| NODIS Library | Legal Policies(2000s) | Search |

NASA Ball NASA
Procedural
Requirements
NPR 2800.1B
Effective Date: March 20, 2009
Expiration Date: December 20, 2019
COMPLIANCE IS MANDATORY
Printable Format (PDF)

(NASA Only)

Subject: Managing Information Technology

Responsible Office: Office of the Chief Information Officer


| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | Chapter7 | Chapter8 | Chapter9 | Chapter10 | Chapter11 | Chapter12 | AppendixA | AppendixB | ALL |

Chapter 3. IT Policy and Compliance Management

3.1 IT Policy and Compliance Management Requirement

NASA shall manage, develop, and/or enforce applicable Federal and Agency policies, procedures, standards, and guidelines related to IT investments throughout the investments' life cycle. Applicable policy, procedures, standards, and guidelines include the management, use, availability, accessibility, integrity, privacy, disclosure, and preservation and disposal of records, information, and information systems.

3.2 Background

3.2.1 NASA's IT policy is intended to implement and communicate the Agency's IT strategy in a manner that also meets requirements of Federal statutes, regulations, and other directives. Due to the rapid progression of information technology capabilities and the dynamic regulatory environment, NASA utilizes a combination of mechanisms to maintain a controlled IT environment in pace with the degree of change. In addition to NPDs and NPRs (per NPR 1400.1, NASA Directives Procedural Requirements), the NASA CIO uses NASA Interim Directives (NIDs) to communicate requirements, policy, and compliance requirements that shall be implemented immediately or for short-term use. Per NPR 1400.1, NIDs include policy memorandums or any other issuance intended to impose policy or requirements at the Agency level. NASA IT Requirements (NITRs) are forms of NIDs within the IT policy arena. NASA CIO memoranda are also forms of NIDs, when so designated in the subject line of the memorandum.

3.3 IT Policy and Compliance Management Roles and Responsibilities

3.3.1 NASA CIO Responsibilities

3.3.1.1 The NASA CIO shall develop policy in accordance with NPR 1400.1 (NASA Directives Procedural Requirements), including the issuance of NIDs, to implement NASA IT strategy and to ensure NASA compliance with Federal requirements.

3.3.1.2 The NASA CIO shall implement measures to periodically assess compliance with NASA IT policy in accordance with NASA internal control requirements.

3.3.1.3 The NASA CIO shall develop NITRs in accordance with Standard Operating Procedure (SOP) ITS-SOP-0004, "NASA's Information Technology Requirement (NITR) Procedures."

3.3.2 Center CIO Responsibilities

3.3.2.1 Center CIOs shall take measures to implement NASA IT policy, including NIDs, to the extent applicable at their Center.

3.3.2.2 Center CIOs shall implement measures to periodically assess compliance with NASA IT policy at their Centers in accordance with NASA internal control requirements.

3.3.3 The NASA CIO, in coordination with the Office of Procurement, shall ensure that NASA IT policy is reflected in procurements and other acquisitions for programmatic and institutional products and services.

3.3.4 The NASA Deputy CIO for IT Security shall be responsible for maintaining ITS-SOP-0004, "NASA's Information Technology Requirement (NITR) Procedures."



| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | Chapter7 | Chapter8 | Chapter9 | Chapter10 | Chapter11 | Chapter12 | AppendixA | AppendixB | ALL |
 
| NODIS Library | Legal Policies(2000s) | Search |

DISTRIBUTION:
NODIS


This Document Is Uncontrolled When Printed.
Check the NASA Online Directives Information System (NODIS) Library
to Verify that this is the correct version before use: http://nodis3.gsfc.nasa.gov