Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

IT contractors must follow NASA security rules

From: William Knowles <wk () C4I ORG>
Date: Mon, 17 Jul 2000 12:10:15 -0500
http://www.fcw.com/fcw/articles/2000/0717/web-nasa-07-17-00.asp

BY Paula Shaki Trimble
07/17/2000

NASA has tightened guidelines for information technology contractors
with a new rule issued July 14 that requires computer systems,
networking and telecommunications contractors to abide by NASA
information security policy directives, procedures and guidelines.

The rule amends the NASA Federal Acquisition Regulation Supplement to
include a requirement for contractors and subcontractors working with
NASA unclassified IT systems. The amendment requires that they take
certain IT security-related actions, document those actions and submit
related reports to NASA. The rule was issued the same week GAO
detailed its criticism and recommendations for NASA and other federal
agency software change controls.

Prior to the rule, NASA contractors had no definitive contractual
requirement to follow NASA-directed policy in safeguarding
unclassified NASA data in computer systems.

Under the rule, NASA contracting and IT officials may require the
contractor to submit for approval a detailed security plan for
unclassified federal IT systems. The plan must outline how IT
resources will be protected from unauthorized access, alteration,
disclosure or misuse of information processed, stored or transmitted.

The plan must also show how the contractor will maintain the
continuity of automated information support for NASA missions; how the
contractor will provide cost-effective assurance of the systems
integrity and accuracy; how the contractor will document and follow a
virus protection program and network intrusion detection and
prevention program for all IT resources under its control.


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: