IT contractors must follow NASA security rules

NASA has tightened guidelines for information technology contractors with

a new rule issued July 14 that requires computer systems, networking and

telecommunications contractors to abide by NASA information security policy

directives, procedures and guidelines.

The rule amends the NASA Federal Acquisition Regulation Supplement to include

a requirement for contractors and subcontractors working with NASA unclassified

IT systems. The amendment requires that they take certain IT security-related

actions, document those actions and submit related reports to NASA. The

rule was issued the same week GAO detailed its criticism and recommendations

for NASA and other federal agency software change controls.

Prior to the rule, NASA contractors had no definitive contractual requirement

to follow NASA-directed policy in safeguarding unclassified NASA data in

computer systems.

Under the rule, NASA contracting and IT officials may require the contractor

to submit for approval a detailed security plan for unclassified federal

IT systems. The plan must outline how IT resources will be protected from

unauthorized access, alteration, disclosure or misuse of information processed,

stored or transmitted.

The plan must also show how the contractor will maintain the continuity

of automated information support for NASA missions; how the contractor will

provide cost-effective assurance of the systems' integrity and accuracy;

how the contractor will document and follow a virus protection program and

network intrusion detection and prevention program for all IT resources

under its control.


  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.