Effective Date: March 20, 2009
Expiration Date: December 20, 2019
|| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | Chapter7 | Chapter8 | Chapter9 | Chapter10 | Chapter11 | Chapter12 | AppendixA | AppendixB | ALL ||
NASA shall ensure the appropriate confidentiality, integrity, and availability of information residing on, or processed by, NASA's automated information systems through implementation and enforcement of risk-based policies, procedures, standards, guidelines, control techniques, and training mechanisms.
8.2.1 NASA is highly dependent upon its computer systems and the information they contain for the success of its missions. Security threats to NASA's and other agencies' IT assets are increasing in number, complexity, and severity. Responding to these threats requires a robust IT security program that, while protecting NASA's systems and information, does not impede the Agency's use of IT to accomplish its mission.
8.2.2 The Office of the CIO has issued policy in the form of NPR 2810.1, Security of Information Technology, as well as SOPs and management letters that are responsive to the rapidly-developing IT security threat environment, as well as to Congressional and OMB direction for Government-wide response.
8.3.1 The NASA CIO shall ensure that policies that address both external and internal IT security threats are developed and maintained.
8.3.2 The Deputy CIO for IT Security shall develop and maintain NASA IT security policies.
8.3.3 Center CIOs shall ensure that NASA IT security policies are implemented at their Centers.
8.3.4 Program and project managers shall implement the requirements of NASA IT security policies in their programs and projects.
| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | Chapter7 | Chapter8 | Chapter9 | Chapter10 | Chapter11 | Chapter12 | AppendixA | AppendixB | ALL |
|| NODIS Library | Legal Policies(2000s) | Search ||