The SMCE has a NASA Authorization to Operate (ATO) at a FISMA-low rating. The SMCE reduces the overall risk of susceptibility and threats by ensuring NASA-compatible security requirements are followed through the following:
- SMCE teams inside and outside of NASA have access to security-compliant platform that’s outside the NASA firewall.
- The system manages established NASA security procedures in background.
- There’s no need to set new security parameters with each instance. All secure functionality is built in at every step.
- Low - No ITAR or SBU
- Role-based model - user permission are base on the required functions
- Scanning (Nessus) – project machines and management SW weekly, image templates monthly
- Projects review scan reports and patch - Projects patch their own machines, SMCE patches management software and image templates
- Backups - Projects backup their own machines, SMCE backs up image templates weekly
- Splunk logs user activity; continuous real-time alerts; weekly log reports to projects; monthly log reviews