Procurement Information Circular

Procurement Information Circular

Deactivated with issuance of PIC 04-03 on 1/26/2004 National Aeronautics and Space Administration Washington, DC 20546 Procurement Information Circular PIC 03-16 June 23, 2003 SYSTEM ADMINISTRATOR SECURITY CERTIFICATION PROGRAM PURPOSE: To provide guidance on NASA’s System Administrator Security Certification Program. BACKGROUND: Given an increasingly hostile cyber environment, NASA’s recruitment and retention of qualified and security-conscious system administrators is essential for the protection of NASA’s systems and data. A system administrator’s ability to properly install, configure, operate, maintain, and secure systems in today’s computing environment is the best defensive measure available to an organization. In accordance with OMB A-130, Management of Federal Information Resources, direction to ensure “knowledgeable” systems administrators are maintaining the systems of the Federal Government, NASA’s Chief Information Officer (CIO) has established the NASA System Administrator Information Technology (IT) Security Certification Program. The intent of the program is to independently audit or validate that NASA has system administrators with an appropriate level of knowledge and skill. This Agency– wide program applies to all lead system administrators – civil servants and contractors --administering systems on NASA IP address space. This Certification will require all system administrators to demonstrate knowledge and skills in applying security principals on the operating systems for which they have responsibility, and an understanding and application of Network and Internet security. NASA has elected to outsource the assessment examinations to a third party and will cover the cost of the two required exams. In a memo dated March 13, 2003 to the Enterprise and Center CIO’s and IT Security Managers, the CIO required that all networked devices have at least Page 1 of 3 one assigned system administrator with IT security responsibilities to be NASA 3rd Party Certified by September 8, 2003. GUIDANCE: (A) The requirement for System Administrator Security Certification must be included in all current contracts that include system administrator responsibilities. A listing of affected contracts can be obtained from each Center CIO. (B) Future contracts that include system administrator responsibilities must include the requirement for System Administrator Security Certification. (C) Efforts should be made to reach bilateral agreement on the impact of this change. Advise the Center CIO if bilateral agreement cannot be achieved in time to allow for Certification by September 8, 2003. (D) The following is recommended for inclusion in the SOW: “ In addition to any other requirements of this contract, all individuals who perform tasks as a system administrator or have authority to perform tasks normally performed by system administrator shall be required to demonstrate knowledge appropriate to those tasks. This demonstration, referred to as the NASA System Administrator Security Certification, is a NASA funded two-tier assessment to verify that system administrators are able to – 1. Demonstrate knowledge in system administration for the operating systems for which they have responsibility. 2. Demonstrate knowledge in the understanding and application of Network and Internet Security. Certification is granted upon achieving a score above the certification level on both an Operating System test and the Network and Internet Security Test. The Certification earned under this process will be valid for three years. The criteria for this skills assessment has been established by the NASA Chief Information Officer. The objectives and procedures for this certification can be obtained by contacting the IT Security Awareness and Training Center at (216) 433-2063. A system administrator is one who provides IT services, network services, files storage, web services, etc. to someone else other than themselves and takes or assumes the responsibility for the security and administrative controls of that service or machine. A lead system administrator has responsibility for information technology security (ITS) for multiple computers or network devises represented within a system; ensuring all devices assigned to them are kept in a secure configuration (patched/mitigated); and ensuring that all other system administrators under their lead understand and perform ITS duties. An individual that has full access or arbitrative rights on a system or machine that is only servicing themselves does not constitute a "system administrator" since they are only providing or accepting Page 2 of 3 responsibility for their system. An individual that is only servicing themselves is not required to obtain a System Administrator Certification.” EFFECTIVE DATE: This PIC is effective as dated and shall remain in effect until canceled or superceded. HEADQUARTERS CONTACT: Celeste Dalton, Code HK, (202) 358-1645, e- mail: [email protected]. //s// R. Scott Thompson Director, Contract Management Division Page 3 of 3 .

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    3 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us