1 / 17

NASA Device & Software Management Meeting Summary Nov 15, 2018

This document provides highlights from the bi-weekly meeting discussing updates on NASA's Authorized Device and Software Management Initiatives, including important phases, processes, timelines, and action points. It covers topics related to Mobile Device Management, enrollment procedures, and upcoming milestones. The meeting agenda, updates on web content filtering, and important reminders for users are outlined. Key stakeholders, future steps, and communication strategies are also reviewed for effective implementation.

malcolmh
Download Presentation

NASA Device & Software Management Meeting Summary Nov 15, 2018

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Authorized Device and Software Management InitiativesUnauthorized Device & Unauthorized Software Working Group Bi-weekly MeetingNovember 15, 2018 Project Team: Qi’Anne Knox Kazeem Adelakun Shoeb Siraj Code 710

  2. Agenda • Roll Call • Authorized Device (AD) Initiative Phase Updates and Next Steps • Software Management (SM) Initiative Update • Web Content Filter (WCF) Update • Action Request • References

  3. Roll Call

  4. AD: Phase Updates (1) • Phase 1: • Timeline: No earlier than January 2, 2019 (dependent on when GSFC is migrated to Office 365) • Marshall Space Flight Center and Michoud Assembly Facility with more than 8,500 users migrated • Kennedy Space Center will migrate next, starting November 28, 2018 and ending December 6, 2018 • What’s happening? • NASA email access restrictions; remote email controlled • Put controls in place to prohibit ActiveSyncaccess without Mobile Device Management (MDM) • Put controls in place to prohibit Webmail access without MDM or Virtual Private Network (VPN)

  5. AD: Phase Updates (2) • Phase 1 continued: • Mobile Device Management (MDM) enrollment for non-ACES Government Funded Equipment (GFE) or Personally Funded Equipment (PFE) iOS and Android smartphones and tablets (Go-Live Date: November 15, 2018): • O365 early adopters who have connected to NASA email and calendar services with a non-ACES GFE or PFE smartphone or tablet • Targeted communications will be distributed to O365 early adopters who have connected to NASA email and calendar services with a non-ACES GFE or personal smartphone or tablet as soon as possible

  6. AD: MDM Service GFE Process • Enroll non-ACES GFE under NASA’s MDM service: • Submit MDM GFE NAMS request at: https://idmax.nasa.gov/nams/asset/252533 • If you are a NASA Civil Servant, you must select your supervisor as your sponsor/approver • If you are a contractor or non-NASA employee, must select the NASA Civil Servant with authority to allow access as your sponsor/approver • Please select the associated System Security Plan for the non-ACES GFE smartphone or tablet from the drop-down menu list • After receiving NAMS approval, please install MDM from: https://mdr.nasa.gov/ • Please note that a Personal Identity Verification (PIV) smartcard or Agency Smart Badge (ASB) is required to register for MDM • For MDM GFE support, contact the Enterprise Service Desk (ESD) at 877-677-2123, Option 2 or https://esd.nasa.gov

  7. AD: MDM Service PFE Process • Voluntarily enroll PFE under NASA’s MDM service: • Review and accept the MDM PFE User Agreement Terms and Conditions at: https://bit.ly/2zdJzbK • Allow 24-48 hours for the SATERN system to register your acceptance of the Terms of Use with NAMS • Submit MDM PFE NAMS request at: https://idmax.nasa.gov/nams/asset/252534 • If you are a NASA Civil Servant, you must select your supervisor as your sponsor/approver • If you are a contractor or non-NASA employee, must select the NASA Civil Servant with authority to allow access as your sponsor/approver • After receiving NAMS approval, please install MDM from: https://mdr.nasa.gov/ • Please note that a PIV smartcard or ASB is required to register for MDM • MDM PFE support is self-service. Learning material and frequently asked questions are located at: https://aces.ndc.nasa.gov/subnav/mdm.html

  8. AD: Phase Updates • Phase 2: • Timeline: To Be Determined (TBD) and will be discussed more early next calendar year (full compliance targeted for Dec 2019) • Participate in NASA Partner Discussion with the Technical Architecture Lead at Armstrong to discuss current challenges, risks, external authorization requirements/update, etc. as it relates to Phase 2 • Please continue to share use cases • Are there other examples where the VPN requirement can be problematic? • What impact will there be when the BigFix agent is enforced? Who will be impacted? • Partner Categories: Academic, Industry, Non-Profit, Contractor, Corporate, Commercial Space, Government Agency • Agency UD Core Team has an action to get us a schedule/outline • Met with Procurement to discuss the impact

