IT Security
Missions have unique needs to protect the commanding, housekeeping data, and science data provided by a spacecraft. A flight project must develop and maintain ground security systems require to protect the spacecraft and payload data
EFSI provides IT Security for multiple NASA ground systems in NASA’s Space Sciences Mission Operations (SSMO), Earth Sciences Mission Operation (ESMO) and James Webb Space Telescope (JWST).
IT Security services include but are not limited to development of System Security Plans, Risk Assessment Reports, Contingency Plans, Standard Operating Procedures, Plan of Action & Milestones (POA&Ms), Privacy Impact Assessments, Applications Portfolio Assessment Tool (APAT) registrations, Business Impact Analysis (BIA) and Interconnect Security Agreements (ISAs).
EFSI SMEs performs system categorization and develops IT Security control implementations as they work with spacecraft network engineers, system administrators and Information System Security Officials (ISSOs). Scoping guidance is applied to IT Security controls that deviate from the NASA requirement or NIST recommendation due to operational requirements or technical limitations. EFSI SMEs complete annual self-assessments of IT Security controls in preparation for annual third-party IT Security assessments. Assessment types supported include Authorization to Process (ATP), Authorization to Operate (ATO) and Continuous Monitoring. Preparation for annual assessment includes updating IT Security control implementations, updating IT Security documentation and collecting IT Security control artifacts. EFSI’s IT Security efforts have resulted in a recommendation to the Authorizing Official (AO) for ATP, ATO or ATO with continuous monitoring by third-party assessors following each annual assessment. EFSI SMEs support continuous monitoring efforts which includes establishing what is monitored, how it is monitored and what artifact is collected for specific controls. EFSI SMEs provide vulnerability/risk analysis and assists the Spacecraft ISSOs in planning mitigations. EFSI SMEs are experienced using the NASA repository for IT Security documentation which is called Risk Information and Security System (RISCS).