Effective Date: January 03, 2022
Expiration Date: January 03, 2027
|| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | AppendixA | AppendixB | AppendixC | AppendixD | AppendixE | ALL ||
188.8.131.52 This section establishes requirements for processes and procedures to ensure response to an Incident.
184.108.40.206 An incident response and management capability is necessary for rapidly responding to incidents, minimizing loss and destruction, mitigating the weaknesses that were exploited, and restoring computing services. The NASA Security Operations Center (SOC) provides centralized Agency coordination for information security incident management, response preparation, identification, analysis, communication, containment, eradication, recovery, and follow-up activities.
5.1.2 Incident Response Planning Policy
220.127.116.11 The CIO shall allocate resources for a NASA-wide SOC and Incident Response Teams.
18.104.22.168 The SAISO shall:
a. Implement and manage a NASA-wide SOC.
b. Designate an Agency Incident Response Manager for cybersecurity incidents.
c. Develop and maintain a NASA-wide Incident Response Plan, which shall contain processes and procedures for detecting, reporting, analyzing, and responding to information security incidents.
d. Oversee all activities related to incident response and management.
22.214.171.124 The Center CIO shall support information security investigations.
126.96.36.199 The Center CISO shall:
a. Coordinate with the SOC and the Agency Incident Response Manager to assist all incident response efforts and management policies, procedures, investigations, and reporting for all information systems at their Center.
b. Support the SOC and the Agency Incident Response Manager with all incident response tests, training, and exercises for their Center information systems.
188.8.131.52 This section establishes requirements for the communications and coordination elements of a response to an incident.
5.2.2 Incident Communications and Coordination Policy
184.108.40.206 The SAISO shall:
a. Include elements providing for coordination with internal and external stakeholders (e.g., external support from law enforcement agencies) in the incident response plan required by section 220.127.116.11c.
b. Support investigations into information security incidents related to criminal activity, counterintelligence, or counterterrorism.
c. Support investigations into information security incidents initiated by the Office of the General Counsel, the Office of Chief Human Capital Officer, a Center's Office of Human Resources, and a Center's Office of the Chief Counsel.
d. Refer any suspected criminal, counterintelligence, or counterterrorism activity to the OIG and OPS.
e. Ensure that incidents are reported to external agencies as directed by laws and regulations.
18.104.22.168 The Center CISO coordinates between the incident response team and the Center privacy managers regarding breach response and handling of incidents related to sensitive information.
22.214.171.124 The ISO shall:
a. Designate individuals responsible for incident response reporting and management of their information system.
b. Handle incident information in accordance with all data sensitivity requirements.
c. Support information security investigations.
126.96.36.199 The ISSO shall report all suspected or confirmed information security incidents in a timely manner.
188.8.131.52 The NASA User shall report immediately all suspected, or actual, information security incidents to the SOC as outlined in the incident response and management handbook(s).
184.108.40.206 This section establishes requirements for analysis to ensure effective response and support recovery activities.
5.3.2 Incident Analysis Policy
220.127.116.11 The SAISO shall include elements in the Incident Response Plan that provide for analysis of information security incidents as required by section 18.104.22.168c.
22.214.171.124 This section establishes requirements for activities to be performed to prevent expansion of an event, mitigate its effects, and resolve an event.
5.4.2 Incident Mitigation Policy
126.96.36.199 The SAISO shall include elements that provide for containment and mitigation of information security incidents in the Incident Response Plan required by section 188.8.131.52c.
184.108.40.206 This section establishes requirements for improvement of response detection and activities.
5.5.2 Incident Response Improvement Policy
220.127.116.11 The SAISO shall incorporate lessons learned from current or prior information security incidents in the Incident Response Plan required by section 18.104.22.168c.
| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | AppendixA | AppendixB | AppendixC | AppendixD | AppendixE | ALL |
|| NODIS Library | Legal Policies(2000s) | Search ||
This document does not bind the public, except as authorized by law or as incorporated into a contract. This document is uncontrolled when printed. Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct version before use: https://nodis3.gsfc.nasa.gov.