| NODIS Library | Organization and Administration(1000s) | Search |

NPR 1600.4A
Effective Date: April 08, 2016
Expiration Date: August 08, 2024
Printable Format (PDF)

Subject: Identity and Credential Management

Responsible Office: Office of Protective Services

| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | AppendixA | AppendixB | AppendixC | AppendixD | AppendixE | ALL |


P.1 Purpose

a. This National Aeronautics and Space Administration (NASA) directive establishes Agency-wide identity, credential, and access management policy and establishes high-level implementation requirements as set forth in NASA Policy Directive (NPD) 1600.2, NASA Security Policy, as amended. Identity, credential, and access management are the activities that deal with identifying individuals and controlling their access to resources (e.g., facilities and information technology (IT) systems) by associating user rights and restrictions with the established identity.

b. This NASA directive prescribes personnel responsibilities and procedural requirements for the creation, usage, and management of identities and the creation and issuance of identity credentials to assist NASA Centers and Component Facilities in executing the NASA security program to protect people, property, and information.

P.2 Applicability

a. This NASA directive is applicable to NASA Headquarters and NASA Centers, including Component Facilities and Technical and Service Support Centers. This language applies to Jet Propulsion Laboratory (JPL), a Federally Funded Research and Development Center (FFRDC), employees, JPL personnel, other contractors, grant recipients (to include recipients of cooperative agreements), or parties to agreements only to the extent specified or referenced in the appropriate contracts, grants, or agreements.

b. This NASA directive is applicable to all other personnel completing work through Space Act Agreements, Memorandums of Agreement/Understanding, or other applicable agreements, those assigned or detailed under the Intergovernmental Personnel Act, partners, and visitors.

c. In this directive, all mandatory actions (i.e., requirements) are denoted by statements containing the term "shall" or "must." The terms: "may" or "can" denote discretionary privilege or permission, "should" denotes a good practice and is recommended, but not required, "will" denotes expected outcome, and "are/is" denotes descriptive material.

d. In this directive, "NASA directives" refers to both Agency-level and Center-level directives.

e. In this directive, all document citations are assumed to be the latest version unless otherwise noted.

f. This directive is applicable to NASA directives developed or revised after the effective date of this NPR.

P.3 Authority

National and Commercial Space Programs, 51 United States Code (U.S.C.) § 20132, Public Law (Pub. L.) 111-314, 124 Stat. 3328 (2010).

P.4 Applicable Documents and Forms

a. E-Government Act of 2002, 44 U.S.C. § 101.

b. Privacy Act of 1974, 5 U.S.C. § 552a.

c. Rehabilitation Act of 1973, 29 U.S.C. § 701.

d. Paperwork Reduction Act of 1980, 44 U.S.C. §§ 3501-3521.

e. Fraud and Related Activity in Connection with Computers, 18 U.S.C. § 1030.

f. Numbering System for Federal Accounts Relating to Individual Persons, Executive Order (E.O.) 9397, (1943).

g. Exchange Visitor Program, 22 CFR 62.

h. Office of Management and Budget (OMB) Memo M-05-24, August 5, 2005, "Implementation of Homeland Security Presidential Directive (HSPD)-12, Policy for a Common Identification Standards for Federal Employees and Contractors."

i. NASA Procedural Directive (NPD) 1050.1, Authority to Enter Into Space Act Agreements.

j. NPD 1382.17, NASA Privacy Policy.

k. NPD 1440.6, NASA Records Management.

l. NASA Procedural Requirement (NPR) 1382.1, NASA Privacy Procedural Requirements.

m. NPR 1441.1, NASA Records Retention Schedules.

n. NPR 1600.1, Security Program Procedural Requirement.

o. NPR 1600.3, NASA Personnel Security.

p. NPR 1660.1, NASA Counterintelligence and Counterterrorism.

q. NPR 2190.1, NASA Export Control Program.

r. NPR 2200.2, Requirements for Documentation, Approval, and Dissemination of NASA Scientific and Technical Information.

s. NPR 2810.1, Security of Information Technology.

t. NPR 2841.1, Identity, Credential, and Access Management Services.

u. NASA Identity Management and Account Exchange (IdMAX) System.

v. Department of Homeland Security, United States Customs and Border Protection, Form I-94, Arrival/Departure Record.

w. Homeland Security Presidential Directive 12 (HSPD-12), April 27, 2004.

x. Federal Information Processing Standards Publication (FIPS) 201-2, Personal Identity Verification (PIV) of Federal Employees and Contractors.

y. Federal Identity Credential and Access Management (FICAM) Roadmap and Implementation Guidance, December 2, 2011.

z. NIST SP 800-79-2, Guidelines for the Certification and Accreditation of Personal Identity Verification Card Issuers.

aa. NIST SP 800-104, A Scheme for PIV Visual Card Topography.

bb. Office of Personnel Management Electronic Questionnaire for Investigation Processing (e-QIP) System.

cc. Office of Personnel Management (OPM) Federal Investigations Notice No. 10-05, May 17, 2010, "Reminder to Agencies of the Standards for Issuing Credentials under HSPD-12."

P.5 Measurement/Verification

To determine compliance with this NASA directive, the Office of Protective Services (OPS) shall provide assessments/audits of the application of this policy requirement. This will consist of periodic reporting from the Centers, including information collected for the satisfaction of OMB. The specific metrics utilized will conform to those described in the latest version of the Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance.

P.6 Cancellation

a. NPR 1600.4, Identity and Credential Management, dated August 12, 2012.

b. Memorandum for Center Directors, dated April 2, 2014, "Interim Policy Regarding Foreign National Access Management."

| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | AppendixA | AppendixB | AppendixC | AppendixD | AppendixE | ALL |
| NODIS Library | Organization and Administration(1000s) | Search |


This document does not bind the public, except as authorized by law or as incorporated into a contract. This document is uncontrolled when printed. Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct version before use: https://nodis3.gsfc.nasa.gov.