This document is uncontrolled when printed. Before use, check the Master List to verify that this is the current version. Compliance is mandatory.



Similar documents
NASA Information Technology Requirement

Ames Consolidated Information Technology Services (A-CITS) Statement of Work

IT Networking and Security

Instructions for Completing the. NOAALink Worksheet

IT SECURITY EDUCATION AWARENESS TRAINING POLICY OCIO TABLE OF CONTENTS

Appendix 10 IT Security Implementation Guide. For. Information Management and Communication Support (IMCS)

IT Networking and Security

Client Security Risk Assessment Questionnaire

FISH AND WILDLIFE SERVICE INFORMATION RESOURCES MANAGEMENT. Chapter 7 Information Technology (IT) Security Program 270 FW 7 TABLE OF CONTENTS

PDS (The Planetary Data System) Information Technology Security Plan for The Planetary Data System: [Node Name]

Solutions and IT services for Oil-Gas & Energy markets

IT Security Handbook. Incident Response and Management: Targeted Collection of Electronic Data

Core Data Service 2015 IT Domain Definition Change Overview

CIO-SP3 Service areas NIH Chief Information Officers-Solutions & Partners

ARC Outreach on HSPD 12 and Mandatory Use of ODIN

SECTION C: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT

HHSN W 1 QSSI - Quality Software Services, Inc

Dryden Centerwide Procedure (DCP) Code SQ. Government Industry Data Exchange Program (GIDEP) Alert / NASA Advisory Process

FSIS DIRECTIVE

Task Area 1: IT Services for Biomedical Research, Health Sciences, and Healthcare

SECTION A: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT

SECTION C: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT Article C.1 Introduction This contract is intended to provide IT solutions and services as

Network Infrastructure - General Support System (NI-GSS) Privacy Impact Assessment (PIA)

SCHOOL DISTRICT OF MARION COUNTY JOB CLASSIFICATION DESCRIPTION LEVEL/POSITION: COMPUTER NETWORK SPECIALIST 4.78

Network Security: Policies and Guidelines for Effective Network Management

PREFACE TO SELECTED INFORMATION DIRECTIVES CHIEF INFORMATION OFFICER MEMORANDUM

Department of Defense INSTRUCTION. SUBJECT: Information Assurance (IA) in the Defense Acquisition System

Privacy Impact Assessment. For. Non-GFE for Remote Access. Date: May 26, Point of Contact and Author: Michael Gray

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Managed Security Services SLA Document. Response and Resolution Times

CMS POLICY FOR THE INFORMATION SECURITY PROGRAM

ICT budget and staffing trends in the UK

PBGC Information Security Policy

SLCM Framework (Version ) Roles and Responsibilities As of January 21, 2005

NASA OFFICE OF INSPECTOR GENERAL

BPA Policy Cyber Security Program

MSP Service Matrix. Servers

The Importance of Information Delivery in IT Operations

INFORMATION SYSTEMS. Revised: August 2013

NOTICE: This publication is available at:

DCADLEC RFP Clarifications

Job Description Information Services Coordinator

BlackBerry Mobile Voice System

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

ICT budget and staffing trends in Healthcare

5 FAH-11 H-500 PERFORMANCE MEASURES FOR INFORMATION ASSURANCE

FAIR Act Inventory Functions and Service Contract Inventory Product Service Codes Crosswalk Attachment I

Subject: Information Technology Configuration Management Manual

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION

December 8, Security Authorization of Information Systems in Cloud Computing Environments

INFORMATION TECHNOLOGY ENGINEER V

UNITED STATES PATENT AND TRADEMARK OFFICE. AGENCY ADMINISTRATIVE ORDER Agency Administrative Order Series. Secure Baseline Attachment

Security Manual Template Policy and Procedure Manual Compliance Management Made Easy ISO / HIPAA / SOX / CobiT / FIPS 199 Compliant

AL RAFEE ENTERPRISES Solutions & Expertise.

Information Resources Security Guidelines

DOT.Comm Oversight Committee Policy

Pacom Systems. All rights reserved.

How To Improve Nasa'S Security

EPA Classification No.: CIO P-09.1 CIO Approval Date: 08/06/2012 CIO Transmittal No.: Review Date: 08/06/2015

PROJECT MANAGEMENT PLAN TEMPLATE < PROJECT NAME >

EPA Classification No.: CIO P-01.1 CIO Approval Date: 06/10/2013 CIO Transmittal No.: Review Date: 06/10/2016

INITIAL APPROVAL DATE INITIAL EFFECTIVE DATE

REMOTE ACCESS POLICY OCIO TABLE OF CONTENTS

933 COMPUTER NETWORK/SERVER SECURITY POLICY

D&CP BUREAU OF INFORMATION RESOURCE MANAGEMENT. Resource Summary ($ in thousands)

STL Communications Technology Fair Avaya CS1000 Direction and Migration Strategies

