buildings, Property and Works" (Public Law 107-217). Previously codified as 40 U.S.C. 1401, et seq. and known as the "Clinger-Cohen Act of 1996."
c. 42 U.S.C. 2473(c)(1), Section 203(c)(1) of the National Aeronautics and Space Act of 1958, as amended.
d. 44 U.S.C. 3501 et seq., the Paperwork Reduction Act of 1995 (Public Law 104-13), as amended.
e. 44 U.S.C. 3535, Federal Information Security Management Act (FISMA) of 2002.
f. 44 U.S.C. 3601 et seq., E-Government Act of 2002 (Public Law 107-347), as amended.
g. Executive Order No. 13011, 61 Fed. Reg. 37,657 (July 16, 1996), Federal Information Technology.
h. OMB Circular No. A-11, Preparation, Submission, and Execution of the Budget.
i. OMB Circular No. A-119, Federal Participation in the Development and Use of Voluntary Consensus Standards and in Conformity Assessment Activities.
j. OMB Circular No. A-123, Management Accountability and Control.
k. OMB Circular No. A-130, Management of Federal Information Resources.
l. NPD 1000.3, The NASA Organization.
m. NPD 2800.1, Managing Information Technology.
n. NPD 2830.1, NASA Enterprise Architecture.
o. NPR 2830.1, NASA Enterprise Architecture Procedures.
a. NPD 1000.0, NASA Governance and Strategic Management Handbook.
b. NPR 1001.0, 2006 NASA Strategic Plan.
c. NPD 1382.17, NASA Privacy Policy.
d. NPD 1440.6, NASA Records Management.
e. NPR 1441.1, NASA Records Retention Schedules.
f. NPR 1600.1, NASA Security Program Procedural Requirements.
g. NPD 2190.1, NASA Export Control Program.
h. NPR 2190.1, NASA Export Control Program.
i. NPD 2810.1, NASA Information Security Policy.
j. NPR 2810.1, Security of Information Technology.
k. NPD 2820.1, NASA Software Policy.
l. NPD 7120.4, Program/Project Management.
m. NPR 7120.5, NASA Space Flight Program and Project Management Requirements.
n. NPR 7120.7, NASA Information Technology and Institutional Infrastructure Program and Project Management Requirements.
o. NPR 7120.8, NASA Research and Technology Program and Project Management Requirements.
Compliance with this document is verified via the IT governance and IT authority processes described in Chapter 2 of this document.
NPR 2800.1, date September 17, 2004.
/S/
Bobby L. German
Chief Information Officer (Acting)
Effectively and efficiently managing, preserving, protecting, and disseminating the information required to achieve, and resulting from, exploration and other NASA missions is vital to mission success. As well, seamless collaboration of the NASA workforce across multiple Centers will be vital in the planning, design, and development of mission-related capabilities and technology in the future. It is imperative that information technology (IT) at NASA be managed in a manner that enables the NASA mission and operating model, now and in the future.
This document is intended to provide a framework for IT management, decision-making, and planning and, in turn, serve as an avenue for the authoring of more in-depth documents (Standard Operating Procedures, NPRs, handbooks, etc.). Effective management of IT is characterized by IT that is aligned with the following NASA principles:
a. Mission Enabling: information technology at NASA serves to enable NASA?s mission.
b. Integrated: NASA will implement information technology that enables the integration of business (mission) processes and information across organization boundaries.
c. Efficient: NASA will implement information technology to achieve efficiencies and ensure that IT is efficiently implemented.
d. Secure: NASA will implement and sustain secure information technology solutions.
The NASA Information Resources Management (IRM) Strategic Plan, updated and published annually, describes the specific strategies, goals, and objectives required for the strategic management of information and IT, directly contributing to mission success for the Agency. While the overall objective of this policy document is the management of NASA IT in a manner that enables the NASA mission and operating model, the detailed objectives and activities for doing so change over time. Consequently, those detailed objectives and associated performance measures are documented annually in the IRM Strategic Plan.
As described in NPD 1000.3, The NASA Organization, the Office of the Chief Information Officer (OCIO), provides leadership, planning, policy direction, and oversight for the management of NASA information and all NASA IT in accordance with the responsibilities required by the Clinger-Cohen Act of 1996, the Paperwork Reduction Act of 1995, the E-Government Act of 2002, the Federal Information Security Management Act of 2002, and the Privacy Act of 1974. The Chief Information Officer (CIO) is the principal advisor to the Administrator and other senior officials on matters pertaining to information technology, the NASA Enterprise Architecture (EA), IT security, records management, and privacy. NPD 2800.1, Managing Information Technology, provides more detail concerning these responsibilities.
While NPD 1000.3 contains a complete list of OCIO responsibilities, of special importance for this document is the responsibility of the OCIO for management of NASA's IT systems as a joint responsibility with the NASA Centers, Mission Directorates, and Mission Support Offices. The Centers, Mission Directorates, and Mission Support Offices have responsibility for the applications, while the CIO has overarching responsibility for ensuring alignment of those applications with the NASA EA and for all aspects of the IT infrastructure in which those applications reside. Further, the OCIO manages an application portfolio management program in conjunction with Centers, Mission Directorates, and Mission Support Offices to ensure a robust, yet efficient, set of applications to enable the NASA mission.
Figure 1.1 illustrates this division of responsibilities as well as the important and distinct responsibility of the Mission Directorates in managing the Highly Specialized IT that is critical to the success of the Agency's missions. While Highly Specialized IT must conform to Agency IT policies established by the OCIO in areas such as IT security and EA, the management of Highly Specialized IT is the responsibility of the Mission Directorates. This document focuses primarily on the responsibilities of the OCIO in managing IT and on the OCIO interactions with the Mission Directorates and other Mission Support Offices in carrying out its responsibilities, for example in the area of relationship management as described in section 1.2.1.1. The requirements for managing Highly Specialized IT, aside from the OCIO NPD 1000.3 responsibilities noted above, are included in the policy documents established by the NASA Office of Chief Engineer, e.g., NPR 7120.5, NASA Space Flight Program and Project Management Requirements, and in those published by the individual Mission Directorates.
The OCIO carries out its responsibilities both via the Agency-level office resident at NASA Headquarters and via Center Offices of the CIO that are delegated responsibilities as described in this document.
