NOAA Cyber Security Division - About Us
- Contact
- NOAA Cyber Security Division Officers
- NOAA Computer Incident Response Team
- N-CIRT—What is it? [Documents]
- Watches & Warnings
- OPM Security Breach
- Reporting an Incident [Form 47-43]
- Physical Evidence Collection/Release Form
- N-CIRT TechNotes
- Configuration Guidelines
- Warning Banners
- Web Resources
- NIRRA
- NOAA0100
- Documentation
- NOAA Cyber Security Center All Hands Survey
- NOAA Security Operations Center
- Top 10 Phishing Campaigns
- NOAA SOC—What is it?
- Cyber Security Division
- News:
- Protecting PII
- HSPD-12 information
- Policies, Regulations, & Laws
- C&A Working Group Resources
- Tenable Security Center Information
- IT Security Committee
- IT Security Conference
- IT Security Software Downloads
- Antivirus Software
- TEA—Training, Education, & Awareness
- IT Security Awareness Course
- Other TEA
IT Security Program Mission
The National Oceanic and Atmospheric Administration (NOAA) has established and implemented an Information Technology (IT) Security Program which provides reasonable and acceptable assurance that IT systems are performing as specified; that information is provided adequate protection; that data and software integrity is maintained; and, that unplanned disruptions of processing will not seriously impact mission accomplishment.
The NOAA IT Security Program implements policies, standards, and procedures which are consistent with government-wide laws and regulations, to assure an adequate level of protection for IT systems whether maintained in-house or commercially. Office of Management and Budget (OMB) Circular A-130 requires all federal agencies to plan for the security of all IT systems throughout their life cycle. OMB Circular A-130 also establishes a minimum set of controls to be included in Federal IT security programs. The circular directs agencies to assure:
- That IT systems operate effectively and accurately;
- That there are appropriate technical, personnel, administrative, physical, environmental, and telecommunications safeguards in IT systems;
- That the continuity of the operations of IT systems that support critical agency functions is preserved.
On December 17th, 2002 the President signed into law the E-Government Act (P.L. 107-347) with includes Title III, the Federal Information Security Management Act (FISMA), replacing and transitioning from the Government Information Security Reform Act (GISRA). FISMA permenently reauthorizes the framework set forth in GISRA, to addresses the program management and evaluation aspects of IT security and strengthen the minimum standards for agency systems.
NOAA IT Security Program policies represent management's commitment to assuring confidentiality, integrity, availability and control of NOAA's IT resources.
NOAA established a formal incident response capability named the NOAA Computer Incident Response Team (N-CIRT) in 1999. The N-CIRT operational duties include incident response, sharing of common vulnerabilities to the NOAA community, training on proper configurations for security, etc. The N-CIRT coordinates incident response and is responsible for acting as a source of expertise and information regarding vulnerabilities and responses to them, as pertains to the NOAA environment.
IT Security Awareness Training
NOAA IT Security Awareness Training must be completed annually. The IT Security Awareness Training can be found at IT Security Awareness Course. In order to continue to use NOAA computing resources, users are REQUIRED to complete the course by July 30, 2016.
This page provides information, tools, and documents used to support the NOAA Cyber Security Division.
If you are involved or suspect you are involved in an IT security related incident, please follow the steps outlined on this page: NOAA Computer Incident Response Team
