Docstoc

CCSDS Security Working Group Spring 2004 Meeting CSA_ Montreal CA

Document Sample
CCSDS Security Working Group Spring 2004 Meeting CSA_ Montreal CA Powered By Docstoc
					                     DRAFT




NASA (GSFC) Security Practices



NOTE: Intent is to provide enough detail to compare &
   contrast various the various Agency practices
   in order understand where differences lie and
  eventually determining how to create standards


                                                        1
                       AGENDA

• Agency Background
• Overall Agency Security Policies
• Mission Specific Security Practices
   – Ground segment
   – Space segment




                                        2
               Types of Mission


• Earth, Moon, Mars and beyond
   – Man
       » Mercury, Gemini,
       » Apollo (Moon),
       » SpaceLab,
       » Shuttle,
       » ISS




                                  3
   AGENCY BACKGROUND (Cont)


– Unmanned
   » Earth/Climate science (proving remote sensing)
       • Polar Orbiting
           – Terra, Aqua, Aura, ICEsat, LandSat,
             NPOESS
       • LEO
           – TRMM, QuickScat, Sorce, UARS, ERBS,
             Topex
       • GeoStationary
           – GOES
           – TDRSS
   » Solar Science
       • SOHO, SDO, WIND, Polar
   » Lunar
       • LRO                                          4
      » Planetary
           • MRO, Mars Rovers, Cassini, Kepler, Voyager
      » Deep Space
           • HST, XTE, MAP, FAST/SWAS, Femmi(GLAST)
   – Ground Network
      » WFF, PF, MGS, Hawaii, Mila, Malindi
      » DSN (Goldstone, Madrid, Canberra)
      » Commercial (USN, Norway,
   – Space Network
           • TDRS-WSC (WSGT/STGT/Guam),
• Specialties
   – TDRSS, DSN, FDF


                                                          5
          OVERALL AGENCY SECURITY
                  POLICIES


• Physical security
   – HSPD-12, Personnel Identification Validation (PIV)
   – NPR 1600.1, NASA Security Program Procedural
     Requirements (Guards, Badges, Personnel Screening,
     Keys, Keycards)
   – NPD 1600.2 NASA Security Policy
   – NPR 1620.2 Physical Security Vulnerability Risk
     Assessments
   – NPR 1620.3 Physical Security Requirements for NASA
     Facilities and Property
   – NPD 1660.1 NASA Counterintelligence (CI) Policy
   – NPR 1660.1, Counterintelligence (CI)/Counterterrorism
     (CT) Procedural Requirements


                                                             6
               Enterprise It Security


• Enterprise IT security
   – Enterprise Architecture
       » Goddard Directives Management System (GDMS)
       » Common Badging and Access Control System
         (CBACS) implements PIV-2 badges)
       » NASA Account Management System (NAMS)
       » NASA Application Tracking Tool (NAT)
       » IdMAX (Validate ID/Personnel Screening)
       » NASA Operational Messaging & Directory Services
         (NOMAD)
           • MAJOR PLANNED NOMAD OUTAGE - April 25 & 26, 2009 (NoMail)

       » R2D2
       » Security Operation Center (SOC) at ARC


                                                                         7
           Mission systems security
                  practices

• Ground segment
   – NPR 7120.5 (NPR 7120.7 is not mission IT)
   – NPD 2810 (IT Security Policy Directive)
   – NPR 2810.1A (IT Security Policy Requirements)
   – Federal
       » OMB Circular A-130 Appendix III
       » FISMA 2002
           • Categorization, Risk Assessment, Security
             Plans, Security Controls (NIST SP 800-53),
             Information Security Agreements, Plan of
             Actions & Milestones.




                                                          8
           Mission systems security
                  practices

• Space segment
   – GPD 7120.1A GSFC Space Assess Protection Policy
      » Payload classification (NPR 8705.4)
      » Center Management shall… (1-3)
      » Mission Management Shall… (1-7)
      » Space Protection Systems Mission Office shall, (1-
        14




                                                             9
          MISSION SPECIFIC SECURITY
                PRACTICES (1)


• Ground Segment
   – Access controls
      » Role?
      » Person?
      » Console?
   – Security services employed
      » Confidentiality
      » Authentication
      » Integrity
      » Key management
   – Network interconnection
      » Air-gapped?
      » Interconnected with enterprise?



                                          10
           MISSION SPECIFIC SECURITY
                 PRACTICES (2)


• Space Segment
   – Security services employed:
      » Confidentiality
      » Authentication
      » Integrity
      » Emergency commanding
      » Key management
      » Access controls
      » Denial of Service protection
          • Frequency hopping?
          • Spread spectrum?
          • Others?


                                       11

				
DOCUMENT INFO