1.2.1 Core Functions of Center CIO Organizations
The successful management of IT at NASA depends largely on the Center CIO organizations' ability to provide consistent, quality services, align technology with mission requirements, and ensure compliance with policy. The required organizational capabilities include not only the skills and competencies of the civil servants and supporting contractors that make up the CIO organization, but also the policies, governance structures, and process disciplines that guide and deliver the services and the platform for meaningful, ongoing communication between the CIO organization and the Mission Directorates, Mission Support Offices, and programs.
Figure 1.1 below highlights the core functions that are required under the NASA IT management model. These functions, and associated competencies, require execution in all Center CIO organizations.
Figure 1.1 Responsibilities for Managing IT at NASA
1.2.1.1 Relationship Management: The relationship management function acts as the primary interface between NASA customers and CIO organizations. Personnel performing the relationship management function (Relationship Managers (RM)) ensure alignment between customer expectations and CIO services. The RM is positioned as a well-respected partner by the customer and has insight into their strategic needs. Activities include collecting, analyzing, reviewing, documenting, and communicating mission and business needs and requirements to the CIO organization, defining and establishing service and support requirements, performing issue mediation and escalation, and reporting performance on services provided by the CIO organization. The RM coordinates with other IT service providers (e.g., contractors, vendors) to ensure customer needs are addressed and provides input into the IT portfolio management process.
The RM focuses on understanding the customer's needs. Changes to business processes, policies, and information systems are gathered, analyzed, communicated, and validated. The RM ensures requirements are communicated with clarity, completeness, and specificity between the CIO and the customer organization. The RM supports the initial development of business requirements for all solution development activities and works closely with solution developers to ensure developing solutions continue to meet business requirements. The RM is actively involved in coordinating with Innovation Management and Project Management for proof of concept and/or pilot development activities.
1.2.1.2 Governance and Policy: The governance and policy function oversees and ensures that decision making for IT investments, principles, and standards are clearly assigned and administered through established governance boards. The function defines and manages a full life-cycle IT governance process, including ensuring IT investments align with NASA mission and institutional requirements.
The governance and policy function manages the development, consolidation, and maintenance of IT-related policies and regulations. It ensures all policies are consistent, current, and accessible to the appropriate NASA staff. The function is responsible for coordination with subject matter experts to develop policy, guidance, and regulations. In addition, this function reviews policies, guidance, and regulations to ensure consistency and to avoid conflicts.
Finally, the governance and policy function implements and assesses effectiveness of internal controls consistent with OMB Circulars A-123 and A-130 and NASA policies.
1.2.1.3 Enterprise Architecture: The EA function leads and defines how NASA IT capabilities and systems are aligned with mission and institutional requirements, operations, and objectives. The function follows IT strategic planning methodology to align mission, program, and institutional objectives with IT projects and technology initiatives and measures NASA's performance toward goals established in the NASA Strategic Plan.
The EA function defines the current or "as-is" state, the planned or "to-be" state, the gap between the two states, and a plan for closing the gap. The function develops and updates the EA segments that represent a mission and institutional view of NASA's use of IT to meet program and service requirements. Other activities include developing and implementing architecture metrics and communications, conducting EA project and services reviews, and developing EA artifacts and guidelines.
The EA function establishes the technical and architecture standards that guide IT solution development and operational support activities. It documents the technologies that are acceptable for the current and future environment and facilitates IT Configuration Control Boards in the approval of software, hardware, and protocols. NPD 2830.1, NASA Enterprise Architecture, and NPR 2830.1, NASA Enterprise Architecture Procedures, provide more details on enterprise architecture requirements at NASA.
1.2.1.4 IT Security Management: The IT security management function ensures information technology security across NASA meets confidentiality, integrity, and availability objectives for data and information, including disaster recovery and continuity of operations for systems. It develops and maintains an information security program that ensures consistent security policy, identifies and implements risk-based security controls, and tracks metrics to gauge compliance and effectiveness. The function is responsible for performing audits and reviews to assess compliance with security and privacy policies and procedures. NPD 2810.1, NASA Information Security Policy, and NPR 2810.1, Security of Information Technology, provide more details on IT security requirements at NASA.
1.2.1.5 Innovation Management: The innovation management function researches and assesses emerging technologies to determine applicability to NASA requirements. Activities include conducting emerging technology pilots, research, evaluations, and predictive analysis of technology solutions. The function may maintain an "innovation laboratory" to assess new technologies and new ways to integrate IT at NASA in support of NASA's IT principles. The innovation management function teams with customer and support organizations to plot the course for technologies being evaluated and their readiness for deployment.
1.2.1.6 Performance Management: The performance management function manages the processes to ensure delivered services meet or exceed customer needs. The function coordinates the development, monitoring, and reporting of performance metrics associated with the CIO organization, CIO projects, and CIO services. It monitors performance against Service Level Agreements (SLA) and provides the relationship management function with customer-specific reports that assess performance against established goals and SLAs. This function also identifies performance gaps and conducts root cause analysis to recommend solutions to meet SLAs.
1.2.1.7 Project Management: The project management function ensures that development, modernization, and/or enhancement (DME) of IT systems are undertaken with the appropriate level of project management discipline in accordance with
NPR 7120.7, NASA Information Technology and Institutional Infrastructure Program and Project Management Requirements and Center project management processes. The project management function ensures the assignment of project managers with the appropriate level of knowledge, skills, and abilities to lead the project to successful completion. The function oversees the tracking of metrics relative to cost, schedule, performance, and risk to identify when the baseline has been significantly breached or when risks have not been sufficiently mitigated.
1.2.1.8 Service Management and Delivery: The service management and delivery function is responsible for providing IT infrastructure and applications services to customers in accordance with service level agreements developed by the service provider in collaboration with the customer organizations. Responsibilities include steady state operations and integration of services, help desk services, problem resolution, implementation of updates and new services, and sunsetting of legacy applications.
1.2.1.9 Resource Management: The resource management function develops and implements the financial services for IT planning and control and coordinates chargeback/cost recovery activities for CIO-provided services in conjunction with Chief Financial Officer (CFO) representatives. Activities include developing budget proposals, planning IT spending allocation, enhancing business case development, conducting financial modeling and cost accounting, and billing for services.
The resource management function in coordination with the Office of Human Capital Management oversees IT workforce planning and management; understands the current organization's staffing levels and skill sets; defines and develops the roles, responsibilities, skills, and competencies necessary to support objectives and investments; manages professional development and training activities to help NASA develop IT training curriculum and analyzes, develops, and maintains NASA IT resource policies, regulations, and procedures.
