Effective Date: March 20, 2009
Expiration Date: December 20, 2019
|| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | Chapter7 | Chapter8 | Chapter9 | Chapter10 | Chapter11 | Chapter12 | AppendixA | AppendixB | ALL ||
NASA shall manage, develop, and/or enforce applicable Federal and Agency policies, procedures, standards, and guidelines related to IT investments throughout the investments' life cycle. Applicable policy, procedures, standards, and guidelines include the management, use, availability, accessibility, integrity, privacy, disclosure, and preservation and disposal of records, information, and information systems.
3.2.1 NASA's IT policy is intended to implement and communicate the Agency's IT strategy in a manner that also meets requirements of Federal statutes, regulations, and other directives. Due to the rapid progression of information technology capabilities and the dynamic regulatory environment, NASA utilizes a combination of mechanisms to maintain a controlled IT environment in pace with the degree of change. In addition to NPDs and NPRs (per NPR 1400.1, NASA Directives Procedural Requirements), the NASA CIO uses NASA Interim Directives (NIDs) to communicate requirements, policy, and compliance requirements that shall be implemented immediately or for short-term use. Per NPR 1400.1, NIDs include policy memorandums or any other issuance intended to impose policy or requirements at the Agency level. NASA IT Requirements (NITRs) are forms of NIDs within the IT policy arena. NASA CIO memoranda are also forms of NIDs, when so designated in the subject line of the memorandum.
3.3.1 NASA CIO Responsibilities
184.108.40.206 The NASA CIO shall develop policy in accordance with NPR 1400.1 (NASA Directives Procedural Requirements), including the issuance of NIDs, to implement NASA IT strategy and to ensure NASA compliance with Federal requirements.
220.127.116.11 The NASA CIO shall implement measures to periodically assess compliance with NASA IT policy in accordance with NASA internal control requirements.
18.104.22.168 The NASA CIO shall develop NITRs in accordance with Standard Operating Procedure (SOP) ITS-SOP-0004, "NASA's Information Technology Requirement (NITR) Procedures."
3.3.2 Center CIO Responsibilities
22.214.171.124 Center CIOs shall take measures to implement NASA IT policy, including NIDs, to the extent applicable at their Center.
126.96.36.199 Center CIOs shall implement measures to periodically assess compliance with NASA IT policy at their Centers in accordance with NASA internal control requirements.
3.3.3 The NASA CIO, in coordination with the Office of Procurement, shall ensure that NASA IT policy is reflected in procurements and other acquisitions for programmatic and institutional products and services.
3.3.4 The NASA Deputy CIO for IT Security shall be responsible for maintaining ITS-SOP-0004, "NASA's Information Technology Requirement (NITR) Procedures."
| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | Chapter7 | Chapter8 | Chapter9 | Chapter10 | Chapter11 | Chapter12 | AppendixA | AppendixB | ALL |
|| NODIS Library | Legal Policies(2000s) | Search ||