DATE: July 12, 2001
SUBJECT: National Aeronautics and Space Administration Federal Acquisition Regulation (FAR) Supplement (NFS); Security Requirements for Unclassified Information Technology Resources
SOURCE: Federal Register, July 12, 2001, Vol. 66, No. 134, page 36490
AGENCIES: National Aeronautics and Space Administration (NASA)
ACTION: Interim Rule
SYNOPSIS: NASA is revising NFS 1804.470, Security Requirements for Unclassified Automated Information Resources, and NFS 1852.204-76, Security Requirements for Unclassified Information Technology Resources, to clarify the information technology (IT) security requirements for sensitive information contained in unclassified automated information resources.
DATES: The interim rule is effective July 12, 2001, and applies to all contracts awarded on or after that date.
Comments on the interim rule should be submitted on or before September 10, 2001.
ADDRESSES: Submit written comments to Karl Beisel, NASA Headquarters, Code HC, Washington, DC 20546, 202-358-0416, e-mail: firstname.lastname@example.org.
FOR FURTHER INFORMATION CONTACT: Karl Beisel, 202-358-0416, e-mail: email@example.com.
SUPPLEMENTAL INFORMATION: The Computer Security Act of 1987 and the Office of Management and Budget (OMB) Circular No. A-130, Management of Federal Information Resources, Appendix III, Security of Federal Automated Information Resources, require that adequate security be provided for all information collected, processed, transmitted, stored, or disseminated by a federal agency. NFS Part 1804, Administrative Matters, contains the requirement for all NASA contractors and subcontractors to comply with NASA policies in safeguarding unclassified NASA data held in IT. This interim rule revises NFS 1804.470 and NFS 1852.204-76 to clarify the applicability and requirements of the clause.
The primary changes are in NFS 1852.204-76, which has been revised to establish different three levels of personnel screening: IT-1 -- individuals having privileged access or limited privileged access to systems whose misuse can cause very serious adverse impact to NASA missions ("these systems include, for example, those that can transmit commands directly modifying the behavior of spacecraft, satellites or aircraft"); IT-2 -- individuals having privileged access or limited privileged access to systems whose misuse can cause serious adverse impact to NASA missions ("these systems include, for example, those that can transmit commands directly modifying the behavior of payloads on spacecraft, satellites or aircraft; and those that contain the primary copy of 'level 1' data whose cost to replace exceeds one million dollars"); and IT-3 -- individuals having privileged access or limited privileged access to systems whose misuse can cause significant adverse impact to NASA missions ("these systems include, for example, those that interconnect with a NASA network in a way that exceeds access by the general public, such as bypassing firewalls; and systems operated by the contractor for NASA whose function or data has substantial cost to replace, even if these systems are not interconnected with a NASA network"). In addition, the clause no longer singles out non-permanent resident aliens as requiring special authorization from the Center Chief of Security prior to being granted to any NASA IT systems and networks.
Also, NFS 1804.470-2 and NFS 1804.470-3 are reorganized to make the requirements clearer and more understandable.
FOR FURTHER INFORMATION CONTACT: Panoptic Enterprises at 703-451-5953 or by e-mail to BarryMcVay@FedGovContracts.com.
Return to the Dispatches Library.
Return to the Main Page.