Effective Date: January 03, 2022
Expiration Date: January 03, 2027
|| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | AppendixA | AppendixB | AppendixC | AppendixD | AppendixE | ALL ||
184.108.40.206 This section establishes requirements and processes for detection of anomalous activity and understanding such activity’s potential impact.
4.1.2 Anomaly and Event Detection Policy
220.127.116.11 The CIO shall collect information from the ISOs to determine the baseline of network operations and expected data flows for users and systems.
18.104.22.168 The SAISO shall:
a. Ensure the capability to detect anomalous events on NASA information systems and networks.
b. Establish procedures for detecting, analyzing, and responding to anomalous events.
22.214.171.124 The ISO shall provide the CIO with a baseline of network operations and expected data flows for systems under their control.
126.96.36.199 The ISSO shall assist in developing event containment and remediation strategies to minimize impact to an information system.
188.8.131.52 This section establishes requirements for continuous monitoring of information systems.
4.2.2 Continuous Monitoring Policy
184.108.40.206 The SAISO shall:
a. Develop and implement a strategy for continuous monitoring of NASA information systems.
b. Define the acceptability, and requirements for use, of cybersecurity monitoring tools for use across the agency.
220.127.116.11 The ISO shall:
a. Ensure capabilities to continuously monitor the security posture of their information system.
b. Ensure that SAISO-required cybersecurity monitoring tools are deployed to all components of their information system to collect information, and to track all events of interest.
c. Develop and implement a strategy for continuous monitoring of their information system, which is consistent with the Agency strategy for continuous monitoring.
d. Perform continuous monitoring of their information system and keep the AO informed of continuous monitoring results in support of the ongoing authorization of their information system, in accordance with NASA's implementation of the RMF.
18.104.22.168 The Center CISO, supported by the CCRM, shall meet all continuous monitoring requirements.
4.2.3 Malicious and Unauthorized Code Detection Policy
22.214.171.124 The SAISO shall:
a. Define requirements for tools to detect malicious or unauthorized software and malicious or unauthorized changes to software or configuration.
b. Ensure such detection capability extends to mobile devices having access to NASA networks.
126.96.36.199 The ISO shall ensure their system uses SAISO-required tools to detect malicious or unauthorized software and malicious or unauthorized changes to software or configuration.
4.2.4 Vulnerability Scanning Policy
188.8.131.52 The SAISO shall:
a. Define requirements for tools to scan NASA information systems for vulnerabilities.
b. Regularly review and approve the use of Agency tools for vulnerability scanning.
184.108.40.206 The Center CIO shall ensure vulnerability scanning and remediation activities are being conducted at their Center using SAISO-required tools.
220.127.116.11 The Center CISO shall ensure that all information systems and devices on NASA networks are scanned for vulnerabilities.
18.104.22.168 The ISSO shall ensure that their information systems are regularly scanned for vulnerabilities or flaws that will then be remediated using SAISO-required tools, per 22.214.171.124.
126.96.36.199 This section establishes requirements for detection processes and procedures.
4.3.2 Detection Process Policy
188.8.131.52 The SAISO shall:
a. Ensure that detection processes and procedures comply with all requirements (e.g., law, regulations, guidance, or other NASA NPDs and NPRs).
b. Establish a process to test and continuously improve detection processes and procedures.
| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | AppendixA | AppendixB | AppendixC | AppendixD | AppendixE | ALL |
|| NODIS Library | Legal Policies(2000s) | Search ||
This document does not bind the public, except as authorized by law or as incorporated into a contract. This document is uncontrolled when printed. Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct version before use: https://nodis3.gsfc.nasa.gov.