Procedural
Requirements
Effective Date: August 03, 2025
Expiration Date: August 03, 2030
|
|
NASA Procedural Requirements |
NPR 1600.4B Effective Date: August 03, 2025 Expiration Date: August 03, 2030 |
| | TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | AppendixA | AppendixB | AppendixC | ALL | |
1.1.1 This NASA directive establishes the policies and high-level procedures that will be used throughout NASA to achieve consistency in Identity, Credential, and Access Management (ICAM). Strong ICAM business processes and practices which adhere to Federal requirements and guidance support a secure environment where trusted individuals are granted appropriate access to approved assets in order to conduct business.
1.1.2 ICAM business processes include all the processes necessary to support proofing and vetting the identity of all individuals requiring access (physical, logical, or both) to NASA assets. ICAM business processes also include issuing credential and granting access based on favorable identity proofing and vetting. The governance structure that has been established for ICAM business processes is documented in NPR 2841.1, Identity, Credential, and Access Management Services.
1.2.1 The policies and procedures identified within this document define the approved processes for NASA to manage personal identities and their associated enrollment records, and the issuance of NASA Personal Identity Verification (PIV) credentials. This NPR also establishes the policy for the management of Agency Smart Badges (ASB), Center-specific badges, and visitor passes. Logical access tokens are not covered in this document. Use of vetted and bound identities for physical access is covered by NPR 1600.1 and NPR 1620.3, and logical access is covered by NPR 2810.1, Security of Information and Information Systems. The policies and procedures for granting remote only IT access to foreign nationals are described in this NPR. The policies and procedures necessary to properly manage ICAM services as an integrated end-to-end service to improve security, efficiency, and inter-Center collaboration are covered in NPR 2841.1.
1.2.2 This policy covers the creation, issuance, and use of NASA PIV Smartcards, Agency Smart Badges, Center-specific badges, and visitor passes; collectively referred to as credentials. Credentials derived from the NASA PIV Smartcard or Agency Smart Badge are covered by this NPR. Other logical credentials or access tokens not bound to the enrollment record and or derived from a smartcard certificate are covered in NPR 2841.1.
1.3.1 Situations may arise for which a deviation from specific requirements established by this NPR is required. Waiver/exception requests may be submitted for a deviation from the specific requirements for that specific situation and timeframe.
1.3.2 Approval authority for all waivers/exceptions to this NPR resides with the Assistant Administrator (AA), Office of Protective Services (OPS) who may delegate this authority as necessary.
1.3.3 Blanket waivers/exceptions to NPR requirements shall not be issued.
1.3.4 Waiver/exception requests shall be processed in accordance with the requirements of NPR 1600.1, section 1.4, Exceptions and Waivers.
| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | AppendixA | AppendixB | AppendixC | ALL | |
| | NODIS Library | Organization and Administration(1000s) | Search | |
This document does not bind the public, except as authorized by law or as incorporated into a contract. This document is uncontrolled when printed. Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct version before use: https://nodis3.gsfc.nasa.gov.