| NODIS Library | Organization and Administration(1000s) | Search |

NASA Ball NASA
Policy
Directive
NPD 1600.9A
Effective Date: September 03, 2021
Expiration Date: September 03, 2026
COMPLIANCE IS MANDATORY FOR NASA EMPLOYEES
Printable Format (PDF)

Subject: NASA Insider Threat Program

Responsible Office: Office of Protective Services


1. POLICY

a. This NASA Policy Directive (NPD) establishes and maintains the requirement in Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information, Executive Order (E.O.) 13587, 76 Fed. Reg. 198 (Oct.13, 2011), to implement an insider threat detection and prevention program. It is NASA policy to deter, detect, and mitigate the risk of a trusted insider who may represent a threat to national security in accordance with the National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs. These threats encompass potential espionage, violent acts against the Government or the Nation, and unauthorized disclosure of classified information. A comprehensive insider threat program is essential to the safety and security of our NASA employees, contractors, property, infrastructure, and information. NASA's program will strengthen the protection of personnel, information, and resources.

b. The NASA Insider Threat Program is fundamentally supported by stakeholder information and ultimately relies on stakeholder's inherent authority to mitigate insider threats. Stakeholders in the NASA Insider Threat Program are Office of Protective Services (OPS) entities (Counterintelligence and Security), Office of the Chief Information Officer (OCIO), Office of the Chief Human Capital Officer (OCHCO), Office of the Chief Financial Officer (OCFO), and Office of the Inspector General (OIG). Additionally, the NASA Insider Threat Program policies and procedures are closely coordinated with the Office of General Counsel (OGC) to include appropriate protections for privacy, civil rights, and civil liberties.

2. APPLICABILITY

a. This directive is applicable to NASA Headquarters and NASA Centers, including Component Facilities and Technical and Service Support Centers. This language applies to the Jet Propulsion Laboratory (a Federally Funded Research and Development Center), other contractors, recipients of grants, cooperative agreements, or other agreements only to the extent specified or referenced in the applicable contracts, grants, or agreements. b. Nothing in this directive limits the authorities of the OIG under the Inspector General Act of 1978, as amended. c. In this directive, all mandatory actions (i.e., requirements) are denoted by statements containing the term "shall." The terms "may" denotes a discretionary privilege or permission, "can" denotes statements of possibility or capability, "should" denotes a good practice and is recommended, but not required, "will" denotes expected outcome, and "are/is" denotes descriptive material. d. In this directive, all document citations are assumed to be the latest version unless otherwise noted.

3. AUTHORITY

a. National Aeronautics and Space Act, 51 U.S.C. § 20132.

b. Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information, E.O. 13587, 76 Fed. Reg. 198 (Oct. 13, 2011).

c. Presidential Memorandum, National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs, November 21, 2012.

d. Space Policy Directive - 5, Cybersecurity Principles for Space Systems, 85 Fed. Reg. 56155 (September 10, 2020).

4. APPLICABLE DOCUMENTS AND FORMS

a. Coordination of Counterintelligence Activities, 50 U.S.C § 3381.

b. Classified National Security Information, E.O. 13526, 75 Fed. Reg. 707 (Jan. 5, 2010).

c. National Aeronautics and Space Administration, 5 CFR § 6901.103.

d. NPD 1440.6, NASA Records Management.

e. NPD 1900.9, Ethics Program Management.

f. NPR 1660.1, NASA Counterintelligence and Counterterrorism Policy.

g. NRRS 1441.1, NASA Records Retention Schedule.

5. RESPONSIBILITY

a. The Assistant Administrator for Protective Services (AA, OPS) as the NASA Insider Threat Senior Official, and is principally responsible for establishing a process to gather, integrate, centrally analyze, and respond to OPS entities (Counterintelligence and Security), OCIO, OCHCO, OIG, and any other relevant information indicative of a potential insider threat. The AA, OPS, as the NASA Insider Threat Senior Official shall:

(1) Provide overall management and oversight of the NASA Insider Threat Program and provide resource recommendations to the Administrator.

(2) Maintain a comprehensive NASA Insider Threat Program policy.

(3) Provide an annual report to the Administrator regarding progress and/or status of the NASA Insider Threat Program and contain, at a minimum, annual accomplishments, resources allocated, insider risks to NASA, recommendations and goals for program improvement, and major impediments or challenges.

