PRIA Logo
Take the PRIA Score
Title 42The Public Health and WelfareRelease 119-73

§18445 Information security

Title 42 › Chapter CHAPTER 159— - SPACE EXPLORATION, TECHNOLOGY, AND SCIENCE › Subchapter SUBCHAPTER XI— - OTHER MATTERS › § 18445

Last updated Apr 6, 2026|Official source

Summary

NASA's chief information officer must tell the right Congressional committees, within 120 days after October 11, 2010 and every two years after that, about work to build a system that gives live, complete information on the risk that people far away, people nearby, or insiders might access NASA computers and networks without permission, including contractor networks. The report must say whether the system has actually cut network risk compared with other ways of measuring security and must describe how each NASA center and facility is doing. The Inspector General must evaluate how well the system works under section 3545 of title 44. The chief information officer must set up a security training and awareness program, working with the Department of Education and other agencies. The program must include ongoing classified and unclassified threat briefings and automated exercises and tests that mimic common attacks. All employees and contractors who operate or use NASA information systems must take the program, must meet its requirements to keep access, and the chief human capital officer, with the CIO, must create rewards for high performers. information infrastructure — the framework (devices, networks, hardware, software, and data) that systems use to handle electronic information.

Full Legal Text

Title 42, §18445

The Public Health and Welfare — Source: USLM XML via OLRC

(a)(1)Not later than 120 days after October 11, 2010, and on a biennial basis thereafter, the chief information officer of NASA, in coordination with other national security agencies, shall provide to the appropriate committees of Congress—
(A)an update on efforts to implement a system to provide dynamic, comprehensive, real-time information regarding risk of unauthorized remote, proximity, and insider use or access, for all information infrastructure under the responsibility of the chief information officer, and mission-related networks, including contractor networks;
(B)an assessment of whether the system has demonstrably and quantifiably reduced network risk compared to alternative methods of measuring security; and
(C)an assessment of the progress that each center and facility has made toward implementing the system.
(2)The assessments required of the Inspector General under section 3545 11 See References in Text note below. of title 44 shall evaluate the effectiveness of the system described in this subsection.
(b)(1)In consultation with the Department of Education, other national security agencies, and other agency directorates, the chief information officer shall institute an information security awareness and education program for all operators and users of NASA information infrastructure, with the goal of reducing unauthorized remote, proximity, and insider use or access.
(2)(A)The program shall include, at a minimum, ongoing classified and unclassified threat-based briefings, and automated exercises and examinations that simulate common attack techniques.
(B)All agency employees and contractors engaged in the operation or use of agency information infrastructure shall participate in the program.
(C)Access to NASA information infrastructure shall only be granted to operators and users who regularly satisfy the requirements of the program.
(D)The chief human capital officer of NASA, in consultation with the chief information officer, shall create a system to reward operators and users of agency information infrastructure for continuous high achievement in the program.
(c)In this section, the term “information infrastructure” means the underlying framework that information systems and assets rely on to process, transmit, receive, or store information electronically, including programmable electronic devices and communications networks and any associated hardware, software, or data.

Legislative History

Notes & Related Subsidiaries

Editorial Notes

References in Text

Section 3545 of title 44, referred to in subsec. (a)(2), was repealed by Pub. L. 113–283, § 2(a), Dec. 18, 2014, 128 Stat. 3073. Provisions similar to section 3545 of title 44 are now contained in section 3555 of title 44, as enacted by Pub. L. 113–283.

Reference

Citations & Metadata

Citation

42 U.S.C. § 18445

Title 42The Public Health and Welfare

Last Updated

Apr 6, 2026

Release point: 119-73