NASA IT Security Division

Overview
The NASA IT Security (ITS) Division within the Office of the Chief Information Officer strategically manages Agency-wide security projects to correct known vulnerabilities, reduce barriers to cross-Center collaboration, and provide cost-effective IT security services in support of NASA's systems and e-Gov initiatives. The ITS Division ensures that information technology security across NASA meets confidentiality, integrity and availability objectives for data and information to include disaster recovery and continuity of operations for systems. The ITS Division develops and maintains an information security program that ensures consistent security policy, indentifies and implements risk-based security controls, and tracks security metrics to gauge compliance and effectiveness. The function is responsible for performing audits and reviews to assess compliance with security and privacy policies and procedures.

Publications
Publications from the NASA IT Security (ITS) Division that are relevant to the subject matter of this Wiki include:


 * NASA Policy Directives (NPD) and NASA Procedural Requirements (NPR) (showing effective date)


 * NPR 1382.1	NASA Privacy Procedural Requirements (Aug. 10, 2007).
 * NPD 1382.17H	NASA Privacy Policy (Aug. 24, 2009)
 * NPD 1440.6H	NASA Records Management (Mar. 24, 2008).
 * NPR 1441.1D	NASA Records Retention Schedules (w/Change 4, 1/31/08) (Feb. 24, 2003).
 * NPD 2540.1G 	Personal Use of Government Office Equipment Including Information Technology (June 8, 2010).
 * NPD 2800.1B	Managing Information Technology (Mar. 20, 2009).
 * NPR 2800.1B 	Managing Information Technology (w/Change 1, 9/17/04) (Sept. 17, 1998).
 * NPD 2810.1D	NASA Information Security Policy (Apr. 9, 2009).
 * NPR 2810.1A	Security of Information Technology (Revalidated with Change 1, dated May 19, 2011) (May 16, 2006).
 * NPD 2830.1	NASA Enterprise Architecture (Dec. 16, 2005).
 * NPR 2830.1	NASA Enterprise Architecture Procedures (Feb. 9, 2006).
 * NPR 7120.7	NASA Information Technology and Institutional Infrastructure Program and Project Management Requirements (Nov. 3, 2008).
 * NPR 2841.1	Identity, Credential, and Access Management (Jan. 6, 2016).


 * NASA Interim Directives (NID)

NM2810-64	NASA Interim Directive: Information Technology Security and Efficiency Requirements	May 22, 2008 show NASA Interim Technical Requirements (NITR) Document	Subject	Effective Date NITR 2800_2	Email Services and Email Forwarding 	Sep 18, 2009 NITR 2800_1	NASA Information Technology Waiver Requirements and Procedures	Aug 13, 2009 NITR-2830-1B	Networks in NASA IP Space or NASA Physical Space	Feb 12, 2009 NITR 1382_2	NASA Rules and Consequences to Safeguarding PII, with Change 1, dated 02/04/2008	Jan 28, 2008 show IT Security Handbooks (ITS-HBK) Document	Subject	Effective Date ITS-HBK-2810.0001A 	Format and Procedures for an IT Security Handbook 	Mar 29, 2011 ITS-HBK-2810.0002 	Roles and Responsibilities Crosswalk 	Jan 3, 2012 ITS-HBK-2810.0201 	Security Assessment and Authorization 	May 6, 2011 ITS-HBK-2810.0202	Security Assessment and Authorization: FIPS 199 Moderate & High Systems 	Oct 24, 2012 ITS-HBK-2810.0203	Security Assessment and Authorization: FIPS 199 Low Systems	Oct 24, 2012 ITS-HBK-2810.0204	Security Assessment and Authorization: Continuous Monitoring – Annual Security Control Assessments	Oct 24, 2012 ITS-HBK-2810.0205	Security Assessment and Authorization: External Information Systems	Oct 24, 2012 ITS-HBK-2810.0206	Security Assessment and Authorization: Extending and Information Systems Authorization to Operate Process and Templates	Oct 24, 2012 ITS-HBK-2810.0207	Security Assessment and Authorization: Information System Security Plan Numbering Schema	Nov 10, 2010 ITS-HBK-2810.0208	Security Assessment and Authorization: Plan of Action and Milestones (POA&M) 	Aug 21, 2012 ITS-HBK-2810.0301 	Planning 	May 6, 2011 ITS-HBK-2810.0302	Planning: Information System Security Plan Template, Requirements, Guidance and Examples 	Feb 9, 2011 ITS-HBK-2810.0401A 	Risk Assessment: Security Categorization, Risk Assessment, Vulnerability Scanning, Expedited Patching, & Organizationally Defined Values 	October 12, 2012 ITS-HBK-2810.0402	Risk Assessment: Procedures for Information System Security Penetration Testing and Rules of Engagement 	Feb 11, 2011 ITS-HBK-2810.0501 	Systems and Service Acquisition 	Nov 21, 2011 ITS-HBK-2810.0601 	Awareness and Training 	May 6, 2011 ITS-HBK-2810.0701 	Configuration Management 	May 6, 2011 ITS-HBK-2810.0801 	Contingency Planning 	Apr 26, 2012 ITS-HBK-2810.0802	Contingency Planning: Guidance and Templates for Plan Development, Maintenance, and Test 	Feb 11, 2011 ITS-HBK-2810.0901 	Incident Response and Management 	May 6, 2011 ITS-HBK-2810.0902 	NASA Information Security Incident Management 	Aug 24, 2011 ITS-HBK-2810.0903 	Targeted Collection of Electronic Data 	Aug 24, 2011 ITS-HBK-2810.1001 	Maintenance 	May 6, 2011 ITS-HBK-2810.1101 	Media Protection 	Jul 13, 2012 ITS-HBK-2810.1102 	Media Protection: Digital Media Sanitization 	Jul 13, 2012 ITS-HBK-2810.1201 	Physical and Environmental Protection 	May 6, 2011 ITS-HBK-2810.1301 	Personnel Security 	May 6, 2011 ITS-HBK-2810.1401 	System and Information Integrity 	May 6, 2011 ITS-HBK-2810.1501 	Access Control 	Sep 4, 2012 ITS-HBK-2810.1502A 	Access Control: Elevated Privileges (EP) 	Jan 3, 2012 ITS-HBK-2810.1601 	Audit and Accountability 	May 6, 2011 ITS-HBK-2810.1701 	Identification and Authentication 	May 6, 2011 ITS-HBK-2810.1801 	System and Communications Protection 	May 6, 2011