Subject: NASA Enterprise Protection Program (w/Change 1)

Responsible Office: Associate Administrator

Chapter 1. Introduction

1.1 Background

1.1.1 Current trends in the proliferation of technology and technical information, accessibility to space, globalization of space programs and industries, and foreign knowledge about U.S. space and aeronautical systems increase the threat environment to NASA flight systems, ground systems, and supporting infrastructure. This heightened threat environment increases the possibility that NASA flight systems, ground systems, and supporting infrastructure could be subject to a disrupted, degraded, or denied environment, or a direct attack, through a variety of means and methodologies.

1.1.2 To address these challenges, the NASA Associate Administrator established the position of PAEP, as well as the EPP and the EPB. The PAEP is a direct report to the Associate Administrator and provides advice and recommendations regarding the protection of the NASA enterprise, especially for cross-Agency or complex threats to flight systems, ground systems, or infrastructure. The PAEP also provides recommendations relating to matters potentially affecting critical U.S Government or security functions that NASA systems support. The PAEP is the NASA representative to the Space Security and Defense Program (SSDP), National Space Defense Center (NSDC), Combined Space Operations Center (CSpOC), and similar entities and functions.

1.2 Overview

1.2.1 The PAEP leads the cross-Agency EPP to provide advice and recommendations on threats and associated Agency vulnerabilities, risks, mitigations, and protection of NASA programs, projects, and activities. The PAEP also serves as Executive of the EPB under the authority of the Agency Program Management Council (APMC).

1.2.2 The PAEP and the EPP integrate Agency protection efforts. The PAEP and EPP focus on threats that are cross-Agency, that may impact national security, or that may impact a system critical to NASA or the U.S. Government. As an integrator, the PAEP will facilitate discussions with external agencies on threats, risks, and mitigations. The PAEP does not supplant the authorities or responsibilities of Mission Directorate Associate Administrators or Officials-in-Charge for the protection of systems under their cognizance.

1.2.3 The PAEP and EPP will use threat information, including classified threat information, and insight into system protection activities of Mission Directorates and Offices to integrate system protection work across the Agency. This information and insight will inform the work and recommendations of the PAEP and EPP to ensure resilience of the enterprise.

1.2.4 The effectiveness of the PAEP and EPP is highly dependent upon the quality and timeliness of information available from Mission Directorates and Offices, including the Office of Protective Services Intelligence Division and Counterintelligence Division.

1.2.5 The relationship of the EPP to selected NASA organizations is shown in Figure 1.

Figure 1 shows the Relationship of Enterprise Protection Program

Figure 1, Relationship of Enterprise Protection Program
to Other NASA Organizations

1.2.6 The PAEP organizes and manages the EPB, chartered under the authority of the APMC.

1.2.7 The Associate Administrator is Chair of the EPB, and the PAEP serves as Executive of the EPB.

1.2.8 Much of the work of the PAEP and EPP involves the use of classified threat and technical information. As a result, the PAEP and NASA EPP representatives from Mission Directorates, Offices, and Centers shall hold Top Secret/Sensitive Compartmented Information clearances.

| NODIS Library | Organization and Administration(1000s) | Search |

DISTRIBUTION:
NODIS