Every three years all data processing installation (dpi) sites at each NASA Field Center are due for an Information Technology Security (ITS) Compliance Review to determine the level of compliance with the center's ITS minimum protective baseline requirements. The review process involves interviews of key ITS personnel; a walk-through of work areas; examination of security, risk management, and contingency plans; and observations of facility operating procedures.
The GSFC Security Office (GSO) held an ITS Compliance Review for the Space Science Data Operations Office (SSDOO)/NSSDC computer facilities on July 16, 1997. The compliance was evaluated pertaining to management oversight of the risk management process, contingency planning, system and network administration, incident reporting and response, and ITS awareness training. The review consisted of 27 ITS requirements, not too exhaustive, but representing a survey to identify trends in overall compliance with Federal and Agency ITS Program Guidelines.
The result of the review is that the SSDOO is in full compliance with the minimum federal and agency requirements for each of the 27 ITS requirements in the GSO's executive summary report. The GSO identified no required actions and has adopted SSDOO's ITS Rules of Behavior as a sample for the center.
Erin D. Gardner, email@example.com, (301) 286-0163
Hughes STX, Code 633, NASA Goddard Space Flight Center
Greenbelt, MD 20771, U.S.A.