Information Resource Management Directive 5000.05 USAP Information Security Architecture



Similar documents
Information Resource Management Directive USAP Information Security Risk Management

Information Resource Management Directive USAP Contingency & Disaster Recovery Program

Information Resource Management Directive USAP Software Management and Protection

United States Antarctic Program Information Resource Management Directive The USAP Information Security Program

FSIS DIRECTIVE

ClOP CHAPTER Departmental Information Technology Governance Policy TABLE OF CONTENTS. Section 39.1

DEPARTMENT OF VETERANS AFFAIRS VA DIRECTIVE 6517 CLOUD COMPUTING SERVICES

PREFACE TO SELECTED INFORMATION DIRECTIVES CHIEF INFORMATION OFFICER MEMORANDUM

UNITED STATES DEPARTMENT OF AGRICULTURE FOOD SAFETY AND INSPECTION SERVICE WASHINGTON, DC INFORMATION SYSTEM CERTIFICATION AND ACCREDITATION (C&A)

Audit of Veterans Health Administration Blood Bank Modernization Project

FDA STAFF MANUAL GUIDES, VOLUME I - ORGANIZATIONS AND FUNCTIONS FOOD AND DRUG ADMINISTRATION OFFICE OF OPERATIONS

5 FAM 670 INFORMATION TECHNOLOGY (IT) PERFORMANCE MEASURES FOR PROJECT MANAGEMENT

EPA Classification No.: CIO P-09.1 CIO Approval Date: 08/06/2012 CIO Transmittal No.: Review Date: 08/06/2015

NASA Information Technology Requirement

COMMAND, CONTROL, COMMUNICATIONS, COMPUTERS AND INFORMATION TECHNOLOGY (C4&IT) INFRASTRUCTURE MANAGEMENT POLICY

5 FAM 620 INFORMATION TECHNOLOGY (IT) PROJECT MANAGEMENT

Information System Rules of Behavior ICT-INST_ USAP Enterprise Information Infrastructure

Strategic Plan Network Optimization & Transport Services

Department of Defense INSTRUCTION

Department of Veterans Affairs VA Directive 6004 CONFIGURATION, CHANGE, AND RELEASE MANAGEMENT PROGRAMS

Minimum Security Requirements for Federal Information and Information Systems

OPM System Development Life Cycle Policy and Standards. Table of Contents

A. This Directive applies throughout DHS, unless exempted by statutory authority.

FAA Cloud Computing Strategy

USAP Medical Program. Michael Montopoli, MD, MPH Head, Office of Polar Environment, Health, and Safety Chief Medical Officer, USAP

BPA Policy Cyber Security Program

IT SYSTEM LIFE-CYCLE AND PROJECT MANAGEMENT

Department of Veterans Affairs VA DIRECTIVE 6510 VA IDENTITY AND ACCESS MANAGEMENT

National Information Assurance Certification and Accreditation Process (NIACAP)

PPM V2.0 Frequently Asked Questions (FAQs) U.S. Department of Housing and Urban Development

Project Type Guide. Project Planning and Management (PPM) V2.0. Custom Development Version 1.1 January PPM Project Type Custom Development

December 8, Security Authorization of Information Systems in Cloud Computing Environments

SLCM Framework (Version ) Roles and Responsibilities As of January 21, 2005

Enterprise Architecture Maturity Model

Department of Defense DIRECTIVE. SUBJECT: Management of the Department of Defense Information Enterprise

2.0 ROLES AND RESPONSIBILITIES

U.S. Department of Energy Washington, D.C.

Standards for Security Categorization of Federal Information and Information Systems

Subject: Information Technology Configuration Management Manual

5 FAM 630 DATA MANAGEMENT POLICY

POSTAL REGULATORY COMMISSION

FISH AND WILDLIFE SERVICE INFORMATION RESOURCES MANAGEMENT. Chapter 7 Information Technology (IT) Security Program 270 FW 7 TABLE OF CONTENTS

HHS OCIO Policy for Information Technology (IT) Enterprise Performance Life Cycle (EPLC)

Department of Veterans Affairs VA Directive 6403 SOFTWARE ASSET MANAGEMENT

INFORMATION DIRECTIVE GUIDANCE GUIDANCE FOR MANUALLY COMPLETING INFORMATION SECURITY AWARENESS TRAINING

Systems Development Life Cycle (SDLC)

Information Security for Managers

DEPARTMENTAL REGULATION

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL

Department of Defense INSTRUCTION. SUBJECT: Information Assurance (IA) in the Defense Acquisition System

