// Security

The SMCE has a NASA Authorization to Operate (ATO) at a FISMA-low rating. The SMCE reduces the overall risk of susceptibility and threats by ensuring NASA-compatible security requirements are followed through the following:

  • SMCE teams inside and outside of NASA have access to security-compliant platform that’s outside the NASA firewall.
  • The system manages established NASA security procedures in background.
  • There’s no need to set new security parameters with each instance. All secure functionality is built in at every step.

Data Categorization

  • Low - No ITAR or SBU

Users

  • Role-based model - user permission are base on the required functions

Security Infrastructure

  • Scanning (Nessus) – project machines and management SW weekly, image templates monthly
  • Projects review scan reports and patch - Projects patch their own machines, SMCE patches management software and image templates
  • Backups - Projects backup their own machines, SMCE backs up image templates weekly
  • Splunk logs user activity; continuous real-time alerts; weekly log reports to projects; monthly log reviews