  9. AD: Next Steps • Send targeted communication regarding MDM enrollment for non-ACES GFE and PFE coordinating with OCIO Strategic Communications Committee (OSC2) and 710 reps • Validate NAMS submissions • Continue coordination with O365 Project Team (Agency and Local) • Meet with Landsat 7 on November 16, 2018 • Internal 710 working group meeting November 27, 2018 • Schedule additional stakeholders meetings • Work PIV Exemption user list with Agency Team and relay any additional actions to the working group

  10. AD: Reminders • NASA webmail will no longer be remotely accessible from outside the NASA network, and will require an Agency Badge (PIV or Smart Badge) or RSA Token for authentication • Users will no longer be able to authenticate using username/password except for “PIV Exemption” • Webmail will remain remotely accessible via VPN with an Agency Badge or RSA token • Remote users will no longer be able to access NASA email via the Microsoft Outlook (or compatible) client unless they are connected to the NASA internal network via VPN • Personal Devices are not authorized to connect per UD Policy

  11. SM Initiative: Unauthorized Software • Obtained relational database application to assist with BigFix data analysis to create baseline and develop whitelist • Created field requirements for SharePoint portal • Continue to attend the Agency Software Management Tiger Team meetings where the focus is on licensing currently • Software should be added to a System Security Plan (SSP) for approved use today

  12. SM Initiative: Web Content Filter • Web content currently categorized as “unrated” will be blocked on January 1, 2019 • Briefly conducted an audit of sites previously categorized as “unrated” and several have been recategorized • Can the working group members distribute a spreadsheet of “unrated” sites to directorates and missions with instructions on how to recategorize?

  13. SM Initiative: WCF Re-categorization • Go to the vendor site at: https://fortiguard.com/webfilter • Type the URL in the Search URL textbox and hit Enter • Review the Category • If the category is currently not categorized correctly, click the Request a Review link • Fill out the Web Filter Classification Rating Request • Click Submit

  14. SM Initiative: WCF Re-categorization

  15. SM Initiative: WCF Blocked Categories • Malicious Websites • Phishing • Spam URLs • Domain Parking • Games • Meaningless Content • Advocacy Organizations • Gambling • Marijuana • Nudity and Risque • Other Adult Materials • Pornography • Peer-to-peer File Sharing • Child Abuse • Discrimination • Drug Abuse • Explicit Violence • Extremist Groups • Hacking • Illegal or Unethical • Plagiarism • Proxy Avoidance

  16. GSFC Points of Contact • Please continue to communicate your concerns and suggestions to us, which we will communicate up. • GSFC-IT-Security-Review@mail.nasa.gov • qianne.l.knox@nasa.gov • shoeb.siraj@nasa.gov • kazeem.a.adelakun@nasa.gov • Next meeting is November 29

  17. References • MDM Registration Site: https://mdr.nasa.gov/ • Registration Documents: https://aces.ndc.nasa.gov/subnav/mdm.html • NAMS Workflow (not live): • MDM PFE (ID: 252534) - https://idmax.nasa.gov/nams/asset/252534/017767035 • MDM GFE (ID: 252533) - https://idmax.nasa.gov/nams/asset/252533/017767035 • Agency UD Sites: • NASAs Strategy to Improve Network Security OCIO Site: https://inside.nasa.gov/nasa-s-strategy-improve-network-security • IT Policy Memos: https://inside.nasa.gov/ocio/it-business-management/policy-standards/it-policy-memoranda • O365 Resources: http://inside.nasa.gov/euso/office-365-resources • AD/SM on ITCD Website and SharePoint: • https://itcd.gsfc.nasa.gov/ • https://itcdsp13.gsfc.nasa.gov/sites/security/servicemanagement/Authorized%20Devices%20%20Software%20Management%20Initiative/Home.aspx • Web Content Filter Portal: https://itcdsp13.gsfc.nasa.gov/sites/security/servicemanagement/SitePages/Website Access Requests.aspx

More Related