IT Security Program Mission: The National Oceanic and Atmospheric
Administration (NOAA) has established and implemented an Information
Technology (IT) Security Program which provides reasonable and acceptable
assurance that IT systems are performing as specified; that information
is provided adequate protection; that data and software integrity is
maintained; and, that unplanned disruptions of processing will not seriously
impact mission accomplishment.
The NOAA
IT Security Program implements policies, standards, and procedures which
are consistent with government-wide laws and regulations, to assure
an adequate level of protection for IT systems whether maintained in-house
or commercially. The "Computer Security Act of 1987," Public
Law 100-235 and Office of Management and Budget (OMB) Circular A-130
require all federal agencies to plan for the security of all IT systems
throughout their life cycle. OMB Circular A-130 also establishes a minimum
set of controls to be included in Federal IT security programs. The
circular directs agencies to assure:
- That
IT systems operate effectively and accurately;
- That
there are appropriate technical, personnel, administrative, physical,
environmental, and telecommunications safeguards in IT systems;
- That
the continuity of the operations of IT systems that support critical
agency functions is preserved.
The Government
Information Security Reform Act (GISRA), Title X, subtitle G, of P.L.
106-398, addresses the program management and evaluation aspects of
IT security.
NOAA IT
Security Program policies represent management's commitment to assuring
confidentiality, integrity, availability and control of NOAA's IT resources.
NOAA established
a formal incident response capability named the NOAA Computer Incident
Response Team (N-CIRT) in 1999. The N-CIRT operational duties include
incident response, sharing of common vulnerabilities to the NOAA community,
training on proper configurations for security, etc. The N-CIRT coordinates
incident responses and is responsible for acting as a source of expertise
and information regarding vulnerabilities and responses as pertains
to the NOAA environment.