NASA
Automated Information Systems
Security Engineering Team
ASET
Mission Operations Directorate
ASET Charter
The Automated Information Systems, (AIS), Security Engineering Team (ASET) is comprised of an aerospace multi-contractor team, managed by the prime contractor, Rockwell Space Operations Company (RSOC), and reporting to the Mission Operations Directorate's (MOD), Computer Security Official (CSO).
The purpose of ASET is to provide MOD with information pertaining to security (technology infusion), and threats against MOD from hostile connections.
The AIS Security Engineering Team is comprised of members from the following aerospace companies:
Rockwell Space Operations Company (RSOC)
- UNISYS Government Systems
- Science Applications International Corporation (SAIC)
- AlliedSignal Technical Services Corporation
- Hernandez Engineering Incorporated
Members of the ASET maintain relations with national and international computer security standards groups, including NIST, the working group for the GSSP, as well as CISSP and (ISC)2 professional organizations.
Contact Bob Smock at this address for more information about scheduling ASET activities.
Penetration Testing
Expected to be operational by March of 1995, the Penetration Team will be called on to perform penetration testing of MOD computer systems and networks. They will provide briefings for the management of these target systems and networks. They will verify the presence and functionality of security controls and provide the necessary information to system administrators for securing their systems against future attacks. Current industry thought is that this type of testing is the best defense in the rapidly evolving cyber-threat from internet connections.
Several NASA sites have expressed an interest in joining forces, and expanding cooperation. A direct result may be cheaper training for those performing penetration testing, and coordination of activities with other centers.
Contact Ron Helsley at this address for more information about participating in workshops or scheduling a penetration test for Mission Operations Directorate facilities.
Information Systems Audit
Information Systems Auditing is used at the Johnson Space Center to validate the security control architecture implemented within a data processing installation (DPI) according to NASA MOD Policy. Information Systems Auditing is a requirement at Mission Operations Directorate. The frequency of Information Systems Audits are based on the sensitivity level assigned to the data processing installation.
The following items are subject to audit:
- Risk Analysis
- Risk Acceptance Decisions
- Sensitive Applications
- Disaster Recovery Planning
- Known vulnerabilities to specific platform/OS
- Physical facility security
Contact Ron Harris at this address for more information about Informations Systems Auditing at Mission Operations Directorate, Johnson Space Center, Houston, NASA.
Security Technology Infusion
The ASET, with sponsorship by NASA, provides a Computer Security Conference every 12 to 18 months. These conferences are held within the Johnson Space Center area, and are provided with the express purpose of infusing new technology into the aerospace community which services Mission Operations Directorate's computing resources.
Net Wisdom Pages
The ASET also provides the Net Wisdom Pages. A series of links to security topics ranging from port scanning & how to monitor for it or prevent it, to IP Sequence Spoofing and how to prevent it and monitor for it. These pages are a new addition as of 2-9-1995, and as such, are under construction.
Enjoy....
This file was last updated on Thursday, February 9th, 1995 at 2:30 p.m. Houston time.
This page is currently under construction, and may change daily. For comments or suggestions, please send email to me, John A. Morrison at:
morrison@killerbee.jsc.nasa.gov.
Net Wisdom Security Awareness Pages
- Security Technologies Rolodex
- Updates and Changes
- Back to JSC Homepage
- Back to NASA Homepage
morrison@killerbee.jsc.nasa.gov