All Alerts & Newsletters

NASA Proposes Cyber Lock-Down On Contractors

Aug.11.2006

Following an outbreak of highly publicized information security breaches ripping through the federal government and prompting new OMB "get-tough" directives, NASA is proposing a new crackdown on contractors that "(1) have physical or electronic access to NASA's computer systems, networks, or IT infrastructure; or (2) use information systems to generate, store, or exchange data with NASA or on behalf of NASA." 71 Fed. Reg. 43408 (Aug. 1, 2006) http://a257.g.akamaitech.net/7/257/2422/01jan20061800/edocket.access.gpo.gov/2006/pdf/E6-12351.pdf. Under these proposed rules, NASA contractors face a variety of new and expanded cyber requirements that generally add cost and risk to contract performance, including: (1) submitting IT "Security Plans" compliant with National Institute of Standards and Technology (NIST) SP 800-18; (2) performing "Risk Assessments" consistent with Federal Information Processing Standards Publication (FIPS) 199; (3) preparing contingency plans per NIST SP 800-34; (4) conducting annual IT security training; and (5) assuring that contractor personnel with access to NASA IT systems have National Agency Check with Inquiries (NACI) screening.

Email Twitter LinkedIn Facebook Google+

For more information, please contact the professional(s) listed below, or your regular Crowell & Moring contact.

David Z. Bodenheimer
Partner – Washington, D.C.
Phone: +1 202.624.2713
Email: dbodenheimer@crowell.com

John E. McCarthy Jr.
Partner – Washington, D.C.
Phone: +1 202.624.2579
Email: jmccarthy@crowell.com