CMS POLICY FOR THE INFORMATION SECURITY PROGRAM

Information Technology (IT) Investment Management Insight Policy for Acquisition

Policy on Information Assurance Risk Management for National Security Systems

Enterprise Architecture Glossary by Set

Information Technology

United States Department of Health & Human Services Enterprise Architecture Program Management Office. HHS Enterprise Architecture Governance Plan

AUDIT REPORT. The Energy Information Administration s Information Technology Program

Security Control Standard

United States Secret Service Enterprise Architecture Review Board (EARB) Project Briefing for NAME OF PROJECT

PRIVACY NOTICE. Medical Examination Records for Service in Polar Regions

CMS Policy for Information Technology (IT) Investment Management & Governance

VA Office of Inspector General

SENTINEL AUDIT V: STATUS OF

Manag. Roles. Novemb. ber 20122

NODIS Library Program Formulation(7000s) Search

DEPARTMENT OF VETERANS AFFAIRS VA HANDBOOK INCORPORATING SECURITY AND PRIVACY INTO THE SYSTEM DEVELOPMENT LIFE CYCLE

EPA Classification No.: CIO P-02.1 CIO Approval Date: 08/06/2012 CIO Transmittal No.: Review Date: 08/06/2015

I. Purpose MD #

DIRECTIVE TRANSMITTAL

Information Technology Security Training Requirements APPENDIX A. Appendix A Learning Continuum A-1

The DoD CIO Charter:

Department of Veterans Affairs VA Handbook Information Security Program

U.S. Department of Education. Office of the Chief Information Officer

FDA STAFF MANUAL GUIDES, VOLUME I - ORGANIZATIONS AND FUNCTIONS FOOD AND DRUG ADMINISTRATION OFFICE OF OPERATIONS

PRIVACY IMPACT ASSESSMENT

CIOP CHAPTER Common Operating Environment (COE) Services Management Policy TABLE OF CONTENTS. Section Purpose

Essential Next Steps for the U.S. Government in the Transition to IPv6

SECTION A: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT

National Geospatial Data Policy Procedure for Geospatial Metadata Management

IBM Maximo for Aviation

NASA OFFICE OF INSPECTOR GENERAL

Lots of Updates! Where do we start?

RMF. Cybersecurity and the Risk Management. Framework UNCLASSIFIED

GOVERNMENT USE OF MOBILE TECHNOLOGY

SECTION C: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT Article C.1 Introduction This contract is intended to provide IT solutions and services as

Transcription:

The National Science Foundation Polar Programs United States Antarctic Program Information Resource Management Directive 5000.05 USAP Information Security Architecture Organizational Function Information Resource Management Policy Number Issue Date 5000.05 1 August 2004 Policy Category Subject Office of Primary Responsibility Information Security Policies and Instructions Information Security Architecture National Science Foundation Geosciences Directorate Division of Polar Programs Antarctic Infrastructure & Logistics Effective Date Updated Authorized By Responsible Official 1 August 2004 11 May 2013 Section Head, NSF/GEO/PLR/AIL Primary Responsibility: Mr. Patrick D. Smith Technology Development Manager Address Distribution Online Publication Suite 755 4201 Wilson Blvd Arlington, VA 22230 USAP-Wide http://www.usap.gov/technology/contenthandler.cfm?id=1563 Phone Fax Web Status Security Responsibility: Ms. Desari Mattox USAP Information Security Manager 703.292.8032 703.292.9080 http://www.nsf.gov/div/index.jsp?div=plr Final Policy 1. PURPOSE This directive establishes the requirement for an Information Security Architecture (ISA) for information systems supporting the National Science Foundation (NSF), Geosciences Directorate (GEO), Polar Programs (PLR), United States Antarctic Program (USAP). The ISA will provide the USAP with the instructions to implement information security principles and practices. The ISA uses standards to align policies and procedures with technologies and tools in support of USAP business processes. The ISA is an integral element of the larger Enterprise Information Architecture (EA). Page 1