The resource management function helps develop the sourcing strategy, selects vendors, and builds an appropriate portfolio of internal and external service providers; manages contract life cycle and measures and manages vendor performance; and ensures the delivery of the specified outcomes is obtained in terms of performance commitments.
Finally, the resource management function manages and optimizes the cost, retention, and ultimate disposal of IT assets (hardware and software); ensures IT assets are identified and properly categorized and that plans are established to manage the full asset life cycle; manages the licensing associated with IT assets, leveraging enterprise-licensing economies of scale; and coordinates with service delivery function in the identification of assets and in the scheduling of life-cycle replacements, upgrades, etc.
As depicted in Figure 1.2, the relationship management and EA functions are critical functions in the relationship between CIO and customer organizations. Each NASA Center shall implement the model depicted in Figure 1.2. Variations of this model are authorized with the approval of the NASA CIO and the applicable Center Director, depending on Center size and program capabilities. The NASA Deputy CIO performs the relationship manager responsibilities within the Office of the NASA CIO, interfacing with Mission Directorate and selected Mission Support Office representatives to ensure relationship management, EA, and IT security functions are administered. Upon request of the Deputy CIO, Mission Directorates and selected Mission Support Offices shall identify an individual to represent their organization in the coordination of IT services and matters, including programmatic reporting.
As depicted in Figure 1.2, Center personnel performing the nine core functions identified in Section 1.1 shall be aligned within the Center CIO organization. Variations from this model are authorized with the approval of the NASA CIO and the applicable Center Director, depending on Center size and program capabilities.
Figure 1.2 Organization: Structure
NASA shall develop and maintain effective Agency IT governance structures and processes to ensure that IT strategy, investment, implementation, and operations decisions are integrated with organizational planning, budget, financial management, human capital management, and programmatic decisions and processes.
2.2.1 IT governance is a framework that encompasses the structures, inputs, outputs, activities, decision rights, and accountability necessary to facilitate the effective and efficient use of IT.
2.2.2 NASA's IT environment is organized into three major areas: IT infrastructure services, IT applications, and "Highly Specialized" IT, such as the technology that supports real-time control systems and onboard avionics. Figure 2.1 illustrates these three areas.
Figure 2.1: Organization of the NASA IT Environment
2.2.3 To address the wide-ranging decisions which occur throughout the life cycle of a nonhighly specialized IT investment, NASA employs a three-board governance model where each board has a clear set of responsibilities as well as interfaces to the other governing bodies. The three-board IT governance model (Figure 2.2) provides complete coverage of the NASA Program and Project Life Cycle and can be implemented at the Centers with variations based on local requirements. Each of these life-cycle phases has associated with it unique milestones and metrics that require different activities and therefore different memberships.
Figure 2.2: IT Governance Board Structure
It is possible that programs and projects governed by NPR 7120.5, NASA Space Flight Program and Project Management Requirements, or NPR 7120.8, NASA Research and Technology Program and Project Management Requirements, will have systems under development with both highly specialized and nonhighly specialized IT components, which must be developed and integrated under a unified management structure to ensure technical and programmatic success. Such IT components embedded in programs and projects will also comply with policies and other technical requirements to ensure systems and capabilities being developed align with Agency requirements and direction for IT architectures, policies, procedures, standards, guidelines, and practices. The OCIO will work with the Mission Directorate or Mission Support Office responsible for the program or project to identify such embedded IT components and define boundaries and interfaces for inclusion in IT management processes. The OCIO will also coordinate with the appropriate governing body required by NPR 7120.5, or NPR 7120.8, as described in Section 2.3 of this document to reflect those interactions.
2.2.4 IT Governance Board Responsibilities and Membership
2.2.4.1 IT Strategy and Investment Board (SIB): Decisions regarding IT strategy and resultant policies, significant IT investments (prioritization and approval), and the NASA EA. Members include senior-level stakeholders from Mission Directorates, Mission Support Offices, and Centers.
2.2.4.2 IT Program Management Board (PMB): Decisions regarding application and infrastructure projects to ensure that investments approved by the IT Strategy and Investment Board stay on track during formulation, design, and implementation. Members include the Deputy CIO, one or more IT SIB representatives for continuity, IT Management Board (ITMB) Chair, EA Lead, representatives from Mission Directorates, Mission Support Offices, and Centers.
2.2.4.3 IT Management Board (ITMB): Decisions regarding management of the IT technical environment at NASA to implement IT strategy, policy, and investment initiatives, including configuration management, integration, and performance of IT systems. Members include the Associate CIO for Architecture and Infrastructure, Center CIOs, the Deputy CIO for IT Security, and the EA Lead. Mission Directorates may provide a representative at their discretion.
2.2.5 NPD 1000.0, NASA Governance and Strategic Management Handbook, describes Mission Support Authorities as the designated "official voices" of their institutional areas and the associated requirements established by NASA policy, law, or other external mandate. These authorities are asserted through leadership, horizontally (across Headquarters) and vertically (Headquarters to Centers and within Centers).
2.2.5.1 The NASA CIO exercises Mission Support Authority for IT and is the "IT Authority." The corresponding process is designated as IT authority (where "authority" is not capitalized, to distinguish between the process and the person exercising the authority).
2.2.5.2 The need for IT authority stems from the inclusion and importance of IT in almost all Agency programs and projects. The scope of IT authority includes all IT with the exception of software engineering. The Office of the Chief Engineer establishes policy and technical standards for software engineering and has included software engineering in its engineering technical authority process. The Office of Safety and Mission Assurance establishes the policy and technical standards for software safety and software assurance and has included software safety and software assurance in its safety and mission assurance technical authority process.
2.2.5.3 Two processes, policy establishment and policy compliance, support IT authority.
2.2.5.3.1 The Agency CIO is responsible for establishing IT policies and technical standards, with the concurrence of the Mission Directorates, other Mission Support Offices, and the Centers, as appropriate.
2.2.5.3.2 The policy compliance process provides assurance that IT fully supports the Agency's missions in a way that is strategically-grounded and cost-effective, and in accordance with NASA IT policies and technical standards.
