Procedural
Requirements
Effective Date: January 03, 2022
Expiration Date: January 03, 2027
|
|
NASA Procedural Requirements |
NPR 2810.1F Effective Date: January 03, 2022 Expiration Date: January 03, 2027 |
| | TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | AppendixA | AppendixB | AppendixC | AppendixD | AppendixE | ALL | |
5.1.1 Overview
5.1.1.1 This section establishes requirements for processes and procedures to ensure response to an Incident.
5.1.1.2 An incident response and management capability is necessary for rapidly responding to incidents, minimizing loss and destruction, mitigating the weaknesses that were exploited, and restoring computing services. The NASA Security Operations Center (SOC) provides centralized Agency coordination for information security incident management, response preparation, identification, analysis, communication, containment, eradication, recovery, and follow-up activities.
5.1.2 Incident Response Planning Policy
5.1.2.1 The CIO shall allocate resources for a NASA-wide SOC and Incident Response Teams.
5.1.2.2 The SAISO shall:
a. Implement and manage a NASA-wide SOC.
b. Designate an Agency Incident Response Manager for cybersecurity incidents.
c. Develop and maintain a NASA-wide Incident Response Plan, which shall contain processes and procedures for detecting, reporting, analyzing, and responding to information security incidents.
d. Oversee all activities related to incident response and management.
5.1.2.3 The Center CIO shall support information security investigations.
5.1.2.4 The Center CISO shall:
a. Coordinate with the SOC and the Agency Incident Response Manager to assist all incident response efforts and management policies, procedures, investigations, and reporting for all information systems at their Center.
b. Support the SOC and the Agency Incident Response Manager with all incident response tests, training, and exercises for their Center information systems.
5.2.1 Overview
5.2.1.1 This section establishes requirements for the communications and coordination elements of a response to an incident.
5.2.2 Incident Communications and Coordination Policy
5.2.2.1 The SAISO shall:
a. Include elements providing for coordination with internal and external stakeholders (e.g., external support from law enforcement agencies) in the incident response plan required by section 5.1.2.2c.
b. Support investigations into information security incidents related to criminal activity, counterintelligence, or counterterrorism.
c. Support investigations into information security incidents initiated by the Office of the General Counsel, the Office of Chief Human Capital Officer, a Center's Office of Human Resources, and a Center's Office of the Chief Counsel.
d. Refer any suspected criminal, counterintelligence, or counterterrorism activity to the OIG and OPS.
e. Ensure that incidents are reported to external agencies as directed by laws and regulations.
5.2.2.2 The Center CISO coordinates between the incident response team and the Center privacy managers regarding breach response and handling of incidents related to sensitive information.
5.2.2.3 The ISO shall:
a. Designate individuals responsible for incident response reporting and management of their information system.
b. Handle incident information in accordance with all data sensitivity requirements.
c. Support information security investigations.
5.2.2.4 The ISSO shall report all suspected or confirmed information security incidents in a timely manner.
5.2.2.5 The NASA User shall report immediately all suspected, or actual, information security incidents to the SOC as outlined in the incident response and management handbook(s).
5.3.1 Overview
5.3.1.1 This section establishes requirements for analysis to ensure effective response and support recovery activities.
5.3.2 Incident Analysis Policy
5.3.2.1 The SAISO shall include elements in the Incident Response Plan that provide for analysis of information security incidents as required by section 5.1.2.2c.
5.4.1 Overview
5.4.1.1 This section establishes requirements for activities to be performed to prevent expansion of an event, mitigate its effects, and resolve an event.
5.4.2 Incident Mitigation Policy
5.4.2.1 The SAISO shall include elements that provide for containment and mitigation of information security incidents in the Incident Response Plan required by section 5.1.2.2c.
5.5.1 Overview
5.5.1.1 This section establishes requirements for improvement of response detection and activities.
5.5.2 Incident Response Improvement Policy
5.5.2.1 The SAISO shall incorporate lessons learned from current or prior information security incidents in the Incident Response Plan required by section 5.1.2.2c.
| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | AppendixA | AppendixB | AppendixC | AppendixD | AppendixE | ALL | |
| | NODIS Library | Legal Policies(2000s) | Search | |
This document does not bind the public, except as authorized by law or as incorporated into a contract. This document is uncontrolled when printed. Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct version before use: https://nodis3.gsfc.nasa.gov.