| NODIS Library | Legal Policies(2000s) | Search |

NASA Ball NASA
Procedural
Requirements
NPR 2810.1F
Effective Date: January 03, 2022
Expiration Date: January 03, 2027
COMPLIANCE IS MANDATORY FOR NASA EMPLOYEES

Subject: Security of Information and Information Systems

Responsible Office: Office of the Chief Information Officer


View all pages in PDF

Table of Contents

Preface

P.1 Purpose
P.2 Applicability
P.3 Authority
P.4 Applicable Documents and Forms
P.5 Measurement/Verification
P.6 Cancellation

Chapter 1. Introduction

1.1 Introduction
1.2 Roles and Responsibilities

Chapter 2. Identify Function

2.1 Asset Management
2.2 Business Environment
2.3 Governance
2.4 Risk Assessment
2.5 Risk Management Strategy
2.6 Supply Chain Risk Management

Chapter 3. Protect Function

3.1 Identity Management and Access Control
3.2 Awareness and Training
3.3 Data Security
3.4 Information Protection Processes and Procedures
3.5 Maintenance
3.6 Protective Technology

Chapter 4. Detect Function

4.1 Anomalies and Events
4.2 Security Continuous Monitoring
4.3 Detection Processes

Chapter 5. Respond Function

5.1 Response Planning
5.2 Communications
5.3 Analysis
5.4 Mitigation
5.5 Improvements

Chapter 6. Recover Function

6.1 Recovery Planning
6.2 Improvements
6.3 Communications

Appendix A Definitions
Appendix B Acronyms
Appendix C Requirements Matrices
Appendix D References
Appendix E Requirements Matrix with respect to system lifecycle


DISTRIBUTION:
NODIS


This document does not bind the public, except as authorized by law or as incorporated into a contract. This document is uncontrolled when printed. Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct version before use: https://nodis3.gsfc.nasa.gov.