National Oceanic and Atmospheric Administration, United States Department of Commerce

IT Security Program Mission

The National Oceanic and Atmospheric Administration (NOAA) has established and implemented an Information Technology (IT) Security Program which provides reasonable and acceptable assurance that IT systems are performing as specified; that information is provided adequate protection; that data and software integrity is maintained; and, that unplanned disruptions of processing will not seriously impact mission accomplishment.

The NOAA IT Security Program implements policies, standards, and procedures which are consistent with government-wide laws and regulations, to assure an adequate level of protection for IT systems whether maintained in-house or commercially. Office of Management and Budget (OMB) Circular A-130 requires all federal agencies to plan for the security of all IT systems throughout their life cycle. OMB Circular A-130 also establishes a minimum set of controls to be included in Federal IT security programs. The circular directs agencies to assure:

  • That IT systems operate effectively and accurately;
  • That there are appropriate technical, personnel, administrative, physical, environmental, and telecommunications safeguards in IT systems;
  • That the continuity of the operations of IT systems that support critical agency functions is preserved.

On December 17th, 2002 the President signed into law the E-Government Act (P.L. 107-347) with includes Title III, the Federal Information Security Management Act (FISMA), replacing and transitioning from the Government Information Security Reform Act (GISRA). FISMA permenently reauthorizes the framework set forth in GISRA, to addresses the program management and evaluation aspects of IT security and strengthen the minimum standards for agency systems.

NOAA IT Security Program policies represent management's commitment to assuring confidentiality, integrity, availability and control of NOAA's IT resources.

NOAA established a formal incident response capability named the NOAA Computer Incident Response Team (N-CIRT) in 1999. The N-CIRT operational duties include incident response, sharing of common vulnerabilities to the NOAA community, training on proper configurations for security, etc. The N-CIRT coordinates incident response and is responsible for acting as a source of expertise and information regarding vulnerabilities and responses to them, as pertains to the NOAA environment.

IT Security Awareness Training

NOAA IT Security Awareness Training must be completed annually. The IT Security Awareness Training can be found at IT Security Awareness Course. In order to continue to use NOAA computing resources, users are REQUIRED to complete the course by July 30, 2016.

This page provides information, tools, and documents used to support the NOAA Cyber Security Division.

If you are involved or suspect you are involved in an IT security related incident, please follow the steps outlined on this page: NOAA Computer Incident Response Team

Valid XHTML 1.0 Strict
Document last modified 2016-10-31 17:48:56 +0000