2.3.1 The NASA CIO shall sponsor, organize, and provide logistical support for the NASA IT SIB, IT PMB, and ITMB.
2.3.2 The NASA CIO shall chair the IT SIB and shall serve as the Decision Authority for programs and projects overseen by the IT PMB.
2.3.3 Mission Directorate Associate Administrators (AAs), Officials-in-Charge of Mission Support Offices, and Center Directors shall ensure that proposed investments for IT are brought before the IT SIB for consideration and approval when annual investments meet or exceed the defined criteria identified in the SIB charter. The criteria are defined in the IT SIB charter available in the NASA Directives (NODIS).
2.3.4 The NASA CIO shall ensure that modifications to the NASA EA and new or modified NASA-wide IT policies/processes are brought before the IT SIB for its consideration and approval.
2.3.5 Mission Directorate AAs, Officials-in-Charge of Mission Support Offices, and Center Directors shall ensure that programs and projects in the scope of NPR 7120.7, NASA Information Technology and Institutional Infrastructure Program and Project Management Requirements, are brought before the IT PMB for its oversight.
2.3.6 Mission Directorate AAs, Officials-in-Charge of Mission Support Offices, and Center Directors shall ensure that operational activities that meet or exceed the criteria contained in the ITMB charter are brought before the ITMB for its oversight.
2.3.7 Center Directors shall ensure that an IT governance structure that corresponds or can be mapped to the Agency-level structure described above is established, executed, and maintained at their Centers.
2.4.1 The NASA CIO shall serve as the NASA IT Authority and be responsible for the IT authority process.
2.4.2 The NASA CIO or designee shall have the authority to review and approve all nonhighly Specialized IT content (including both IT products and services) in Requests for Proposals (RFPs) for Agency-level procurements before they are issued, even if the end product of the procurement is not IT.
2.4.2.1 The NASA CIO shall coordinate with the Office of Procurement to ensure that contract clauses are reflective of NASA IT policy and that Agency acquisitions include applicable clauses.
2.4.3 Center CIOs or designees shall have the authority to review and approve all nonhighly Specialized IT content (including both IT products and services) in RFPs for Center-level procurements before the RFPs are issued, even if the end product of the procurement is not IT.
2.4.4 The NASA CIO shall have the authority to review and approve nonhighly Specialized IT content in new task orders, delivery orders, and change orders for all NASA-wide contracts, even if the end product of the contract is not IT.
2.4.5 The Center CIO shall have the authority to review and approve nonhighly Specialized IT content in new task orders, delivery orders, and change orders for all Center contracts, even if the end product of the contracts is not IT.
NASA shall manage, develop, and/or enforce applicable Federal and Agency policies, procedures, standards, and guidelines related to IT investments throughout the investments' life cycle. Applicable policy, procedures, standards, and guidelines include the management, use, availability, accessibility, integrity, privacy, disclosure, and preservation and disposal of records, information, and information systems.
3.2.1 NASA's IT policy is intended to implement and communicate the Agency's IT strategy in a manner that also meets requirements of Federal statutes, regulations, and other directives. Due to the rapid progression of information technology capabilities and the dynamic regulatory environment, NASA utilizes a combination of mechanisms to maintain a controlled IT environment in pace with the degree of change. In addition to NPDs and NPRs (per NPR 1400.1, NASA Directives Procedural Requirements), the NASA CIO uses NASA Interim Directives (NIDs) to communicate requirements, policy, and compliance requirements that shall be implemented immediately or for short-term use. Per NPR 1400.1, NIDs include policy memorandums or any other issuance intended to impose policy or requirements at the Agency level. NASA IT Requirements (NITRs) are forms of NIDs within the IT policy arena. NASA CIO memoranda are also forms of NIDs, when so designated in the subject line of the memorandum.
3.3.1 NASA CIO Responsibilities
3.3.1.1 The NASA CIO shall develop policy in accordance with NPR 1400.1 (NASA Directives Procedural Requirements), including the issuance of NIDs, to implement NASA IT strategy and to ensure NASA compliance with Federal requirements.
3.3.1.2 The NASA CIO shall implement measures to periodically assess compliance with NASA IT policy in accordance with NASA internal control requirements.
3.3.1.3 The NASA CIO shall develop NITRs in accordance with Standard Operating Procedure (SOP) ITS-SOP-0004, "NASA's Information Technology Requirement (NITR) Procedures."
3.3.2 Center CIO Responsibilities
3.3.2.1 Center CIOs shall take measures to implement NASA IT policy, including NIDs, to the extent applicable at their Center.
3.3.2.2 Center CIOs shall implement measures to periodically assess compliance with NASA IT policy at their Centers in accordance with NASA internal control requirements.
3.3.3 The NASA CIO, in coordination with the Office of Procurement, shall ensure that NASA IT policy is reflected in procurements and other acquisitions for programmatic and institutional products and services.
3.3.4 The NASA Deputy CIO for IT Security shall be responsible for maintaining ITS-SOP-0004, "NASA's Information Technology Requirement (NITR) Procedures."
NASA shall develop, maintain, and implement the NASA Enterprise Architecture (EA), Information Resources Management (IRM) Strategic Plan, and other plans, standards, models, documents, and guidance that define the NASA IT environment.
4.2.1 NASA's EA establishes the road map to achieve the Agency's mission through the optimal performance of business, service, and technical processes. It is the explicit description and documentation of the current and desired relationships among business and management processes and information technology.
4.2.2 The IRM Strategic Plan ensures that the Agency's IRM strategy is in alignment with NASA's vision, mission, and strategic goals. It is a companion document to the NASA EA and is a mechanism for documenting and communicating the NASA CIO's execution strategy.
4.2.3 Other IT plans, standards, models, documents, and guidance provide requirements and tactical direction to the Agency in meeting the goals of the NASA EA and the IRM Strategic Plan.
4.3.1 The NASA CIO shall ensure the development, maintenance, and communication of a NASA EA and NASA IRM Strategic Plan that supports the Agency's missions and objectives.
4.3.2 The NASA CIO shall ensure that Agency-wide IT initiatives are consistent with the NASA EA and the NASA IRM Strategic Plan.
4.3.3 The NASA Chief Enterprise Architect shall develop, maintain, and communicate the NASA EA.
4.3.4 The Mission Directorate AA shall ensure the development, maintenance, and communication of segment architectures that are consistent with the NASA EA.
4.3.5 Center CIOs shall ensure that Center-level Enterprise Architectures and segment architectures are consistent with the NASA EA.
4.3.6 Center CIOs shall ensure that Center-level IT initiatives and Center-level implementations of Agency-wide IT initiatives are consistent with the NASA EA, Mission Directorate Segment Architectures, and Center Enterprise Architectures.
4.3.7 NASA IT plans, standards, models, documents, and guidance shall be consistent with the NASA Enterprise Architecture and IRM Strategic Plan.
4.3.8 NASA programs, projects, and activities shall adhere to the requirements of NASA IT Technical Standards that are designated as mandatory by the NASA CIO for non-Highly Specialized IT unless waived.
NASA shall ensure that IT investments are selected, controlled, and evaluated through effective IT governance, investment management, and program/project management processes.
5.2.1 Effective IT investment management is important at NASA due to the size of the IT investment portfolio. With a significant portion of the Agency budget allocated to IT, it is important to ensure that IT investments enable the NASA mission, are integrated and secure, provide efficiencies, and are efficiently implemented. Further, it is important that IT investments be assessed and approved at a level commensurate with the size of the investment to minimize unnecessarily duplicative infrastructure and applications.
5.3.1 NASA CIO Responsibilities
5.3.1.1 The NASA CIO shall maintain a process and system for collecting and analyzing IT investment information.
5.3.1.2 The NASA CIO shall ensure the investment management system collects the information required to comply with OMB Circular A-11, Exhibits 53 and 300 reporting requirements.
5.3.1.3 The NASA CIO shall provide sufficient information to governing boards and councils to effect assessment and approval of IT investments.
5.3.1.4 The NASA CIO shall ensure integration of Agency IT governance, investment management, and program/project management processes under NPR 7120.7 to facilitate the selection of appropriate IT investments and ensure appropriate program and project control.
5.3.1.5 The NASA CIO shall evaluate a subset of IT investments on an annual basis to confirm achievement of proposed benefits.
5.3.2 Center CIO Responsibilities
5.3.2.1 Center CIOs shall coordinate the collection, analysis, and input of IT program and institutional investment data at their Center in accordance with NASA CIO guidance.
5.3.2.2 Center CIOs shall evaluate Center IT projects within six months after completion of implementation to determine the extent to which planned benefits are realized.
5.3.3 NASA Center Directors shall implement processes at the Center-level to assess and approve IT investments to maximize the benefit of IT investments.
5.3.4 The NASA Chief Enterprise Architect shall assess, on an annual basis, a subset of EA Project Reviews and Enterprise Architecture Service Reviews from across the NASA Centers in compliance with NPR 2830.1, NASA Enterprise Architecture Procedures, requirements, and facilitate assessments of the effectiveness of integration and interoperability for investments that cross centers and programs.
5.3.5 Center Enterprise Architects shall ensure EA Project Reviews and Enterprise Architecture Service Reviews are conducted in accordance with NPR 2830.1, NASA Enterprise Architecture.
NASA shall manage the IT infrastructure as an integrated end-to-end service to improve security, efficiency, and inter-Center collaboration.
6.2.1 NASA's IT Infrastructure consists of the hardware, software, and processes that together deliver fundamental IT capabilities in support of NASA users, application systems, and data.
6.2.2 NASA's IT model divides Infrastructure into four categories: End User Services, Communications Services, Data Center Services, and Infrastructure Applications.
6.2.3 NASA's strategic approach to the management of infrastructure is to treat all cross-Center or cross-project infrastructures as a set of unified, enterprise-wide services throughout their life cycle from formulation to operation; and to manage the remaining single Center- or project specific infrastructure using the enterprise approach for formulation and a federated model for implementation and operation. This approach is illustrated in Figure 6.1.
6.2.4 Consolidation of infrastructure decision making and oversight in the OCIO does not necessarily imply the physical consolidation or centralization of infrastructure technology, although there may be instances where centralization and/or consolidation of infrastructure will be required to support NASA's goals.
Figure 6.1 Formulation, Implementation and Operations Model
6.3.1 The NASA CIO shall be responsible for all aspects of the management of the NASA IT Infrastructure.
6.3.2 The NASA CIO shall ensure that NASA's IT Infrastructure is managed to meet the NASA IT Infrastructure principles as follows:
6.3.2.1 Mission Enabling. The infrastructure shall provide end-to-end capabilities that meet NASA's current mission IT needs and flexibly accommodate changing mission requirements over time.
6.3.2.2 Integrated. The infrastructure shall enable seamless collaboration across Centers and provide users with a common user experience regardless of location or organizational alignment.
6.3.2.3 Efficient. The infrastructure shall provide NASA users, systems, and data with modular, interoperable services that support the efficient execution of NASA's missions.
6.3.2.4 Secure. NASA's infrastructure services shall be formulated and operated in a way that protects the confidentiality, integrity, and availability of NASA data and resources.
6.3.3 The Center CIOs shall be responsible for ensuring that all aspects of the IT Infrastructure at their respective Centers are managed in accordance with the model described above.
6.3.4 NASA Center Directors shall support their Center CIOs in executing the IT Infrastructure management model described above.
6.3.5 The NASA Chief Enterprise Architect and Center Chief Enterprise Architects shall ensure that the Agency Enterprise Architecture and Center Enterprise Architectures, respectively, promote the management of the NASA IT Infrastructure in accordance with the principles described above.
NASA shall develop and maintain an application portfolio management process to drive application standardization and efficiency.
7.2.1 Application Portfolio Management (APM) is a process that organizes applications into relevant portfolio categories so their performance can be assessed. The objective of APM is to leverage a portfolio view of existing IT application assets throughout NASA to improve the performance of the individual assets within the portfolio as well as the performance of the portfolio as a whole.
7.2.2 NASA utilizes a portfolio management approach to establish and maintain the applications baseline and identify gaps in capability and opportunities for consolidation. This information supports application investment decisions.