(4) Ensure the NASA Insider Threat Program is developed and implemented, in consultation with the OGC and civil liberties and privacy officials, so that all insider threat program activities to include training are conducted in accordance with applicable laws, whistleblower protections, and civil liberties and privacy policies.

(5) Establish oversight mechanisms or procedures to ensure proper handling and use of records and data and ensure that access to such records and data is restricted to insider threat personnel who require the information to perform their authorized functions.

(6) Ensure the establishment of guidelines and procedures for the retention of records and documents necessary to complete assessments required by E.O. 13587.

(7) Facilitate oversight reviews by cleared officials designated by the Administrator to ensure compliance with insider threat policy guidelines, as well as applicable legal, privacy, and civil liberty protections.

(8) Build and maintain an insider threat analysis and response capability to manually and/or electronically gather, integrate, review, assess, and respond to information derived from OPS entities, OCIO, OCHCO, OIG, the monitoring of user activity, and other sources and methods as necessary and appropriate.

(9) Establish procedures for insider threat response action(s), such as inquiries, to clarify or resolve insider threat matters while ensuring that such response action(s) are centrally managed by the NASA Insider Threat Program.

(10) Develop guidelines and procedures for documenting each insider threat matter reported and response action(s) taken and ensure the timely resolution of each matter.

(11) Ensure personnel assigned to the NASA Insider Threat Program are fully trained in:

(a) Counterintelligence and security fundamentals to include legal issues;

(b) NASA procedures for conducting insider threat response action(s);

(c) Applicable laws and regulations regarding the gathering, integration, retention, safeguarding, and use of records and data, including the consequences of misuse of such information;

(d) Applicable civil liberties and privacy laws, regulations, and policies;

(e) Investigative referral requirements per 50 U.S.C § 3381 (also known as 811 referrals), as well as other policy or statutory requirements that require referrals to an internal entity, such as a security office or OIG, or external investigative entities such as the Federal Bureau of Investigation, the Department of Justice, or military investigative services. NASA 811 referrals are conducted in accordance with NPR 1660.1.

(12) Establish procedures for access requests by the NASA Insider Threat Program involving particularly sensitive or protected information, such as information held by special access, law enforcement, inspector general, or other investigative sources or programs, which may require that access be obtained upon request of the senior official.

(13) Establish reporting guidelines for OPS entities, OCIO, OCHCO, OIG, and other relevant organizational components to refer relevant insider threat information directly to the NASA Insider Threat Program.

(14) Ensure the NASA Insider Threat Program has timely access, as otherwise permitted, to available United States Government intelligence and counterintelligence reporting information and analytic products pertaining to adversarial threats.

(15) Ensure the technical capability, subject to appropriate approvals, to monitor user activity on all classified networks in order to detect activity indicative of insider threat behavior.

(16) Develop policies and procedures for properly protecting, interpreting, storing, and limiting access to user activity monitoring methods and results to authorized personnel.

(17) Ensure agreements are signed, either physically or electronically, by all cleared employees acknowledging that their activity on any NASA classified or unclassified network, to include portable electronic devices, is subject to monitoring and could be used against them in a criminal, security, or administrative proceeding.

(18) Ensure the use of classified and unclassified network banners to inform users that their activity on the network is being monitored for lawful United States Government authorized purposes and that unlawful or improper use of the computer can result in criminal or administrative actions against the user.

(19) Provide insider threat awareness training, either in person or computer-based, to all cleared employees within 30-days of initial employment, entry on duty (EOD), and annually thereafter. Training shall address current and potential threats in the work and personal environment and include, at a minimum, the following topics:

(a) The importance of detecting insider threats by employees and reporting suspicious activity to insider threat personnel or other designated officials.

(b) Methodologies of adversaries to recruit trusted insiders and collect classified information.

(c) Indicators of insider threat behavior and procedures to report such behavior; and

(d) Counterintelligence and security reporting requirements, as applicable.

(20) Verify that all cleared employees have completed the required insider threat awareness training.

(21) Establish and promote an internal network site accessible to all employees to provide insider threat reference material, including indicators of insider threat behavior, applicable reporting requirements and procedures, and provide a secure electronic means of reporting matters to the NASA Insider Threat Program.

