Wi-Fi Display Technical Specification V1.0.0
a. It is NASA policy to:(1) Permit limited acceptable personal use of NASA Government-furnished property (GFP), information technology (IT) equipment, services, and resources (hereinafter referred to as NASA IT) for non-government purposes, when such use does not overburden any of the Agency's IT services and resources and when access to these IT services and resources does not interfere with official Government business. GFP includes NASA assets, including all devices and equipment. The intent of limited acceptable personal use is to provide a professional and supportive work environment while meeting taxpayer expectations that tax dollars be spent wisely. Acceptable personal use is limited to use that incurs no more than minimal additional expense to the Government in areas such as: communications infrastructure costs; use of consumables in limited amounts; general wear and tear on property; minimal data storage on storage devices; and minimal impacts on NASA IT systems.(2) Permit limited acceptable personal use of NASA GFP, IT equipment, services, and resources to individuals during the non-duty time of reasonable duration and frequency of use, including during official work breaks, and when the use does not:(a) adversely affect the performance of official duties; (b) result in the loss of an individual's productivity; (c) pose a cybersecurity risk;(d) violate applicable laws and regulations; or(e) interfere with the official business or mission of NASA.(3) Not allow NASA equipment to be used to download illegal, inappropriate, or unauthorized content and untrusted, unapproved, or malicious software applications or services. Use of NASA IT is prohibited for commercial purposes, "for-profit" and "non-profit" activities, or in support of outside employment or business activity.(4) Maintain that individuals have no expectation of privacy while using any NASA IT at any time, including, but not limited to accessing the Internet, proxy-bypass services, or e-mail. Users have no expectation of privacy even during limited periods of personal use. They have no expectation of privacy even when using personal equipment, services, and applications while connected to NASA GFP, IT equipment, or services.(5) Maintain that non-compliance or unauthorized or improper use of NASA IT may result in the suspension or revocation of access to NASA products, networks and services, disciplinary action, as well as civil and criminal penalties. Unauthorized and improper use is defined in Attachment C.(6) Maintain that Authorizing Officials (AOs) for mission systems may impose stricter security controls, user privacy controls, and restrict applications for their systems due to mission criticality or unique mission requirements.(7) Maintain that the privilege to use NASA GFP, IT equipment, services, and resources for non-government purposes may be revoked or limited at any time by Federal or Agency officials. NASA Centers and contractors may invoke stricter policies or implementing guidance.2. APPLICABILITY a. This directive applies to NASA Headquarters and all NASA Centers, including Component Facilities and Technical and Service Support Centers. For purposes of this directive, NASA Headquarters is treated as a Center. Further, all stipulated Center requirements apply to NASA Headquarters.b. This directive applies to contractors, recipients of grants, cooperative agreements, or other agreements only to the extent specified or referenced in the contracts, grants, or agreements. This directive is applicable to the Jet Propulsion Laboratory (JPL), a Federally Funded Research and Development Center (FFRDC), only to the extent specified in the NASA/Caltech Prime Contract.c. This directive applies to all unclassified NASA information and NASA information systems, including those that are contracted out, outsourced to, or operated by:(1) Government-owned, contractor-operated (GOCO) facilities;(2) partners under the National Aeronautics and Space Act; 51 U.S.C. 20101, et seq;(3) partners under the Commercial Space Launch Act, as amended, 51 U.S.C. 50913;(4) partners under cooperative agreements; or(5) commercial or university facilities.d. In this directive, all mandatory actions (i.e., requirements) are denoted by statements containing the term "shall." The terms "may" or "can" denote discretionary privilege or permission, "should" denotes a good practice and is recommended, but not required, "will" denotes expected outcome, and "are/is" denotes descriptive material.e. This directive applies to NASA IT User acceptable use of NASA GFP, approved non-GFP, NASA IT, and personally owned IT devices (including Internet of Things (IoT) devices) when connected to NASA GFP, IT equipment, services, resources, and NASA data. Additional policies and procedures on contractor-accountable, NASA-owned, and Center-accountable property can be found in Federal Acquisition Regulation (FAR), Government Property, 48 CFR pt. 45; NASA FAR Supplement, Government Property, 48 CFR 1800, pt. 1845; and the terms and conditions of individual contracts.f. In this directive, all document citations are presumed to be the latest version unless otherwise noted.3. AUTHORITY a. Federal Information Security Modernization Act of 2014, 44 U.S.C. 3551.b. Federal Information Processing Standards Publication 200, Minimum Security Requirements for Federal Information and Information Systems.4. APPLICABILITY DOCUMENTS AND FORMS a. NPD 2810.1, NASA Information Security Policy.b. NPR 1382.1, NASA Privacy Procedural Requirements.c. NPR 2810.2, Possession and Use of NASA Information and Information Systems Outside of the United States and United States Territories.d. ITS-HBK-SCRM.2810.v1.0.0, Information & Communications Technology Supply Chain Risk Management.e. NASA Advisory Implementing Instruction 1050-3B, NASA Partnerships Guide.5. RESPONSIBILITY a. The Office of the Chief Information Officer (OCIO) shall:(1) Implement, manage, and maintain this directive, and ensure this policy is disseminated to all NASA IT Users.