7.2.3 NASA has defined four application portfolios:
a. Science and Engineering applications, which enable the use of scientific knowledge and the utilization of natural laws and physical resources in order to design and implement materials, structures, machines, devices, systems, and processes that realize a desired objective and meet specified criteria. Sample subportfolios include Analysis & Statistics tools (e.g., structural/thermal, forensics, mathematical, etc.), Visualization tools (e.g., graphic charting, Computer-Aided Design (CAD), multimedia, etc.) and Knowledge Discovery tools (e.g., data mining, modeling, and simulation).
b. Project Management applications, which enable the planning, organizing, and managing of resources to bring about the successful completion of specific project goals and objectives. Sample subportfolios include Management of Process tools (e.g., configuration management, risk management, quality management, requirements management, etc.).
c. Business Management applications, which enable the management of business functions and organizational activities to maintain continuity across the business and value-chain participants and the management of enterprise planning and transactional-based functions. Sample subportfolios include Financial Management tools (e.g., payroll, billing and accounting, internal controls, etc.), Human Capital Management tools (e.g., skills management, career development and retention, benefits management, etc.), Knowledge Management tools (e.g., information mapping/taxonomy, categorization, etc.) and Asset/Supply Chain Management tools (e.g., property/asset management, facilities management, etc.).
d. Infrastructure applications, which include all IT applications that enable e-mail, instant messaging, collaborative workgroup services, help desk services, data dictionary, directory services and any other services focused on facilitating access to information. Sample subportfolios include Collaboration tools (e.g., e-mail, calendaring, threaded discussions, etc.), Communications tools (e.g., instant messaging, audio, and video conferencing, etc.) and Customer Relationship Management tools (e.g., call Center management, customer surveys, etc.).
7.3.1 The NASA CIO shall work with the Offices of Program Analysis and Evaluation and the Chief Engineer to develop an APM process that organizes the Agency's investments in IT tools and applications to ensure integration and eliminate unnecessary duplication.
7.3.2 The NASA CIO shall establish, own, facilitate, and continuously improve the APM process, database, and performance reporting (such as a balanced scorecard) to the IT SIB and appropriate Agency councils (OMC, PMC, SMC).
7.3.3 The NASA CIO shall be responsible for ensuring that the IT Application Portfolios are in alignment with the NASA mission and strategy as well as compliant with NASA IT Security policy.
7.3.4 The NASA CIO shall evaluate annually the IT Application Portfolios to determine how well they perform from a current and future business perspective, from an architectural perspective (full life-cycle view from inception through sunset), from a technical/operations and maintenance perspective, and from a financial/efficiency performance perspective.
7.3.5 Business area owners (e.g., Chief Engineer, Chief Financial Officer, etc.) shall own portfolio/subportfolio assets and define the requirements for the functionality and service levels required for the use of the assets.
7.3.6 Both business area owners and the NASA CIO shall agree on performance standards for the entire portfolio of assets (e.g., filling-in business capability gaps, reducing redundant capabilities, etc.).
7.3.7 The NASA CIO and business area owners shall jointly address deficiencies found during the annual assessment.
7.3.8 Center Application Portfolio Managers shall work with the NASA CIO to facilitate the process of assessing Center applications against criteria and overall portfolio performance objectives.
NASA shall ensure the appropriate confidentiality, integrity, and availability of information residing on, or processed by, NASA's automated information systems through implementation and enforcement of risk-based policies, procedures, standards, guidelines, control techniques, and training mechanisms.
8.2.1 NASA is highly dependent upon its computer systems and the information they contain for the success of its missions. Security threats to NASA's and other agencies' IT assets are increasing in number, complexity, and severity. Responding to these threats requires a robust IT security program that, while protecting NASA's systems and information, does not impede the Agency's use of IT to accomplish its mission.
8.2.2 The Office of the CIO has issued policy in the form of NPR 2810.1, Security of Information Technology, as well as SOPs and management letters that are responsive to the rapidly-developing IT security threat environment, as well as to Congressional and OMB direction for Government-wide response.
8.3.1 The NASA CIO shall ensure that policies that address both external and internal IT security threats are developed and maintained.
8.3.2 The Deputy CIO for IT Security shall develop and maintain NASA IT security policies.
8.3.3 Center CIOs shall ensure that NASA IT security policies are implemented at their Centers.
8.3.4 Program and project managers shall implement the requirements of NASA IT security policies in their programs and projects.
NASA shall implement Agency planning, programming, budgeting and execution, and program and project management processes to formulate, implement, and operate Agency IT services and initiatives.
9.2.1 Budgeting for IT projects and services occurs in concert with the Agency planning, programming, budgeting, and execution (PPBE) process. For IT, the NASA CIO provides strategic planning guidance and program resource guidance for Centers and programs to use in developing annual IT budget requests that support Agency IT strategy and services. Center CIOs budget for IT services to support NASA CIO strategy and priorities, as well as local mission requirements. Issues are resolved through the PPBE process.
9.3.1 NASA CIO Responsibilities
9.3.1.1 The NASA CIO shall support the NASA PPBE process and schedule, including providing input relative to NASA IT strategy and priorities into strategic planning guidance and program resource guidance documents.
9.3.1.2 The NASA CIO shall review Center budget submissions on an annual basis to ensure alignment with Agency strategy and priorities.
9.3.1.3 The NASA CIO shall work collaboratively with Centers and programs to resolve identified budget issues.
9.3.2 Center CIO Responsibilities
9.3.2.1 Center CIOs shall budget for IT capabilities at the Center level in accordance with the NASA PPBE process.
9.3.2.2 Center CIOs shall submit budget information and supporting documentation for NASA CIO review, as requested.
9.3.3 NASA Center Directors shall ensure IT budget management support is provided to the NASA CIO for program and institutional organizations.
NASA shall ensure appropriate competency of its Civil Servant IT workforce through training, mentoring, and professional development and further ensure that required skills are identified, developed, recruited, retained, and available to support Agency activities.
IT is an integral part of almost every NASA program and project. This inherent dependence on IT systems for all aspects of mission success drives a corresponding dependence on a highly skilled IT workforce. A strong IT workforce is a critical enabling element for accomplishing the Agency's mission and strategic goals.
Figure 10.2 below illustrates the key functions required for the IT workforce. Chapter 1.2.1 describes each of the functions and the competencies associated with performing the core functions.
Figure 10.2 Key IT Workforce Functions
10.3.1 NASA CIO Responsibilities
10.3.1.1 The NASA CIO shall establish and maintain a highly skilled IT workforce that is aligned with NASA's vision and mission, and that meets the Agency's responsibility in the management and use of information and information technology.
10.3.1.2 In collaboration with the Office of Human Capital Management, the NASA CIO shall ensure a highly skilled IT workforce by identifying critical competencies and skills, conducting a gap analysis on a regular basis, and developing and executing a strategy for matching Agency needs for IT with the required workforce skills.
