| NODIS Library | Legal Policies(2000s) | Search |

NASA
Procedural
Requirements

NPR 2810.1F
Effective Date: January 03, 2022
Expiration Date: January 03, 2027

COMPLIANCE IS MANDATORY FOR NASA EMPLOYEES

Subject: Security of Information and Information Systems

Responsible Office: Office of the Chief Information Officer

Chapter 4. Detect Function

4.1 Anomalies and Events

4.1.1 Overview

4.1.1.1 This section establishes requirements and processes for detection of anomalous activity and understanding such activity’s potential impact.

4.1.2 Anomaly and Event Detection Policy

4.1.2.1 The CIO shall collect information from the ISOs to determine the baseline of network operations and expected data flows for users and systems.

4.1.2.2 The SAISO shall:

a. Ensure the capability to detect anomalous events on NASA information systems and networks.

b. Establish procedures for detecting, analyzing, and responding to anomalous events.

4.1.2.3 The ISO shall provide the CIO with a baseline of network operations and expected data flows for systems under their control.

4.1.2.4 The ISSO shall assist in developing event containment and remediation strategies to minimize impact to an information system.

4.2 Security Continuous Monitoring

4.2.1 Overview

4.2.1.1 This section establishes requirements for continuous monitoring of information systems.

4.2.2 Continuous Monitoring Policy

4.2.2.1 The SAISO shall:

a. Develop and implement a strategy for continuous monitoring of NASA information systems.

b. Define the acceptability, and requirements for use, of cybersecurity monitoring tools for use across the agency.

4.2.2.2 The ISO shall:

a. Ensure capabilities to continuously monitor the security posture of their information system.

b. Ensure that SAISO-required cybersecurity monitoring tools are deployed to all components of their information system to collect information, and to track all events of interest.

c. Develop and implement a strategy for continuous monitoring of their information system, which is consistent with the Agency strategy for continuous monitoring.

d. Perform continuous monitoring of their information system and keep the AO informed of continuous monitoring results in support of the ongoing authorization of their information system, in accordance with NASA's implementation of the RMF.

4.2.2.3 The Center CISO, supported by the CCRM, shall meet all continuous monitoring requirements.

4.2.3 Malicious and Unauthorized Code Detection Policy

4.2.3.1 The SAISO shall:

a. Define requirements for tools to detect malicious or unauthorized software and malicious or unauthorized changes to software or configuration.

b. Ensure such detection capability extends to mobile devices having access to NASA networks.

4.2.3.2 The ISO shall ensure their system uses SAISO-required tools to detect malicious or unauthorized software and malicious or unauthorized changes to software or configuration.

4.2.4 Vulnerability Scanning Policy

4.2.4.1 The SAISO shall:

a. Define requirements for tools to scan NASA information systems for vulnerabilities.

b. Regularly review and approve the use of Agency tools for vulnerability scanning.

4.2.4.2 The Center CIO shall ensure vulnerability scanning and remediation activities are being conducted at their Center using SAISO-required tools.

4.2.4.3 The Center CISO shall ensure that all information systems and devices on NASA networks are scanned for vulnerabilities.

4.2.4.4 The ISSO shall ensure that their information systems are regularly scanned for vulnerabilities or flaws that will then be remediated using SAISO-required tools, per 3.4.11.3.

4.3 Detection Processes

4.3.1 Overview

4.3.1.1 This section establishes requirements for detection processes and procedures.

4.3.2 Detection Process Policy

4.3.2.1 The SAISO shall:

a. Ensure that detection processes and procedures comply with all requirements (e.g., law, regulations, guidance, or other NASA NPDs and NPRs).

b. Establish a process to test and continuously improve detection processes and procedures.