| NODIS Library | Legal Policies(2000s) | Search |

NASA Ball NASA
Procedural
Requirements
NPR 2800.1B
Effective Date: March 20, 2009
Expiration Date: December 20, 2019
COMPLIANCE IS MANDATORY
Printable Format (PDF)

(NASA Only)

Subject: Managing Information Technology

Responsible Office: Office of the Chief Information Officer


| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | Chapter7 | Chapter8 | Chapter9 | Chapter10 | Chapter11 | Chapter12 | AppendixA | AppendixB | ALL |

Chapter 8. IT Security Management

8.1 IT Security Management Requirement

NASA shall ensure the appropriate confidentiality, integrity, and availability of information residing on, or processed by, NASA's automated information systems through implementation and enforcement of risk-based policies, procedures, standards, guidelines, control techniques, and training mechanisms.

8.2 Background

8.2.1 NASA is highly dependent upon its computer systems and the information they contain for the success of its missions. Security threats to NASA's and other agencies' IT assets are increasing in number, complexity, and severity. Responding to these threats requires a robust IT security program that, while protecting NASA's systems and information, does not impede the Agency's use of IT to accomplish its mission.

8.2.2 The Office of the CIO has issued policy in the form of NPR 2810.1, Security of Information Technology, as well as SOPs and management letters that are responsive to the rapidly-developing IT security threat environment, as well as to Congressional and OMB direction for Government-wide response.

8.3 IT Security Management Roles and Responsibilities

8.3.1 The NASA CIO shall ensure that policies that address both external and internal IT security threats are developed and maintained.

8.3.2 The Deputy CIO for IT Security shall develop and maintain NASA IT security policies.

8.3.3 Center CIOs shall ensure that NASA IT security policies are implemented at their Centers.

8.3.4 Program and project managers shall implement the requirements of NASA IT security policies in their programs and projects.



| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | Chapter7 | Chapter8 | Chapter9 | Chapter10 | Chapter11 | Chapter12 | AppendixA | AppendixB | ALL |
 
| NODIS Library | Legal Policies(2000s) | Search |

DISTRIBUTION:
NODIS


This Document Is Uncontrolled When Printed.
Check the NASA Online Directives Information System (NODIS) Library
to Verify that this is the correct version before use: http://nodis3.gsfc.nasa.gov