10.3.1.3 The NASA CIO shall ensure the hiring of the appropriate IT skill sets, the appropriate training and development opportunities, and the implementation of processes and tools to ensure the health of the Agency's IT workforce.
10.3.2 Center CIO Responsibilities
10.3.2.1 Center CIOs shall establish and maintain at their Centers a highly skilled IT workforce in each of the key competency areas shown in Figure 10.2-1.
10.3.2.2 In collaboration with their Center Office of Human Capital Management, Center CIOs shall conduct a gap analysis on a regular basis and develop and execute a strategy for matching Center needs for IT with the required IT workforce skills.
10.3.2.3 Center CIOs shall assure at the Center level the hiring of the appropriate IT skill sets, the appropriate training and development opportunities, and the implementation of processes and tools to ensure the health of the Center's IT workforce.
NASA shall conduct E-Government (E-Gov) activities, represent the Agency in Federal activities involving IT or information management, and ensure the successful completion of actions related to these areas.
In the fall of 2001, the Office of Management and Budget (OMB) and Federal agencies identified 24 E-Gov initiatives which were approved by the President's Management Council. Examples of these initiatives include citizen tax filing, Federal rulemaking, and electronic training. E-Authentication is a separate initiative that provides secure and robust authentication services to the 24 Initiatives. In the spring of 2004, OMB announced the formation of five Line of Business (LoB) task forces.
Additional LoBs were established in 2005 and 2006, bringing the total number of LoBs to nine. The LoBs were identified through a comprehensive analysis of agencies' EA data seeking to determine common solutions and methodologies in order to improve service delivery to agencies, increase operational efficiencies, and decrease unnecessary duplication in common administrative areas.
11.3.1 NASA CIO Responsibilities
11.3.1.1 The NASA CIO is the primary interface with OMB regarding E-Gov initiatives and shall negotiate and commit on behalf of the Agency a set of initiatives and milestones that are in the best interest of the Agency and Federal Government.
11.3.1.2 The NASA CIO is responsible for monitoring the implementation of IT standards promulgated by the Secretary of Commerce, including common standards for interconnectivity and interoperability, categorization of Federal Government electronic information, and computer system efficiency and security.
11.3.1.3 The NASA CIO shall coordinate with NASA functional owners the implementation of E-Gov initiatives.
11.3.1.4 The NASA CIO shall negotiate memoranda of understanding, including fees, with other agencies serving as managing partners for E-Gov initiatives.
11.3.1.5 The NASA CIO shall budget for E-Gov fees on an annual basis.
11.3.1.6 The NASA CIO shall coordinate and negotiate budgeting for the implementation costs of E-Gov initiatives with functional owners and resolve any disconnects through the NASA PPBE governance process.
11.3.1.7 The NASA CIO shall ensure an adequate degree of coordination, communication, planning, and guidance to NASA organizations responsible for implementing E-Gov initiatives.
11.3.2 Mission Directorates and Mission Support Offices with functional ownership of an E-Gov initiative or Line of Business shall coordinate with the NASA CIO to ensure implementation of these initiatives.
11.3.3 Office of Procurement Responsibilities
11.3.3.1 The Office of Procurement shall work with the NASA CIO to ensure that NASA is not duplicating the E-Gov initiatives and LoBs.
11.3.4 Center CIO Responsibilities
11.3.4.1 Center CIOs are responsible for ensuring local implementation of E-Gov initiatives and LoBs.
11.3.4.2 Center CIOs shall plan and implement the Federal E-Gov initiatives in accordance with guidance and milestones developed by the NASA CIO.
11.3.4.3 Center CIOs shall coordinate sunsetting of capabilities that are duplicative of E-Gov initiatives and LoBs.
NASA shall report its IT and information management activities to the Office of Management and Budget (OMB), Congress, the Government Accountability Office, and other external oversight organizations, as required.
Various laws, regulations, and directives (e.g., E-Government Act, Federal Information Security Management Act (FISMA), Paperwork Reduction Act, etc.) require periodic reporting regarding the planning and implementation of IT at NASA. Consistent and coordinated reporting at the Agency level is essential.
12.3.1 NASA CIO responsibilities
12.3.1.1 The NASA CIO shall serve as the central coordinator for external IT-related reporting.
12.3.1.2 The NASA CIO shall coordinate responses and reports to external entities with appropriate offices within the Agency, including NASA Centers and Headquarters Offices.
12.3.1.3 The NASA CIO shall endeavor to limit the number of data calls required to prepare reports and respond to reporting requirements.
12.3.2 Center CIO responsibilities: Center CIOs shall analyze and respond in a timely manner to data calls and other requests of the NASA CIO for information required to meet reporting requirements.
Acquisition — The process for obtaining the systems, research, services, construction, and supplies that NASA needs to fulfill its mission.
Agency-Level Procurement — Procurement actions that meet the criteria of NASA FAR Supplement 1807.7101 and are listed under the Agency's Master Buy Plan.
Application — The use of information resources (information and information technology) to satisfy a specific set of user requirements (reference OMB A-130). Also, a set of computer commands, instructions, and procedures used to cause a computer to process a specific set of information. Applications software does not include operating systems, generic utilities, or similar software that are normally referred to as "system software."
Approval — The acknowledgement by the responsible official that the program/project has met expectations and formulation requirements and is ready to proceed to implementation.
Architecture — The structure of components, their interrelationships, and the principles and guidelines governing their design and evolution over time.
Business Architecture — Defines what, where, and by whom the work of the Agency is performed. As the knowledge base for the EA, the Business Architecture provides a business-driven approach for determining the proper information, applications, and IT required by the enterprise.
Component Facilities — Complexes that are geographically separated from the NASA Center or institution to which they are assigned.
Concurrence — The individual(s) reviewing and providing agreement within their span of responsibility of a document, product, or service that has yet to be approved.
Contract — A mutually binding legal relationship obligating the seller to furnish the supplies or services (including construction) and the buyer to pay for them. In addition to bilateral instruments, contracts include, but are not limited to: awards and notices of awards; job orders or task letters initiated under basic ordering agreements; letter contracts; orders, such as purchase orders, under which the contract becomes effective by written acceptance or performance; and bilateral contract modifications.
Customer — Any individual, organization, or other entity to which a program or project provides a product(s) and/or service(s).