(22) Appoint an Insider Threat Program Manager to provide day-to-day oversight, management, and long-term development of the NASA Insider Threat Program.

b. The OPS entities (Counterintelligence and Security) shall securely provide the NASA Insider Threat Program regular, timely, and, if possible, electronic access to the information necessary to identify, analyze, and resolve insider threat matters. Such access and information includes all relevant databases and files to include, but not limited to, personnel security files, polygraph examination reports, facility access records, security violation files, travel records, foreign contact reports, and financial disclosure filings.

c. The OCIO shall securely provide the NASA Insider Threat Program regular, timely, and, if possible, electronic access to the information necessary to identify, analyze, and resolve insider threat matters. Such access and information includes all relevant unclassified and classified network information generated by OCIO elements to include, but not limited to, personnel usernames and aliases, levels of network access, audit data, unauthorized use of removable media, print logs, and other data needed for clarification or resolution of an insider threat concern.

d. The OCHCO, OCFO, and OGC shall securely provide the NASA Insider Threat Program regular, timely, and, if possible, electronic access to the information necessary to identify, analyze, and resolve insider threat matters. Such access and information include all relevant:

(1) OCHCO databases and files to include, but not limited to, personnel files, disciplinary files, and personal contact records, as may be necessary for resolving or clarifying insider threat matters.

(2) OCFO databases and files to include, but not limited to, payroll and voucher files, as may be necessary for resolving or clarifying insider threat matters.

(3) OGC Ethics Program records determined by an applicable Agency designee under NPD 1900.9, Ethics Program Management to be necessary to resolve or clarify an insider threat matter, including but not limited to financial disclosure and outside work and activities requests pursuant to

5 CFR § 6901.103, wherever maintained.

e. The OIG shall regularly assess its investigative findings for information of relevance to NASA's Insider Threat Program and will share relevant, substantiated derogatory information with the Insider Threat Program in as timely a manner as possible, consistent with the OIG's other legal responsibilities regarding the maintenance and dissemination of investigative information.

f. The NASA Insider Threat Program Manager shall:

(1) Provide oversight and management of day-to-day operations and long- term development of the NASA Insider Threat Program.

(2) Maintain NASA Insider Threat Program records in accordance with NPD 1440.6, NASA Records Management and NRRS 1441.1, NASA Records Retention Schedule.

(3) Establish tactics, techniques, and procedures for OPS Intelligence Division (which manages NASA classified networks) to monitor classified networks for indicators of potential insider threat activity.

(4) Serve as Agency liaison to the National Insider Threat Task Force (NITTF) and other Federal insider threat organizations.

(5) Work closely with the OPS staff for budget formulation and budget submission for the NASA Insider Threat Program.

g. Center Directors shall be responsible for Center support in compliance with the provisions set forth in this policy directive.

h. Center, Chiefs of Protective Services shall:

(1) Serve as the Center Insider Threat functional lead to assist in the coordination of insider threat activities in coordination with the AA, OPS and/or the NASA Insider Threat Program Manager.

(2) Ensure Center security specialists conduct the additional administrative requirements as required by the NASA Insider Threat Program as directed by the National Insider Threat Policy.

(3) Immediately report any Center insider threat activity to the NASA Insider Threat Program Manager.

i. Supervisors, leads, or any other employees, detailees, and contractors assigned or detailed to NASA shall not obstruct or impede any employee, detailee, or contractor from reporting a contact, activity, indicator, or behavior of potential insider threat.

j. All employees, detailees, and contractors assigned or detailed to NASA will:

(1) Comply with the requirements of all current and applicable Federal laws, rules, regulations, and NASA policies concerning the responsible sharing and safeguarding of classified national security information

(CNSI) as required by E.O. 13526.

(2) Report to the NASA Insider Threat Program all contacts, activities, indicators, or behaviors of potential insider threat that they observe or gain knowledge of which could adversely affect the responsible sharing and safeguarding of CNSI.

(3) Not intentionally report a false or fabricated contact, activity, indicator, or behavior, which could adversely affect the responsible sharing and safeguarding of CNSI and may be subject to disciplinary or administrative action for doing so.

