Not later than 120 days after October 11, 2010, and on a biennial basis thereafter, the chief information officer of NASA, in coordination with other national security agencies, shall provide to the appropriate committees of Congress—
Not later than 120 days after October 11, 2010, and on a biennial basis thereafter, the chief information officer of NASA, in coordination with other national security agencies, shall provide to the appropriate committees of Congress—
(A) an update on efforts to implement a system to provide dynamic, comprehensive, real-time information regarding risk of unauthorized remote, proximity, and insider use or access, for all information infrastructure under the responsibility of the chief information officer, and mission-related networks, including contractor networks;
(B) an assessment of whether the system has demonstrably and quantifiably reduced network risk compared to alternative methods of measuring security; and
(C) an assessment of the progress that each center and facility has made toward implementing the system.
(2) Existing assessments The assessments required of the Inspector General under section 3545 [1] of title 44 shall evaluate the effectiveness of the system described in this subsection.
In consultation with the Department of Education, other national security agencies, and other agency directorates, the chief information officer shall institute an information security awareness and education program for all operators and users of NASA information infrastructure, with the goal of reducing unauthorized remote, proximity, and insider use or access.
(1) In general In consultation with the Department of Education, other national security agencies, and other agency directorates, the chief information officer shall institute an information security awareness and education program for all operators and users of NASA information infrastructure, with the goal of reducing unauthorized remote, proximity, and insider use or access.
The program shall include, at a minimum, ongoing classified and unclassified threat-based briefings, and automated exercises and examinations that simulate common attack techniques.
(A) The program shall include, at a minimum, ongoing classified and unclassified threat-based briefings, and automated exercises and examinations that simulate common attack techniques.
(B) All agency employees and contractors engaged in the operation or use of agency information infrastructure shall participate in the program.
(C) Access to NASA information infrastructure shall only be granted to operators and users who regularly satisfy the requirements of the program.
(D) The chief human capital officer of NASA, in consultation with the chief information officer, shall create a system to reward operators and users of agency information infrastructure for continuous high achievement in the program.
In this section, the term “information infrastructure” means the underlying framework that information systems and assets rely on to process, transmit, receive, or store information electronically, including programmable electronic devices and communications networks and any associated hardware, software, or data.
(Pub. L. 111–267, title XII, § 1207, Oct. 11, 2010, 124 Stat. 2844.)
Copyright ©2024 LegalFix. All rights reserved. LegalFix is not a law firm, is not licensed to practice law, and does not provide legal advice, services, or representation. The information on this website is an overview of the legal plans you can purchase—or that may be provided by your employer as an employee benefit or by your credit union or other membership group as a membership benefit.
LegalFix provides its members with easy access to affordable legal services through a network of independent law firms. LegalFix, its corporate entity, and its officers, directors, employees, agents, and contractors do not provide legal advice, services, or representation—directly or indirectly.
The articles and information on the site are not legal advice and should not be relied upon—they are for information purposes only. You should become a LegalFix member to get legal services from one of our network law firms.
You should not disclose confidential or potentially incriminating information to LegalFix—you should only communicate such information to your network law firm.
The benefits and legal services described in the LegalFix legal plans are not always available in all states or with all plans. See the legal plan Benefit Overview and the more comprehensive legal plan contract during checkout for coverage details in your state.
Use of this website, the purchase of legal plans, and access to the LegalFix networks of law firms are subject to the LegalFix Terms of Service and Privacy Policy.