Data Architecture — Provides an understanding of what information is needed to effectively execute the enterprise's business processes and provides a framework for effectively managing the enterprise's information environment. Data Architecture links information behavior (i.e., accessing, using, and sharing data), information management processes, and information support staff to other aspects of the enterprise.
Enterprise — An organization or cross-organizational entity supporting a defined business scope and mission. An enterprise includes interdependent resources (i.e., people, organizations, and IT) that shall coordinate their functions and share information in support of a common mission or set of related missions.
Enterprise Architecture — An explicit description and documentation of the current and desired relationships among business and management processes and information technology. An EA includes principles, an architecture framework, a technical standards profile, current and target architectures, and a transition strategy to move from the current to target architecture (reference NPR 7120.5, NASA Space Flight Program and Project Management Requirements).
Governance — Leadership and organizational structures and processes that ensure that the organization's IT sustains and extends the organization's strategies and objectives (reference IT Governance Institute).
Highly Specialized Information Technology — Highly Specialized IT is a part of, internal to, or embedded in a mission platform. The platform's function (e.g., avionics, guidance, navigation, flight controls, simulation, radar, etc.) is enabled by IT but not driven by IT itself (e.g., computer hardware and software to automate internal functions of a spacecraft or spacecraft support system such as spacecraft control and status, sensor signal and data processing, and operational tasking.) Highly Specialized IT acquisitions may include full development (where the information technology is a primary issue) to modification of existing systems (information architecture is firm and demonstrated in an operational environment) where information technology is not an issue. Real time is often critical — and few opportunities exist to use Commercial Off The Shelf (COTS) or Government Off The Shelf (GOTS) beyond microprocessors and operating systems because these systems are largely unprecedented or largely unique applications. Certain IT considered Mission Critical because the loss of which would cause the stoppage of mission operations supporting real—time on—orbit mission operations is identified as "Highly Specialized" by the Directorate Associate Administrator. Highly Specialized IT is largely custom, as opposed to COTS or commodity IT systems or applications, and includes coding/applications that are integral parts of the research or science requirements, e.g., Shuttle Avionics Upgrade. Common engineering IT tools such as Product Life cycle Management (PLM) systems, Computer-Aided Design (CAD) systems, and collaborative engineering systems and environments are not Highly Specialized IT.
Representative Examples of Highly Specialized IT include: Avionics software, real-time control systems, onboard processors, Deep Space Network, spacecraft instrumentation software, wind tunnel control system, human physiology monitoring systems, ground support environment, experiment simulators, Mission Control Center and Launch cameras.
Information Technology (IT) — Any equipment or interconnected system(s) or subsystem(s) of equipment that is used in the automatic acquisition, storage, analysis, evaluation, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the Agency (reference FAR 2.101).
IT Infrastructure — Hardware, software, and processes that together deliver fundamental IT capabilities in support of NASA users, application systems, and data.
Investment — Resources, usually funding, along with a decision on how to apply those resources that results in a capability, product or service that helps NASA achieve its Mission. Generally, the benefits of an investment exceed the cost of the investment.
Mission Directorate — Primary implementer of a NASA mission area. Each Mission Directorate is led by an Associate Administrator who leads their respective mission area. Listed in the order they appear on the NASA organizational chart, the current Mission Directorates are as follows: Aeronautics Research Mission Directorate, Exploration Systems Mission Directorate, Science Mission Directorate, and Space Operations Mission Directorate.
Mission Support Office — Headquarters organizations that establish and disseminate policy and leadership strategies within assigned areas of responsibility in support of all NASA programs and activities. Refer to NPD 1000.3, The NASA Organization, for the list of offices included in this designation. As used in this document, the term refers to any Headquarters nonMission Directorate office that initiates a program or project.
Program — Strategic investment by a Mission Directorate or Mission Support Office that has a defined architecture and/or technical approach, requirements, funding level, and a management structure that initiates and directs one or more projects. A program defines a strategic direction that the Agency has identified as critical.
Project — Specific investment having defined requirements, a life-cycle cost, a beginning, and an end. A project yields new or revised products that directly address NASA's strategic needs.
Segment Architecture — An integral component of the Agency Enterprise Architecture, a Segment Architecture provides a more focused and more detailed examination of a portion of the Agency mission. A Segment Architecture answers the question, "How does a given investment support or contribute to mission performance?" To answer this question, a Segment Architecture must identify and describe either a line of business or primary activity in context, showing as many relationships, dependencies, roles and performance measures as necessary to accurately characterize all investments. A Segment must maintain a clear line of sight between segment activities, other segments, and organization goals. Current and target states must be represented, in order that a gap analysis can be performed, and a transition strategy developed.
System — Combination of elements that function together to produce the capability required to meet a need. The elements include all hardware, software, equipment, facilities, personnel, processes, and procedures needed for this purpose.
| AA | Associate Administrators | |
| APM | Application Portfolio Management | |
| CAD | Computer-Aided Design | |
| CAM | Control Account Manager | |
| CIO | Chief Information Officer | |
| COTS | Commercial Off-the-Shelf | |
| DME | Development, Modernization, and/or Enhancement | |
| E-Gov | Electronic Government | |
| EA | Enterprise Architecture | |
| FAR | Federal Acquisition Regulation | |
| FISMA | Federal Information Security Management Act | |
| GOTS | Government Off-the-Shelf | |
| IRM | Information Resource Management | |
| IT | Information Technology | |
| ITMB | Information Technology Management Board | |
| JPL | Jet Propulsion Laboratory (an FFRDC) | |
| LoB | Lines of Business | |
| NID | NASA Interim Directive | |
| NITR | NASA Information Technology Requirement | |
| NODIS | NASA Online Document Information System | |
| NPD | NASA Policy Directive | |
| NPR | NASA Procedural Requirement | |
| OCIO | Office of the Chief Information Officer | |
| OMB | Office of Management and Budget | |
| OMC | Operations Management Council | |
| PLM | Product Life-Cycle Management | |
| PMB | Program Management Board | |
| PMC | Program Management Council | |
| PPBE | Planning, Programming, Budgeting, and Execution | |
| RFP | Request for Proposal | |
| RM | Relationship Manager | |
| SIB | Strategy and Investment Board | |
| SLA | Service Level Agreement | |
| SMC | Strategic Management Council | |
| SOP | Standard Operating Procedures |