eTouch Federal Systems (EFS) was selected to design, architect, implement, and operate NASA’s primary public portal, www.nasa.gov in a fully managed outsourced Firm Fixed Price Contract. This included not only the “NASA Web Site” but also the operations of two major enterprise-scale datacenters, a cached content delivery network, implementation of an agency-wide Content Management System, integration of the entire agency’s public content, and the development of any applications required to accomplish the integration. It also included the internal intranet accessible across all NASA Centers. The solution required a very scalable application with the ability to support extremely high loads during NASA Events (i.e. Shuttle Launches, Mars Rover Landings) and provided a NASA branding for all portal web pages.
ZOJA Consulting (ZC) was a subcontractor to eTouch Federal Systems and their focus was on IT Security.
The NASA IT Security (ITS) Division within the Office of the Chief Information Officer strategically manages Agency-wide security projects to correct known vulnerabilities, reduce barriers to cross-center collaboration, and provide cost-effective IT security services in support of NASA’s systems and e-Gov initiatives. The ITS Division ensures that information technology security across NASA meets confidentiality, integrity, and availability objectives for data and information to include disaster recovery and continuity of operations for systems. The ITS Division develops and maintains an information security program that ensures consistent security policy, identifies and implements risk-based security controls, and tracks security metrics to gauge compliance and effectiveness. The function is responsible for performing audits and reviews to assess compliance with security and privacy policies and procedures. NPD 2810.1, NASA Information Security Policy, and NPR 2810.1 Security of Information Technology, provide more details on IT security requirements at NASA. ZC has provided business and technical support to NASA since 2008. Key clients are:
- Jerry Davis – Deputy CIO,
- Linda Cureton – CIO CHALLENGES The IT Security Division’s programs continue to gain prominence in both government and public forums. Fundamental challenges include:
- ZOJA Content 01 20 24
- Integration of NIST 800-53 Revision 3 security controls
- Continuous Monitoring of NASA information systems
- Security and monitoring for NASA Web sites and applications
- Security and support for smartphones and other mobile technology AIS INVOLVEMENT AIS contributed a broad range of capabilities, skills, and services to the NASA account team among these are:
- FISMA Certification and Accreditation
- Continuous Monitoring
- Web Application Security Strategy, Compliance, and Training
- Software Assurance Strategy, Compliance, and Training
- Secure Code Review
- Application Security Assessment
- Penetration Testing
- Web Application Risk Analysis
- Secure Coding Best Practices
- Security Incident Response
- Design and Architectural Analysis RESULTS The OCIO and IT Security Division have grown and matured to meet the changing mission requirements as defined by NASA Leadership, Congressional mandates, and public scrutiny. There will be greater sharing of IT innovations across the Agency to support the scientific missions in the future and IT Security will need to put processes in place to streamline its efforts at maintaining a safe and secure environment.