Security
The SMCE has a NASA Authorization to Operate (ATO) at a FISMA-low rating. The SMCE reduces the overall risk of susceptibility and threats by ensuring NASA-compatible security requirements are followed through the following:
- SMCE teams inside and outside of NASA have access to security-compliant platform that’s outside the NASA firewall.
- The system manages established NASA security procedures in background.
- There’s no need to set new security parameters with each instance. All secure functionality is built in at every step.
Data Categorization
- Low- No EAR or CUI
Users
- Role-based model – user permission are base on the required functions
Security Infrastructure
The SMCE team is responsible for the security of the cloud layer, while projects are responsible for the security of their running instances and applications. Some level of support for projects is available upon request.
- Scanning – project machines and management SW weekly, image templates monthly
- Projects review scan reports and patch – Projects patch their own operating systems/instances.
- Backups – Projects backup their own machines.
- Logging – user activity; continuous real-time alerts; weekly log reports to projects; monthly log reviews.