Disclaimer: The following material is being kept online for archival purposes.

Although accurate at the time of publication, it is no longer being updated. The page may contain broken links or outdated information, and parts may not function in current web browsers.

DO YOU KNOW WHERE YOUR IT SECURITY PLAN IS?

 

There is a new NASA directive that all operating missions review their security plans (also referred to as backup and recovery plans) and, in particular, their Information Technology (IT) security plans.  Some of you that have contracts have already been contacted by the contract office regarding a requirement to have an “IT security” plan on file with their office. 

 

The joint Polar, Wind and Geotail operations office is taking care of most of the requirements.  One item that WE must take care of is the IT security for the operation of our instruments and for our RDAFs.

 

IT security is something we’re all familiar with and, even if not on paper,  we all have security plans in place.  Regular backups of our computer systems, documentation of key software and procedures, and the ability of a backup team member to command the instrument when the primary instrument scientist is unavailable are all examples.  For the most part however, we’ve only been concerned with how to handle the failure of discrete computer components or what to do when the instrument scientist goes on vacation.  The new directive asks that we consider new levels of “threat” within our plan and to have the plan in a form that can be accessed by those outside of your immediate team. 

 

We ask that you review your IT security plan, update it to reflect the handling of the additional levels of potential threat, and send an electronic copy of your plan to Barbara Giles with a copy to Robert Hoffman.  We would like to have this document in place by February 15.

 

We intend to help each instrument team get this done in as simple a manner as possible and to submit the plans to all those who need it.  We have written sample plans, which use different approaches, for TIDE/PSI and IMAGE/LENA and have had them reviewed by those at GSFC with the responsibility to oversee this effort (see http://tide.gsfc.nasa.gov/studies/POLAR/IT_security/).  Hopefully you’ll find that using one of these as a template will make producing a similar document for your instrument a simple task.

Above is background material for archival reference only.

NASA Logo, National Aeronautics and Space Administration
NASA Official: Adam Szabo

Curators: Robert Candey, Alex Young, Tamara Kovalick

NASA Privacy, Security, Notices