Sec. 613. Cybersecurity
445 words·~2 min read·
/bill/114/s/3346/is/section-613A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
The security of NASA information and information systems is vital to the success of the mission of the agency. Section 1207 of the National Aeronautics and Space Administration Authorization Act of 2010 ( 42 U.S.C. 18445 ) is amended— by redesignating subsections
(a)through
(c)as subsections
(b)through (d), respectively; by inserting before subsection (b), as redesignated, the following: Not later than 1 year after the date of enactment of the National Aeronautics and Space Administration Transition Authorization Act of 2016 , the Administrator shall implement the information security plan developed under paragraph
(2)and take such further actions as the Administrator considers necessary to improve the information security system in accordance with this section. Subject to paragraphs (3), (4), and (5), the chief information officer of NASA, shall develop an agency-wide information security plan to enhance information security for NASA information and information infrastructure. In developing the plan under paragraph (2), the chief information officer shall ensure that the plan— is consistent with policies, standards, guidelines, and directives on information security under subchapter II of chapter 35 of title 44, United States Code; is consistent with the standards and guidelines under section 11331 of title 40, United States Code; and meets applicable National Institute of Standards and Technology information security standards and guidelines. The chief information officer shall submit the plan to the Administrator for approval prior to its implementation. The plan shall include— an overview of the requirements of the information security system; an agency-wide risk management framework for information security; a description of the information security system management controls and common controls that are necessary to ensure compliance with information security-related requirements; an identification and assignment of roles, responsibilities, and management commitment for information security at the agency; coordination among organizational entities, including between each center, facility, mission directorate, and mission support office, and among agency entities responsible for different aspects of information security; heightened consideration of the need to protect the information security of mission-critical systems and activities and high-impact and moderate-impact information systems; and a schedule of frequent reviews and updates, as necessary, of the plan. ; and in subsection (b), as redesignated— in paragraph (1)— in subparagraph (B), by striking ; and and inserting a semicolon; in subparagraph (C), by striking the period at the end and inserting ; and ; and by adding at the end the following: an update on the agency’s efforts to apply additional information security protections to secure high-impact and moderate-impact information systems and mission-critical systems and activities, including those systems that control spacecraft and maintain critical data sources. ; and in paragraph (2), by striking section 3545 and inserting section 3555 .
Connectionstraces to 1
Traces to 1 document
U.S. Code