PRIA Logo
Title 42The Public Health and WelfareRelease 119-73not60

§18445 Information Security

Title 42 › Chapter 159— SPACE EXPLORATION, TECHNOLOGY, AND SCIENCE › Subchapter XI— OTHER MATTERS › § 18445

Last updated Apr 5, 2026|Official source

Summary

NASA’s chief information officer must, within 120 days after October 11, 2010, and then every two years, give Congress updates on building a system that provides real‑time information about the risk of unauthorized remote, nearby, or insider access to all information infrastructure the CIO oversees, plus mission and contractor networks. The reports must say if the system has measurably reduced network risk compared to other methods and must show how each center and facility is progressing. The Inspector General’s reviews under section 3545 of title 44 must check how well the system works. The CIO must also create an information security training and awareness program with the Department of Education, other national security agencies, and NASA offices. The program must include regular briefings about threats (classified and unclassified) and automated exercises and tests that mimic common attacks. All employees and contractors who operate or use NASA systems must take part. Only people who keep meeting the program’s requirements may have access to NASA systems. The chief human capital officer, with the CIO, must set up rewards for people who do very well. Information infrastructure — the electronic systems, devices, networks, and related hardware, software, or data used to process, send, receive, or store information.

Full Legal Text

Title 42, §18445

The Public Health and Welfare — Source: USLM XML via OLRC

(a)(1)Not later than 120 days after October 11, 2010, and on a biennial basis thereafter, the chief information officer of NASA, in coordination with other national security agencies, shall provide to the appropriate committees of Congress—
(A)an update on efforts to implement a system to provide dynamic, comprehensive, real-time information regarding risk of unauthorized remote, proximity, and insider use or access, for all information infrastructure under the responsibility of the chief information officer, and mission-related networks, including contractor networks;
(B)an assessment of whether the system has demonstrably and quantifiably reduced network risk compared to alternative methods of measuring security; and
(C)an assessment of the progress that each center and facility has made toward implementing the system.
(2)The assessments required of the Inspector General under section 3545 11 See References in Text note below. of title 44 shall evaluate the effectiveness of the system described in this subsection.
(b)(1)In consultation with the Department of Education, other national security agencies, and other agency directorates, the chief information officer shall institute an information security awareness and education program for all operators and users of NASA information infrastructure, with the goal of reducing unauthorized remote, proximity, and insider use or access.
(2)(A)The program shall include, at a minimum, ongoing classified and unclassified threat-based briefings, and automated exercises and examinations that simulate common attack techniques.
(B)All agency employees and contractors engaged in the operation or use of agency information infrastructure shall participate in the program.
(C)Access to NASA information infrastructure shall only be granted to operators and users who regularly satisfy the requirements of the program.
(D)The chief human capital officer of NASA, in consultation with the chief information officer, shall create a system to reward operators and users of agency information infrastructure for continuous high achievement in the program.
(c)In this section, the term “information infrastructure” means the underlying framework that information systems and assets rely on to process, transmit, receive, or store information electronically, including programmable electronic devices and communications networks and any associated hardware, software, or data.

Legislative History

Notes & Related Subsidiaries

Editorial Notes

References in Text

Section 3545 of title 44, referred to in subsec. (a)(2), was repealed by Pub. L. 113–283, § 2(a), Dec. 18, 2014, 128 Stat. 3073. Provisions similar to section 3545 of title 44 are now contained in section 3555 of title 44, as enacted by Pub. L. 113–283.

Reference

Citations & Metadata

Citation

42 U.S.C. § 18445

Title 42The Public Health and Welfare

Last Updated

Apr 5, 2026

Release point: 119-73not60