Ohio Supercomputer Center

Department of Defense INSTRUCTION

Office of Inspector General

TECHNOLOGY PLAN SUMMARY

Services Providers. Ivan Soto

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

ADDENDUM TO STATE OF MARYLAND PURCHASES ISSUED UNDER STATE CONTRACT NO. 060B

Frequently Asked Questions (FAQs) about GRS 3.1, General Technology Management Records

OCCUPATIONAL GROUP: Information Technology. CLASS FAMILY: Security CLASS FAMILY DESCRIPTION:

NASA Information Technology Requirement

NSF AuthentX Identity Management System (IDMS) Privacy Impact Assessment. Version: 1.1 Date: 12/04/2006. National Science Foundation

PROPOSALS REQUESTED THE TOWN OF OLD ORCHARD BEACH POLICE DEPARTMENT FOR IP-BASED VOICE COMMUNICATION SYSTEM

Disaster Recovery Business Continuity Premium Edition

Publication 805-A Revision: Certification and Accreditation

November 12, Re: Request for Information , Phone System Replacement. Dear Vendor,

Domain 1 The Process of Auditing Information Systems

Supplier Security Assessment Questionnaire

Transcription:

DRYDEN Directive:, POLICY Effective Date: February 26, 2010 DIRECTIVE Expiration Date: February 26, 2015 This document is uncontrolled when printed. Before use, check the Master List to verify that this is the current version. Compliance is mandatory. RESPONSIBLE OFFICE: SUBJECT: MI/Chief Information Officer Managing Information Technology (IT) 1. POLICY a. The Office of the Chief Information Officer (CIO) is chartered as the primary source of the information systems, products, and services that comprise the Center s IT infrastructure. The DFRC IT infrastructure is the combined set of networks, data centers, hardware and software systems, applications, processes, and services that support the management of the life cycle for technical and management information. This life cycle includes information capture, collection, organization, presentations, disseminations, protection, archival, and retrieval. 1) All DFRC Information Technology (IT) systems, products, and services shall be acquired and managed in compliance with established NASA policies. 2) Specific functional areas comprising the IT infrastructure are listed in Enclosure A. All DFRC mission and mission support organizations shall engage the Office of the CIO to provide services to satisfy such requirements. 3) All DFRC organizations and projects shall use only existing Agency and/or Center IT contracts (Enclosure B) to acquire any IT systems, products, or services to the extent that those contracts can meet organization requirements and have been approved by the CIO to meet those requirements. In the event that a requirement cannot be met using an existing IT contract, a CIO waiver will be required before acquiring through an alternate source. 4) All DFRC organizations and projects shall coordinate IT investments with the Office of the CIO in order to ensure the required investment reviews are conducted and reported to the Agency and OMB. 2. SCOPE AND APPLICABILITY a. This Dryden Policy Directive (DPD) is applicable to the Dryden Flight Research Center, the Dryden Aircraft Operations Facility, the AERO Institute, and on-site contractors, grant recipients, and other partners to the extent specified in their contracts or agreements. 3. AUTHORITY a. NPD 1000.3, The NASA Organization b. NPD 2800.1, Managing Information Technology c. NPD 2810.1, NASA Information Security Policy

Page 2 of 8 4. APPLICABLE DOCUMENTS a. DCP-V-017, Obtaining Approval for IT Purchases 5. RESPONSIBILITY a. The DFRC Chief Information Officer will ensure that Center IT policy and related procedures and guidance are established and maintained consistent with Agency issuances and be the sole approver of any waivers to this policy. b. The Office of the CIO will manage the Center s IT Security Program and ensure compliance with Agency policy; be responsible for developing, implementing, and maintaining IT infrastructure systems and services at DFRC; and ensure that each IT system is documented with Certification and Accreditation (C&A)package and approved Authorization to Operate (ATO) prior to operation. c. The Office of Acquisition Management will halt the purchase of items and services not in compliance with this policy, and ensure the requirements for all new on-site contracts whose execution requires access to the DFRC IT infrastructure include the requirement for compliance with this policy. d. Government Credit Card Holders and Contractor Procurement Agents will ensure that items with the scope of this policy are purchase only after Office of the CIO review per the process defined in DCP-V-017. e. Project Managers and Organizational Managers will ensure that any IT investments are reviewed and approved by the Office of the CIO prior to implementation; ensure that IT investments are reported to the Office of the CIO for the annual Strategic Investment Business Case (SIBC) reviews with the Agency CIO; ensure that highly specialized IT systems are documented with a Certification and Accreditation (C&A) package and approved Authority to Operate (ATO) prior to operation; and ensure that the Office of the CIO is included in the reviews of highly specialized IT and infrastructure IT proposals and projects. f. DFRC Employees and Contractors will take annual IT Security training as required by their work assignments and contract specifications; adhere to Federal, Agency, and Center IT policies and procedures; report questionable activity to the Center IT Security Manager; and report any loss of IT assets or data within the hour to the Security Operation Center (SOC). 6. DELEGATION OF AUTHORITY None 7. MEASUREMENTS a. The Center IT Security Manager and staff will perform periodic audits to ensure all Center IT Systems are in compliance with this policy. 8. CANCELLATION DPD 2800.2, Managing Information Technology (IT), effective November 18, 2004 David McBride or Delegated Official ENCLOSURES:

Page 3 of 8 Attachment A: DFRC IT Infrastructure Services Attachment B: Center IT Contracts Attachment C: Reference Documents DISTRIBUTION: IDMS System Administrator Meetings Staff Meetings CIO Home Page DM3

Page 4 of 8 Attachment A: DFRC IT Infrastructure Services Communication Services Cable Plant Services Data Services o Routed Data o Custom Data Network Services o IP Address Management o Remote Access Services Network Infrastructure o Wireless Connectivity o Wired Connectivity Video Delivery o Video over IP (ViIP) Services o Video Portal Voice Services o Voice over IP (VoIP) Services o Emergency Responder Services o Secure Telephone Services o Analog Voice Services o Calling Cards o Radio Network Services o Switched Voice Services Data Center Services Data Center Management and Operations Hosting Services o Computing Services Virtualized (VMWare) Dedicated Platforms o Data Management/Delivery Flight Data Delivery Loading and Archiving Data Recovery o Data Storage Services o System Administration Unix/Linux Windows Server Housing Services o Disaster Recovery Services o Network Services o Facilities Services Value Added Services o Print Services o Forms Management End User Services End User Education and Training Handheld/Mobile Devices Hardware/Software Accessories (IT Catalog) Hardware Disposal Services Voice Services o Cellular Services Desktop Services

Page 5 of 8 Infrastructure Support Services Content Management o Document Management o Forms Management o Records Management o Web Services Web Development Services Web Content Management Security Management Services o Certification and Accreditation (C&A) Services o Identity and Access Management o Incident Response Services o IT Security Consulting Services o Security Engineering Services o Security Monitoring o Threat and Vulnerability Management Physical Security o Access Control o Alarm System IT Business Services Infrastructure Software Development General Administration Help Desk Project Management Visualization Services o Imagery In-Flight Photography Standard Photography Photo Production Photo Archive o Multimedia Graphics o Video Video Production Video Archive In-Flight Video IT Systems Engineering Services

Page 6 of 8 Attachment B: Center IT Contracts Outsourcing Desktop Initiative for NASA (ODIN) The ODIN contract is used Agency-wide for NASA with local delivery orders set up for each Center. ODIN can provide all desktop computing needs. This includes hardware, software, maintenance, 24x7 help desk support, and a comprehensive catalog for ordering commercially available IT products. ODIN also provides a variety of communication services including fax, cell phones, and other mobile devices such as Blackberries. Additional information about this contract can be found at: http://www.odin.lmit.com/dfrc/ or contact your organizational IT POC: http://xnet.dfrc.nasa.gov/organizations/cio/itpoc.html Range Facilities and Engineering Support Services (RF&ESS) Arcata The RF&ESS contract provides local Center IT support in several areas as indicated by the following Work Breakdown Structure (WBS) list: WBS # WBS Title 311 Database Analysis, Programming Support, and Web Page Development 312 Information Technology Security Support 315 Security Control Center Systems Support 316 Network Management 317 Engineering and Laboratory Computer Maintenance and System Administration Support 318 Cable Plant 319 IT Help Desk and Business Information Systems Support 322 Administrative and In-Flight Photography 323 Administrative Audio/Video and In-Flight Video 324 Graphics and Illustration Services 326 IT Systems Engineering Project Support To request the above services, work with your organizational IT POC: http://xnet.dfrc.nasa.gov/organizations/cio/itpoc.html or contact the IT Service Desk at x6163

Page 7 of 8 Attachment C Reference Documents a. NPR 2800.1, Managing Information Technology b. NPR 2810.1, Security of Information Technology c. NPR 7120.5, NASA Space Flight Program and Project Management Requirements d. NPR 7120.7, NASA Information Technology and Institutional Infrastructure Program and Project Management Requirements e. NPR 7120.8, NASA Research and Technology Program and Project Management Requirements f. Chief Information Officer Website

Page 8 of 8 Document History Log This page is for informational purposes and does not have to be retained with the document. Status Document Effective Page Change Revision Date Description of Change Baseline 10-25-04 Added Compliance is mandatory. to first page. Admin. 11-18-04 1 Corrected typographical, grammatical, and some Change format errors. Revision A 01/26/10 All Major rewrite Changed Code V to Code MI Admin A-1 07/13/10 All Changed formatting to comply with Agency Change standards Transferred documents not cited in DPD from Admin A-2 10/08/10 2, 7 Applicable Documents section to Reference Change Documents in Attachments

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information