Page:United States Statutes at Large Volume 122.djvu/4829

 12 2 STA T .4806PUBLIC LA W 110 – 422 —O CT. 1 5, 2008 rescu ere q u i re m e nt s f r o mt h e time the commerci alp ro v i d er com - mences operations under contract w ith NAS A throu g h calendar y ear 2016, with an option to e x tend the period of performance through calendar year 2020 .TI T LEX—R E V IT A LI Z ATI ON O F NA S A INSTIT U TIONAL C A P A B ILITIES SEC.10 01. R E VI E WOF I N FOR MAT ION SEC U RIT Y CONTRO L S. ( a )REPORT O NC ONTRO LS . — Not later than one year after the date of enactment of this Act, the Comptroller G eneral shall transmit to the Committee on Science and T echnology of the H ouse of Representatives and the Committee on Commerce, Science, and Transportation of the Senate a review of information security con- trols that protect NASA ’ s information technology resources and information from inadvertent or deli b erate misuse, fraudulent use, disclosure, modification, or destruction. The review shall focus on networ k s servicing NASA’s mission directorates. I n assessing these controls, the review shall evaluate— (1) the network’s ability to limit, detect, and monitor access to resources and information, thereby safeguarding and pro- tecting them from unauthori z ed access (2) the physical access to network resources; and ( 3 ) the extent to which sensitive research and mission data is encrypted. (b) RESTR IC TE D REPORT ON INTR U SIONS.—Not later than one year after the date of enactment of this Act, and in con j unction with the report described in subsection (a), the Comptroller General shall transmit to the Committee on Science and Technology of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate a restricted report detailing results of vulnerability assessments conducted by the Government Accountability O ffice on NASA’s network resources. Intrusion attempts during such vulnerability assessments shall be divulged to NASA senior management prior to their application. The report shall put vulnerability assessment results in the context of unauthorized accesses or attempts during the prior two years and the corrective actions, recent or ongoing, that NASA has imple- mented in conjunction with other F ederal authorities to prevent such intrusions. SEC. 100 2 . MAINTENANCE AN D U PG RADE OF CENTER FACILITIES. (a) IN GENER A L.—In order to sustain healthy Centers that are capable of carrying out NASA’s missions, the Administrator shall ensure that adequate maintenance and upgrading of those Center facilities is performed on a regular basis. (b) RE V IE W .—The Administrator shall determine and prioritize the maintenance and upgrade backlog at each of NASA’s Centers and associated facilities, and shall develop a strategy and budget plan to reduce that maintenance and upgrade backlog by 5 0 percent over the next five years. (c) REPORT.—The Administrator shall deliver a report to Con- gress on the results of the activities undertaken in subsection (b) concurrently with the delivery of the fiscal year 2011 budget request. Stra t egy.Bud get pl a n . 42U S C178 11.

