Collapse to view only § 18445. Information security
- § 18441. National and international orbital debris mitigation
- § 18442. Reports on program and cost assessment and control assessment
- § 18443. Eligibility for service of individual currently serving as Administrator of NASA
- § 18444. Counterfeit parts
- § 18445. Information security
§ 18441. National and international orbital debris mitigation
(a) FindingsCongress makes the following findings:
(1) A national and international effort is needed to develop a coordinated approach towards the prevention, negation, and removal of orbital debris.
(2) The guidelines issued by the Inter-Agency Space Debris Coordination Committee provide a consensus understanding of 10 national space agencies (including NASA) plus the European Space Agency on the necessity of mitigating the creation of space debris and measures for doing so. NASA’s participation on the Committee should be robust, and NASA should urge other space-relevant Federal agencies (including the Departments of State, Defense, and Commerce) to work to ensure that their counterpart agencies in foreign governments are aware of these national commitments and the importance in which the United States holds them.
(3) Key components of such an approach should include—
(A) a process for debris prevention through agreements regarding spacecraft design, operations, and end-of-life disposition plans to minimize orbiting vehicles or elements which are nonfunctional;
(B) the development of a robust Space Situational Awareness network that can identify potential collisions and provide sufficient trajectory and orbital data to enable avoidance maneuvers;
(C) the interagency development of an overall strategy for review by the President, with recommendations for proposed international collaborative efforts to address this challenge.
(b) International discussion
(1) In general
(2) Interagency effort
(Pub. L. 111–267, title XII, § 1202, Oct. 11, 2010, 124 Stat. 2841.)
§ 18442. Reports on program and cost assessment and control assessment
(a) Findings
Congress makes the following findings:
(1) The adherence of NASA to program cost and schedule targets and discipline across NASA programs remains a concern.
(2) The James Webb Space Telescope has exceeded its cost estimate.
(3) In 2007 the Government Accountability Office issued a report on NASA’s high risk acquisition performance.
(4) In response, NASA prepared a corrective action plan two years ago.
(b) Reports
(1) Reports required
(2) Elements
Each report under this subsection shall set forth, for the year covered by such report, the following:
(A) A description of each NASA program that has exceeded its cost baseline by 15 percent or more or is more than 2 years behind its projected development schedule.
(B) For each program specified under subparagraph (A), a plan for such decrease in scope or requirements, or other measures, to be undertaken to control cost and schedule, including any cost monitoring or corrective actions undertaken pursuant to the National Aeronautics and Space Administration Authorization Act of 2005 (Public Law 109–155),1
1 See References in Text note below.
and the amendments made by that Act.(Pub. L. 111–267, title XII, § 1203, Oct. 11, 2010, 124 Stat. 2841.)
§ 18443. Eligibility for service of individual currently serving as Administrator of NASA
The individual serving in the position of Administrator of the National Aeronautics and Space Administration as of October 11, 2010, comes from civilian life and is therefore eligible to serve in such position, in conformance with section 20111 of title 51.
(Pub. L. 111–267, title XII, § 1204, Oct. 11, 2010, 124 Stat. 2842.)
§ 18444. Counterfeit parts
(a) In general
(b) RequirementsIn carrying out the program, the Administrator shall establish—
(1) counterfeit part identification training for all employees that procure, process, distribute, and install electronic parts that will—
(A) teach employees how to identify counterfeit parts;
(B) educate employees on procedures to follow if they suspect a part is counterfeit;
(C) regularly update employees on new threats, identification techniques, and reporting requirements; and
(D) integrate industry associations, manufacturers, suppliers, and other Federal agencies, as appropriate;
(2) an internal database to track all suspected and confirmed counterfeit electronic parts that will maintain, at a minimum—
(A) companies and individuals known and suspected of selling counterfeit parts;
(B) parts known and suspected of being counterfeit, including lot and date codes, part numbers, and part images;
(C) countries of origin;
(D) sources of reporting;
(E) United States Customs seizures; and
(F) Government-Industry Data Exchange Program reports and other public or private sector database notifications; and
(3) a mechanism to report all information on suspected and confirmed counterfeit electronic parts to law enforcement agencies, industry associations, and other databases, and to issue bulletins to industry on counterfeit electronic parts and related counterfeit activity.
(c) Review of procurement and acquisition policy
(1) In general
(2) CriteriaThe criteria may include—
(A) authentication or encryption codes;
(B) embedded security markings in parts;
(C) unique, harder to copy labels and markings;
(D) identifying distinct lot and serial codes on external packaging;
(E) radio frequency identification embedded into high-value parts;
(F) physical destruction of all defective, damaged, and sub-standard parts that are by-products of the manufacturing process;
(G) testing certifications;
(H) maintenance of procedures for handling any counterfeit parts that slip through;
(I) maintenance of secure facilities to prevent unauthorized access to proprietary information; and
maintenance of product return, buy back, and inventory control practices that limit counterfeiting.
(d) Report to Congress
(Pub. L. 111–267, title XII, § 1206, Oct. 11, 2010, 124 Stat. 2843.)
§ 18445. Information security
(a) Monitoring risk
(1) Update on system implementation
Not later than 120 days after October 11, 2010, and on a biennial basis thereafter, the chief information officer of NASA, in coordination with other national security agencies, shall provide to the appropriate committees of Congress—
(A) an update on efforts to implement a system to provide dynamic, comprehensive, real-time information regarding risk of unauthorized remote, proximity, and insider use or access, for all information infrastructure under the responsibility of the chief information officer, and mission-related networks, including contractor networks;
(B) an assessment of whether the system has demonstrably and quantifiably reduced network risk compared to alternative methods of measuring security; and
(C) an assessment of the progress that each center and facility has made toward implementing the system.
(2) Existing assessments
(b) Information security awareness and education
(1) In general
(2) Program requirements
(A) The program shall include, at a minimum, ongoing classified and unclassified threat-based briefings, and automated exercises and examinations that simulate common attack techniques.
(B) All agency employees and contractors engaged in the operation or use of agency information infrastructure shall participate in the program.
(C) Access to NASA information infrastructure shall only be granted to operators and users who regularly satisfy the requirements of the program.
(D) The chief human capital officer of NASA, in consultation with the chief information officer, shall create a system to reward operators and users of agency information infrastructure for continuous high achievement in the program.
(c) Information infrastructure defined
(Pub. L. 111–267, title XII, § 1207, Oct. 11, 2010, 124 Stat. 2844.)