Procedural
Requirements
Effective Date: October 29, 2019
Expiration Date: October 07, 2024
|
|
NASA Procedural Requirements |
NPR 2810.2 Effective Date: October 29, 2019 Expiration Date: October 07, 2024 |
| | TOC | ChangeHistory | Preface | Chapter1 | Chapter2 | AppendixA | AppendixB | ALL | |
The NASA CIO shall maintain and review this NPR, and update this NPR and other related policy documents as required or appropriate.
2.2.1 The NASA Senior Agency Information Security Official (SAISO) shall:
a. Develop and disseminate guidance on safeguarding NASA IT devices to NASA international travelers and other NASA employees that study, work, or conduct other activities abroad.
b. Develop and disseminate the standards and conditions for IT devices to be authorized for use on international travel.
2.3.1 Center CIOs, or their designees, shall:
a. Review and process requests to authorize use of NASA equipment during international travel.
b. Ensure that loaner devices or temporary devices are available and are properly configured for NASA use while on international travel.
2.4.1 Center CISOs, or their designees, shall:
a. Ensure international travelers are made aware of IT Security requirements and this NPR prior to departure.
b. Review NASA IT devices returning from international travel and ensure all required mitigation actions (currently scanning, wiping and re-imaging the hard drive or mobile device to a known good state) are taken prior to authorizing the re-connection of the NASA IT devices directly within the Trusted Internet Connection boundary.
2.5. NASA personnel on personal travel outside the U.S. or U.S. territories shall not travel with NASA devices or access NASA internal data via their personal devices or the MDM application. Should circumstances require a NASA device during personal international travel, the traveler shall obtain their supervisor's approval, and coordinate with the Center OCIO to obtain a NASA device for international travel. If approval is granted, all requirements of this policy apply.
2.5.1. NASA personnel, on official international travel and traveling with a NASA IT device or NASA information, are responsible for safeguarding the device and information and shall:
a. Take only the NASA information which will be needed for NASA work during official international travel.
b. Not access or transport NASA SBU, CUI, or other sensitive information unless access is required for the performance of duties while on official international travel and, if required, only access SBU, CUI, or other sensitive information using authorized IT devices while on international travel.
c. Not connect device to any other device for data transfer.
d. Only use the power cords and chargers provided by NASA or the device vendor for power/charging. Users should not connect device to public USB charging outlets (such as those in airports, hotels, on airplanes or automobiles) unless urgent.
e. When a device is in use but not connected to a Government issued or Government controlled wireless access point, the device shall be placed in Airplane mode to prevent potential erroneous transmissions.
f. Be aware that belongings may be searched multiple times and electronic media copied.
g. Report loss, damage, tampering, or suspected tampering of NASA IT devices, sensitive information, and any IT devices containing NASA information, to the NASA SOC within 24 hours.
h. Secure NASA devices and NASA information at all times while outside the U.S. and U.S. territories, including but not limited to, while in hotels, in luggage, and in rental vehicles.
i. Notify the servicing NASA Counterintelligence Office if experiencing the following while on foreign travel:
(1) Any incident of suspected tampering or unauthorized access of NASA IT devices.
(2) Unusual or suspicious changes in the operation of your device or operating system.
(3) Attempts by foreign national or representatives of a foreign Government to possess or access NASA IT devices.
(4) Unusual or suspicious overtures by a foreign entity to acquire NASA SBU, CUI, or other sensitive information outside established official channels.
i. While on international travel, NASA IT devices shall only be used for official business use and shall not be shared with other individuals, to include family or friends.
j. Users shall not download, install, or update applications from public and/or private App Stores while on international travel.
2.6.1 Center Foreign Travel Coordinators shall:
a. Include an overview of this policy in informational materials and training for NASA travelers.
b. Update and maintain travel form templates and systems to reflect the requirements of this policy within a reasonable and cost effective manner.
c. Verify that the traveler has a signed export authorization for all NASA hardware, software, and technical information prior to traveler departure.
d. Address any questions the NASA SOC or the cognizant Center CISO may have of upcoming approved international travel.
2.7.1 The NASA SOC shall:
a. Open a NASA security incident ticket for any detected access from outside the U.S. and U.S. territories, including at points of entry/exit by any US CBP or foreign officials, to any NASA systems, networks, and data not intended for access by the general public by any user whose travel information is not on file with the NASA SOC.
b. Notify the NASA Counterintelligence Cyber Analyst of any incursion opportunities or activity.
c. Maintain travel information in a secure repository accessible to Center CISOs, Center Incident Response Teams, and other authorized NASA personnel who require travel information.
| TOC | ChangeHistory | Preface | Chapter1 | Chapter2 | AppendixA | AppendixB | ALL | |
| | NODIS Library | Legal Policies(2000s) | Search | |
This document does not bind the public, except as authorized by law or as incorporated into a contract. This document is uncontrolled when printed. Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct version before use: https://nodis3.gsfc.nasa.gov.