1 / 11

NASA (GSFC) Security Practices

DRAFT. NASA (GSFC) Security Practices. NOTE: Intent is to provide enough detail to compare & contrast various the various Agency practices in order understand where differences lie and eventually determining how to create standards. AGENDA. Agency Background

anise
Download Presentation

NASA (GSFC) Security Practices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DRAFT NASA (GSFC) Security Practices NOTE: Intent is to provide enough detail to compare & contrast various the various Agency practices in order understand where differences lie and eventually determining how to create standards

  2. AGENDA • Agency Background • Overall Agency Security Policies • Mission Specific Security Practices • Ground segment • Space segment

  3. Types of Mission • Earth, Moon, Mars and beyond • Man • Mercury, Gemini, • Apollo (Moon), • SpaceLab, • Shuttle, • ISS

  4. AGENCY BACKGROUND (Cont) • Unmanned • Earth/Climate science (proving remote sensing) • Polar Orbiting • Terra, Aqua, Aura, ICEsat, LandSat, NPOESS • LEO • TRMM, QuickScat, Sorce, UARS, ERBS, Topex • GeoStationary • GOES • TDRSS • Solar Science • SOHO, SDO, WIND, Polar • Lunar • LRO

  5. Planetary • MRO, Mars Rovers, Cassini, Kepler, Voyager • Deep Space • HST, XTE, MAP, FAST/SWAS, Femmi(GLAST) • Ground Network • WFF, PF, MGS, Hawaii, Mila, Malindi • DSN (Goldstone, Madrid, Canberra) • Commercial (USN, Norway, • Space Network • TDRS-WSC (WSGT/STGT/Guam), • Specialties • TDRSS, DSN, FDF

  6. OVERALL AGENCY SECURITY POLICIES • Physical security • HSPD-12, Personnel Identification Validation (PIV) • NPR 1600.1, NASA Security Program Procedural Requirements (Guards, Badges, Personnel Screening, Keys, Keycards) • NPD 1600.2 NASA Security Policy • NPR 1620.2 Physical Security Vulnerability Risk Assessments • NPR 1620.3 Physical Security Requirements for NASA Facilities and Property • NPD 1660.1 NASA Counterintelligence (CI) Policy • NPR 1660.1, Counterintelligence (CI)/Counterterrorism (CT) Procedural Requirements

  7. Enterprise It Security • Enterprise IT security • Enterprise Architecture • Goddard Directives Management System (GDMS) • Common Badging and Access Control System (CBACS) implements PIV-2 badges) • NASA Account Management System (NAMS) • NASA Application Tracking Tool (NAT) • IdMAX (Validate ID/Personnel Screening) • NASA Operational Messaging & Directory Services (NOMAD) • MAJOR PLANNED NOMAD OUTAGE - April 25 & 26, 2009 (NoMail) • R2D2 • Security Operation Center (SOC) at ARC

  8. Mission systems security practices • Ground segment • NPR 7120.5 (NPR 7120.7 is not mission IT) • NPD 2810 (IT Security Policy Directive) • NPR 2810.1A (IT Security Policy Requirements) • Federal • OMB Circular A-130 Appendix III • FISMA 2002 • Categorization, Risk Assessment, Security Plans, Security Controls (NIST SP 800-53), Information Security Agreements, Plan of Actions & Milestones.

  9. Mission systems security practices • Space segment • GPD 7120.1A GSFC Space Assess Protection Policy • Payload classification (NPR 8705.4) • Center Management shall… (1-3) • Mission Management Shall… (1-7) • Space Protection Systems Mission Office shall, (1-14

  10. MISSION SPECIFIC SECURITY PRACTICES (1) • Ground Segment • Access controls • Role? • Person? • Console? • Security services employed • Confidentiality • Authentication • Integrity • Key management • Network interconnection • Air-gapped? • Interconnected with enterprise?

  11. MISSION SPECIFIC SECURITY PRACTICES (2) • Space Segment • Security services employed: • Confidentiality • Authentication • Integrity • Emergency commanding • Key management • Access controls • Denial of Service protection • Frequency hopping? • Spread spectrum? • Others?

More Related