NASA Proposes Cyber Lock-Down On Contractors
Following an outbreak of highly publicized information security breaches ripping through the federal government and prompting new OMB "get-tough" directives, NASA is proposing a new crackdown on contractors that "(1) have physical or electronic access to NASA's computer systems, networks, or IT infrastructure; or (2) use information systems to generate, store, or exchange data with NASA or on behalf of NASA." 71 Fed. Reg. 43408 (Aug. 1, 2006) http://a257.g.akamaitech.net/7/257/2422/01jan20061800/edocket.access.gpo.gov/2006/pdf/E6-12351.pdf. Under these proposed rules, NASA contractors face a variety of new and expanded cyber requirements that generally add cost and risk to contract performance, including: (1) submitting IT "Security Plans" compliant with National Institute of Standards and Technology (NIST) SP 800-18; (2) performing "Risk Assessments" consistent with Federal Information Processing Standards Publication (FIPS) 199; (3) preparing contingency plans per NIST SP 800-34; (4) conducting annual IT security training; and (5) assuring that contractor personnel with access to NASA IT systems have National Agency Check with Inquiries (NACI) screening.
For more information, please contact the professional(s) listed below, or your regular Crowell & Moring contact.