- NOAA IT Security Office
- About Us
- Contact
- NOAA IT Security Officers
- NOAA Computer Incident Response Team
- N-CIRT—What is it? [Documents]
- Watches & Warnings
- Reporting an Incident [Form 47-43]
- N-CIRT TechNotes
- Configuration Guidelines
- Warning Banners
- Web Resources
- NOAA Security Operations Center
- NOAA SOC—What is it?
- IT Security Program
- News
- Protecting PII
- HSPD-12 information
- Policies, Regulations, & Laws
- C&A Working Group Resources
- Action Items & Due Dates
- IT Security Committee
- IT Security Software Downloads
- Antivirus Software
- TEA—Training, Education, & Awareness
- 2010 IT Security Day
- IT Security Awareness Course
- Other TEA
IT Security Program Mission
The National Oceanic and Atmospheric Administration (NOAA) has established and implemented an Information Technology (IT) Security Program which provides reasonable and acceptable assurance that IT systems are performing as specified; that information is provided adequate protection; that data and software integrity is maintained; and, that unplanned disruptions of processing will not seriously impact mission accomplishment.
The NOAA IT Security Program implements policies, standards, and procedures which are consistent with government-wide laws and regulations, to assure an adequate level of protection for IT systems whether maintained in-house or commercially. The "Computer Security Act of 1987," Public Law 100-235 and Office of Management and Budget (OMB) Circular A-130 require all federal agencies to plan for the security of all IT systems throughout their life cycle. OMB Circular A-130 also establishes a minimum set of controls to be included in Federal IT security programs. The circular directs agencies to assure:
- That IT systems operate effectively and accurately;
- That there are appropriate technical, personnel, administrative, physical, environmental, and telecommunications safeguards in IT systems;
- That the continuity of the operations of IT systems that support critical agency functions is preserved.
The Government Information Security Reform Act (GISRA), Title X, subtitle G, of P.L. 106-398, addresses the program management and evaluation aspects of IT security.
NOAA IT Security Program policies represent management's commitment to assuring confidentiality, integrity, availability and control of NOAA's IT resources.
NOAA established a formal incident response capability named the NOAA Computer Incident Response Team (N-CIRT) in 1999. The N-CIRT operational duties include incident response, sharing of common vulnerabilities to the NOAA community, training on proper configurations for security, etc. The N-CIRT coordinates incident response and is responsible for acting as a source of expertise and information regarding vulnerabilities and responses to them, as pertains to the NOAA environment.
This page provides information, tools, and documents used to support the NOAA IT Security Office.
Send suggestions or comments to: NCIRT@noaa.gov