6. DELEGATION OF AUTHORITY

None.

7. MEASUREMENTS

a. The NASA Senior Agency Official for Insider Threat is also required to conduct annual self-assessments of the insider threat program using standards developed by the NITTF.

b. In addition, the NITTF conducts periodic assessments of the NASA insider threat program to assess compliance with national policies.

8. CANCELLATION

NPD 1600.9, NASA Insider Threat Program dated October 21, 2014.


/s/ Bill Nelson
Administrator



ATTACHMENT A: Definitions

Classified National Security Information (CNSI): Information that has been determined pursuant to E.O. 13526 or any predecessor order to require protection against unauthorized disclosure and is marked to indicate its classified status when in documentary form.

Classified Network: Any system (including any telecommunications system) used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency—(i) the function, operation, or use of which involves intelligence activities; involves cryptologic activities related to national security; involves command and control of military forces; involves equipment that is an integral part of a weapon or weapons system; or is critical to the direct fulfillment of military or intelligence missions (excluding a system that is to be used for routine administrative and business applications, for example, payroll, finance, logistics, and personnel management applications); or (ii) is protected at all times by procedures established for information that have been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy.

Cleared Employee: A person who has been granted access to classified information, other than the President and Vice President, employed by, detailed, or assigned to a department or agency, including members of the armed forces; an expert or consultant for a department or agency; an industrial or commercial contractor, licensee, certificate holder, or grantee of a department or agency including all subcontractors; a personal services contractor; or any other category of person who acts for or on behalf of a department or agency as determined by the appropriate department or agency head.

Counterintelligence (CI): Information gathered and activities conducted to identify, deceive, exploit, disrupt, or protect against espionage, other intelligence activities, sabotage, or assassinations conducted by or on behalf of foreign governments or elements thereof, foreign organizations, or foreign persons or their agents or international terrorist organizations or activities.

Insider Threat: The threat that an insider will use his/her authorized access, wittingly or unwittingly, to do harm to the security of the United States. This threat can include damage to the United States through espionage, terrorism, unauthorized disclosure of national security information, or through the loss or degradation of departmental resources or capabilities.

Insider Threat Response Action(s): Activities to ascertain whether certain matters or information indicates the presence of an insider threat, as well as activities to mitigate the threat. The inquiry or investigation can be conducted under the auspices of counterintelligence, security, law enforcement, or the Office of the Inspector General, depending on statutory authority and internal policies governing the conduct of such activity in each agency. The NASA Inquiries Hub coordinates this.

National Insider Threat Task Force (NITTF): In October 2011, the President issued E.O. 13587 establishing the [National] Insider Threat Task Force (NITTF) under joint leadership of the Attorney General and the Director of National Intelligence. The President directed Federal departments and agencies with access to classified information to establish insider threat detection and prevention programs and the NITTF to assist agencies in developing and implementing these programs.

Safeguarding: Measures and controls that are prescribed to protect CNSI from unauthorized access and to manage the risks associated with processing, storage, handling, transmission, and destruction of CNSI.

Unauthorized Disclosure: A communication, confirmation, acknowledgement, or physical transfer of CNSI including the facilitation of, or actual giving, passing, selling, publishing, or in any way making such information available to an unauthorized recipient.

Unclassified Network: Any information technology, equipment, or interconnected system or subsystem of equipment that is authorized to process, transmit, receive, or interchange controlled unclassified information or data as defined in E.O.13556.

APPENDIX B: Acronyms

AA - Assistant Administrator

CI - Counterintelligence

CNSI - Classified National Security Information

E.O. - Executive Order

EOD - Entry on Duty

FBI - Federal Bureau of Investigation

HQ - Headquarters

NITTF - National Insider Threat Task Force

NPD - NASA Policy Directive

OCFO - Office of the Chief Financial Officer

OCHCO - Office of the Chief Human Capital Officer

OCIO - Office of the Chief Information Officer

OGC - Office of General Counsel

OIG - Office of the Inspector General

OPS - Office of Protective Services

(URL for Graphic)

None.

DISTRIBUTION:
NODIS


This document does not bind the public, except as authorized by law or as incorporated into a contract. This document is uncontrolled when printed. Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct version before use: https://nodis3.gsfc.nasa.gov.