2. BACKGROUND Federal information technology guidance in OMB Circular A-130 requires NSF to establish an EA. An ISA that applies industry standards to meet business requirements is an integral component of the EA. NSF PLR has established the USAP EA as a strategic component of USAP information systems management, and assigned responsibility for the EA to its prime contractor also known as Antarctic Support Contractor (ASC). 3. GUIDING PRINCIPLES The ISA will be aligned with USAP enterprise objectives for the use and protection of information and information resources integral to USAP business processes. The ISA will be integrated within the USAP EA, which will establish the framework for information systems development and operation in support of USAP enterprise business processes. The ISA will adapt industry standards and best practices for information security to USAP science and operations needs. The USAP ISA will align with the NSF ISA where practicable. Variations from the NSF architecture to support USAP mission needs will be coordinated with the NSF Chief Information Officer (CIO). 4. POLICY The USAP Information Security Manager (ISM) will create and maintain an ISA as part of the larger USAP EA. 4.1 Operational Definitions 4.1.1 Information Security Architecture (ISA) A component of the EA. The ISA provides the structure for implementing enterprisewide information security. It defines the information security standards to which the enterprise must adhere as the information architecture evolves. 4.1.2 Information System An information system is any interconnected system or subsystem of equipment used to automatically acquire, store, manipulate, manage, move, control, display, switch, interchange, transmit, or receives information. 4.2 Information Security Architecture The ISM will create and maintain an ISA that is aligned with, and a component of, the USAP EA, and is based on guidance contained in the NSF ISA. The ISA will examine the information security aspects of USAP business processes and the information required to support those processes. The ISA will also examine issues related to the management of sensitive information as categorized using Information Resource Management Directive 5000.03, Information Categorization. Page 2

4.3 USAP Information Resources All USAP information resources will adhere to the standards identified in the USAP ISA. 4.4 New Information Systems New information systems proposed for development or acquisition will incorporate the standards identified in the USAP ISA. 4.5 Commercial Off-The-Shelf Applications Commercial off-the-shelf (COTS) applications will be evaluated to assess their compliance with USAP EA standards. 4.6 Legacy USAP Information Systems Legacy USAP information systems will be evaluated against the standards of the ISA to determine if a variance exists. Based on the evaluation, NSF PLR will determine a course of action to bring the legacy system into compliance with the architecture, or to approve an exception to the architecture for the legacy system until such time that a replacement system can be developed or acquired. 4.7 Non-USAP Systems Non-USAP systems, as defined in Information Resource Management Directive 5000.17, Non-USAP Systems, must adhere to the guidance of the ISA while they are connected to the USAP information infrastructure. 4.8 Science Grant Information Systems Information systems employed within a science grant project that are managed by the grant team. These systems are typically procured using NSF grant funds, or funds from the sponsoring institution. For the purposes of the USAP, these systems are typically considered non-usap systems. Science grant systems will adhere to the USAP EA, unless granted a waiver by NSF PLR. 4.9 Evaluation of USAP Infrastructure The ISM will work with the USAP Information Technology (IT) Architects to assess the current infrastructure and identify issues related to its support of enterprise business processes. 5. APPLICABILITY AND COMPLIANCE This policy applies to all information resources, systems, and technology and to all users of these resources, systems and technology within the USAP operating environment or connected to the USAP information infrastructure. Compliance with this policy is as indicated in USAP Information Resource Management Directive 5000.01, The USAP Information Security Program. Page 3

6. RESPONSIBILITIES 6.1 NSF Antarctic Infrastructure & Logistics (AIL) Technology Manager The NSF AIL Technology Manager orchestrates the development of the Enterprise Information Architecture and the component Information Security Architecture. 6.2 USAP Information Security Manager The USAP ISM directs the activities related to the development of the ISA, and coordinates those activities with the USAP IT Architects. 6.3 USAP Information Technology Architects The USAP IT Architects ensure information security principles and policies are included at all levels of the USAP EA, and in all information systems deployed in support of USAP mission needs. 7. IMPLEMENTATION 7.1 Information Security Architecture The ISM will implement this policy by creating and maintaining an ISA document, and updating that document, as the business needs change. 8. AUTHORITY This directive is published in conformance with the authority of the National Science Foundation Act of 1950, as amended and extended, the Federal Information Security Management Act of 2002, and NSF guidance. Brian Stone Section Head, NSF/GEO/PLR/AIL Page 4

REVISION/CHANGE RECORD Pages Date Version Author/Reviewer Reason for Change All 6/9/2011 1.0 Matthew Rogers All 5/3/2012 2.0 Alex Jerasa All 5/11/2013 3.0 Desari Mattox Verified alignment with NIST Special Publication 800-53 Revision 2. Changed ISM name. Updated key contacts and conducted FY12 review Updated OPP and AIL titles to align with NSF re- organization & Verify alignment with NIST SP 800-53 rev 3. Page 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information