Update on NASA IT Security Requirements

[Rodney Petersen <rpetersen () EDUCAUSE EDU>]

I have recently received some inquiries regarding NASA IT Security
Requirements that have been discussed in a number of venues.  Below is
an update.

The NASA requirements currently apply to "contracts" not "grants".
Below are two references with more information about the requirements
for the IT security clause in NASA contracts:

02-04 Procurement Information Circular (February 19, 2002)
SECURITY REQUIREMENTS FOR UNCLASSIFIED INFORMATION TECHNOLOGY (IT) RESOURCES
http://www.hq.nasa.gov/office/procurement/regs/pic02-04.html

IT Security Clause Implementation:  List of Feed Back Items, FAQ, and
Additional Guidance
http://ec.msfc.nasa.gov/hq/library/IT_Security_FAQ.html

However, note that the FAQ states that "guidance will be forthcoming
that will require some IT Security to apply to Grants . . . and
Cooperative Agreements."  On December 19, 2002, NASA included the
requirement in "Cooperative Agreements with Commercial Firms" - see
http://ec.msfc.nasa.gov/hq/grantd.html#1274937  I had also heard before
the holidays that NASA indicated it would be extending the IT security
requirements to "grants" and "cooperative agreements" with higher
education, hospitals, and other non-profit organizations.   I am trying
to run down a reference or more information.

Please let me know if you have any further questions.

Rodney Petersen
Security Task Force Coordinator

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.