Docstoc

awrs-overview-2007-10-16

Document Sample
awrs-overview-2007-10-16 Powered By Docstoc
					     NATIONAL AERONAUTICS
     AND SPACE ADMINISTRATION

     Goddard Space Flight Center




Agency Web Registration System
(AWRS) Overview

                                    Emma Antunes

                                   October 16, 2007
         What is AWRS?
• AWRS = Agency Web Registration System
• Inventory of NASA web sites
    – Replaces Goddard’s Web Registry
    – Does NOT replace Web Port Waiver process
    – Includes internal as well as external sites + FTP
•   Provides for common reporting across the agency
•   Managed by LaRC
•   In the works for 4+ years
•   Coming online NOW
                                                          2
       Requirement
• Jonathan Pettus, NASA Chief Information Officer
  (CIO), issued a memo 6/21/07 mandating
  registration of Web sites:
  – “Static and dynamic web sites, sites hosting Web-
    based applications, and File Transfer Protocol (FTP)
    sites on NASA’s network or delivering NASA
    information must be registered in AWRS…This
    requirement includes public, internal, external, or
    extranet sites.”



                                                           3
       Requirement Continued

• Sites that must be registered
  – “Real” sites
  – Those in production or close to release
• Sites that need not be registered:
  – Web sites used only for development or testing
  – Hardware with a web interface only for
    configuration
     • Printers, network devices, video cameras, etc.
  – Any site fully integrated in the NASA portal
                                                        4
       AWRS Structure

• Web hosts
  – Data about host name, IP, OS, Web server, etc
  – Similar to data in IPAMS
  – Requires 2-factor authentication (RSA tokens) to
    access


• Web sites
  – Data about content of the site, such as title,
    description, and whether it’s compliant with various
    rules (such as Section 508)

                                                           5
       Primary AWRS Roles

• Technical POC
  – Manages Web HOSTS
  – Usually a technical person
  – CSOs assigned this role because they:
     • Already maintain same host data in IPAMS
     • Have RSA tokens
• Registrant
  – Manages Web SITES
  – Usually a person who maintains the content of a site
     • Could be curator, webmaster, coordinator for the branch or
       division, etc
                                                                    6
         Status
• Migrated Center Web Data
  –   Pre-populated from scans, IPAMS & Web Registry
  –   Includes internal & external Web sites
  –   Does not include FTP
  –   1500+ sites, 913 hosts, ~960 users
• Beginning user account requests
  – Made best guess for accounts
       • Cast a wide net: CSO’s, web people, RNO’s
  – Worked out process with LaRC to make it easier
       • Only user signature is required on form

                                                       7
       Account Request Process
• Process
  – All users must sign an AWRS Access Request Form
  – TPOC’s also need Langley Form 97 for RSA
  – Management signatures done by batch via DCSO’s [IN
    PROGRESS]
• Status:
  – TPOC’s first [IN PROGRESS]
  – Registrants next
• Account forms available at
  http://requestaccount.larc.nasa.gov/index.cfm
                                                     8
               AWRS Login Processes
  AAs / CAs / TPOCs / SuperCAs
                                         RSA
                                        Servers

Enter with RSA two-factor
authentication account linked to AWRS
login ID

Centers cross-realmed with LaRC:
User’s Center provides RSA token
                                        etc.

                                         “single sign-on”
                                         to AWRS


Registrants / Mgmt. Approvers /
Site Reviewers

  Enter with AWRS login ID and
  password (no RSA token required)
                                        AWRS
                                                            9
         Procedures for Technical POC
• When a Technical POC logs in for the first time:
   – Search for Web host records assigned to account
   – Delete any records no longer needed
   – Edit and save records, update any incorrect or out-of-date
     information and input missing data
   – Add new Web host records as needed


• Example screens…




                                                                  10
Add Host




           11
12
13
          Procedures for Site Registrant
• When a Registrant user logs in for the first time:
   – Search for Web site records assigned to account
   – Delete any records no longer needed
   – Edit records, update any incorrect or out-of-date information,
     input missing data, respond to site policy compliance statements,
     and answer questions regarding site content
   – Add new Web site records as needed


• Example screens…




                                                                     14
Add Site




           15
16
17
18
            Policy Compliance
• Policy/Content questions cover:
   –   Children’s Online Privacy Protection Act (COPPA)
   –   Internet Publishing Content Requirements (from 2810)
   –   OMB Cookie Use Guidelines for Federal Government Web Sites
   –   Privacy Act-PIA
   –   Public Information Collection Guidelines-E-Gov Act
   –   Public Information Collection Guidelines-Paperwork Reduction Act
   –   Section 508 Accessibility Guidelines
   –   Classified National Security Information (CNSI)
   –   Copyright
   –   Export Control (including ITAR and EAR)
   –   Scientific & Technical Information (STI)
   –   Potentially Patentable
   –   Proprietary & Trade Secret Information
   –   Sensitive But Unclassified (SBU)
   –   Space Act Agreement
   –   Unclassified Controlled Nuclear Information (UCNI)
                                                                          19
      Training

• Flash based training available at
  https://webregister.larc.nasa.gov/
• Webex based training available for signup
  via SATERN. Slots available:
  – Oct   17   10-12 & 2-4
  – Oct   18   2-4
  – Oct   23   10-12 & 2-4
  – Oct   24   10-12 & 2-4
  – Oct   25   2-4
                                              20
       GOTCHAS
• Email notifications aren’t grouped
  – Some Technical POCs will receive 50+ emails from the
    system at Go-Live
• Language is in “IT-ese”
  – Email notifications, Help text, etc
  – Example:
     • “Site content categories” & “policy titles”
• Some GSFC facilities separated out, some not
• Review, management approval does not apply to
  GSFC
                                                       21
             Registration Deadlines
External Web Sites                              120 days after Go Live
(accessible outside Center firewalls)           (Feb 1 2008)

Internal Web Sites                              180 days after Go Live date
(accessible inside Center firewalls only)       (April 1 2008)

FTP Sites                                       6 months after deadline for
(internal and external)                         registration of internal Web sites

Note: Simply having data migrated into AWRS does not satisfy the Web site registration
requirement; Registrant must verify and complete all required information and submit the
registration record for review and approvals

These deadlines translate into expire/renewal dates. We negotiated
extensions to help spread out the work over time. If you wait until the deadline
to complete registration, all of your records will expire at the same time
next year.
                                                                                       22
      Next Steps

• Get accounts for everyone
• More training
  – Webex & general walk-throughs
• Integrate FTP Sites
  – Find sites & identify owners
  – How do rules for FTP differ from HTTP?




                                             23
       Resources

• AWRS Informational Web Site
http://insidenasa.nasa.gov/ocio/information/
  info_home/webregister.html


• AWRS Application
https://webregistration.larc.nasa.gov




                                               24
• Questions?

• Center AWRS Administrators:
  – Emma Antunes
    6-1377
    emma.antunes@nasa.gov
  – Carla Ridgeway
    6-9002
    carla.ridgeway@nasa.gov
                                25

				
DOCUMENT INFO