Effective Date: June 14, 2019
Expiration Date: June 14, 2024
|| TOC | ChangeLog | Preface | Chapter1 | Chapter2 | AppendixA | AppendixB | AppendixC | ALL ||
Note: This chapter defines the responsibilities of key officials in the EPP. The roles and responsibilities of senior NASA management, along with fundamental principles of governance, are defined in NPD 1000.0 and further described in NPD 1000.3.
2.1.1 The Associate Administrator:
a. Is the Agency decision maker for enterprise protection decisions, actions, and direction that are not adjudicated at lower levels.
b. Chairs the EPB.
c. Provides resources for EPP implementation and operation, including budget and personnel.
2.2.1 The PAEP shall:
a. Lead the cross-Agency EPP.
b. Manage and operate the EPB.
c. Serve as the NASA representative to the SSDP, NSDC, CSpOC, and similar entities and functions.
d. Remain aware of the threat environment.
e. Identify and propose enterprise and system protection recommendations to existing policies, requirements, budgeting, acquisition, design, and development processes.
f. Integrate cross-Agency threat and protection issues by identifying cross-Agency gaps and vulnerabilities to enterprise or systems.
g. Review U.S. Government national space protection policies and strategies for potential application to NASA enterprise and system protection.
h. Advise the Associate Administrator, EPB, Officials-in-Charge of Headquarters Offices, Mission Directorates Associate Administrators, Center Directors, Program Directors, Program Managers, and Project Managers on threats, vulnerabilities, susceptibilities, and mitigations for NASA programs, projects, and activities, with an emphasis on issues that are cross-Agency, pertain to national security, or pertain to systems critical to NASA or the U.S. Government.
i. Develop an EPP Program Plan to describe and govern the operation of the EPP.
j. Obtain and direct subject-matter experts with Top Secret/Sensitive Compartmented Information clearance for the EPP through reassignments, details, interagency support, and commercial services.
k. Review and approve all proposed NASA activities with the SSDP, NSDC, CSpOC, and similar entities and functions based on appropriateness, consistency, and alignment of such activities within NASA.
l. Develop the EPP annual workplan, including any related budget requests.
2.3.1 Officials-in-Charge of Headquarters Offices, Mission Directorates Associate Administrators, Center Directors, Program Directors, Program Managers, and Project Managers shall:
a. Maintain awareness of threats to the enterprise and to systems, including flight systems, ground systems, and supporting infrastructure systems, with emphasis on those systems under the responsibility or control of the Official-in-Charge, Mission Directorate Associate Administrators, Center Directors, Program Directors, Program Managers, or Project Managers.
b. Document in risk management systems the risks derived from threats, risk mitigation, and acceptance of residual risk to systems, including flight systems, ground systems, and supporting infrastructure systems.
c. Support the PAEP, EPP, and EPB in execution of the responsibilities and requirements of this directive for the protection of space systems, aeronautical systems, ground systems, and infrastructure systems.
d. Implement enterprise protection recommendations and requirements of the PAEP approved by the EPB, subject to statutory requirements.
e. Provide subject-matter expert staffing to the EPP as requested or needed in a timely manner.f. For NASA programs and projects started after February 1, 2019, program and project managers shall implement the requirements contained in NASA-STD-1006, Space System Protection Standard, tailored in accordance with the Office of the Chief Engineer's (OCE) procedures. For all other existing NASA programs and projects, the program and project managers shall determine, in coordination with OCE, which requirements contained in NASA-STD-1006 to implement based on current malicious threat information.
2.4.1 The APMC shall:
a. Charter the EPB.
b. Review and approve the EPP annual operating plan and budget.
2.5 NASA Enterprise Protection Board (EPB)
The EPB operates in accordance with its charter, NC 1000.40, Enterprise Protection Program Board, accessible in the NODIS Document Library at https://nodis3.gsfc.nasa.gov/OPD_docs/ NC_1000_40_.pdf.
| TOC | ChangeLog | Preface | Chapter1 | Chapter2 | AppendixA | AppendixB | AppendixC | ALL |
|| NODIS Library | Organization and Administration(1000s) | Search ||
This document does not bind the public, except as authorized by law or as incorporated into a contract. This document is uncontrolled when printed. Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct version before use: https://nodis3.gsfc.nasa.gov.