(2) Ensure sufficient controls at the Agency level and procedures for NASA IT Users' awareness of proper personal use of GFP and non-GFP (including personally owned devices) when connected to NASA networks, IT equipment, and services and are responsible for developing cost-effective controls for monitoring or preventing abnormal or inappropriate use. GFP controls include blocking of inappropriate websites and phone numbers, flagging abnormal long distance or other phone charges, and monitoring network traffic for suspicious traffic or inappropriate use (see Attachment C.2 for definition).b. Information System Owners (ISOs) shall:(1) Ensure that current NASA interns, partners, grantees, and other users covered under Space Act Agreements or other official NASA agreements are knowledgeable of Federal and Agency policy before using U.S. Government property, data, and services.(2) Authorize limited installation of software necessary for mission functions with the documented approval of the system AO.(3) Ensure that software authorized per 5.b(2) above:(a) meets supply chain requirements identified in ITS-HBK-SCRM.2810.v1.0.0, Information & Communications Technology Supply Chain Risk Management;(b) is licensed for NASA use; and(c) is obtained from a safe and authorized source per the procedures described in ITS-HBK-SCRM.2810.v1.0.0.(4) Request the minimum software installation necessary for mission functions, in coordination with the Center IT Asset Manager (ITAM). A list of ITAMs is available at: Current NASA interns, partners, grantees, and other users covered by Space Act Agreements or other official NASA agreements may use NASA GFP, IT equipment and services consistent with their agreements if explicitly authorized by the applicable ISO.d. Contracting Officers, as defined in Federal Acquisition Regulation 2.101, or Agreement Managers, as defined in NASA Advisory Implementing Instruction 1050-3B, NASA Partnerships Guide, shall:(1) Ensure that contractors are informed on the uses of Government IT resources, approved/authorized non-GFP, and personally owned devices as a part of the introductory IT security training, orientation, or the implementation of this policy as part of a NASA contract.(2) Ensure that contractors address allowable use of Government IT resources in System Security Plans, IT Security Plans, and IT Security Management Plans.(3) Ensure contractors who process, store, or transmit NASA information on approved/authorized non-GFP or personally owned devices, IT equipment, software, and media do so only when the contract under which they perform specifically establishes terms and conditions for such use, that necessary approvals have been obtained, and that the contractor otherwise meets and complies with NASA security standards and policy.e. Supervisors shall:(1) Permit the allowable use of NASA IT equipment, services, and resources.(2) Pursue sanctions for misuse of NASA IT, including potential disciplinary action.(3) Ensure NASA IT Users taking NASA IT equipment outside the U.S., whether on official or personal travel, meet the requirements in accordance with NPR 2810.2, Possession and Use of NASA Information and Information Systems Outside of the United States and United States Territories.(4) Ensure NASA IT Users taking NASA IT equipment outside of the U.S. have export authorization, which includes validation of official work requirement for the employee or contractor that necessitates exporting GFP or IT equipment in support of Government business.f. NASA IT Users shall:(1) Comply with the requirements regarding personal use of NASA IT equipment, services, and resources and the Rules of Behavior for U.S. Government property, data, and services as outlined here and in Attachments C (Specific Provisions) and G (Rules of Behavior) to this directive.(2) Have no expectation of privacy whether using NASA GFP or Non-GFP (employee's own personally supplied property), including, but not limited to, Internet access, proxy-bypass services, or e-mail, even during limited periods of personal use.(3) Ensure that the personal use is consistent with Standards of Ethical Conduct for Employees of the Executive Branch, 5 CFR pt. 2635, if civil servants. (4) Conduct themselves professionally in the workplace and not use NASA IT for activities that are inappropriate or illegal (see Attachment C.2).(5) Ensure that the personal use of NASA IT does not create the appearance of acting in an official capacity or that NASA endorses or sanctions any personal activities.(6) Separate official and personal communications to ensure all official communications are identified and conducted to comply with applicable law, regulation, and policy.(7) When using NASA IT, use social media responsibly, safely, and judiciously, whether in an official capacity or for personal use, to protect mission objectives, information assets, program integrity, data, and NASA's reputation.(8) Not alter or change in any way configurations for NASA IT in a manner that does not adhere to NASA policy, specifications, or standards.(9) Not use NASA IT to download illegal, inappropriate, or unauthorized content or untrusted, unapproved, or malicious software applications or services.(10) Not use NASA IT for commercial purposes, "for profit" and "non- profit" activities, or for outside employment or business activity, such as a sole proprietorship.(11) Not download, copy, or install unapproved or unauthorized software applications or data programs onto NASA IT or NASA-approved and authorized networks and devices, including, but not limited to:(a) Screen savers.(b) Computer games.(c) Personal financial management software. (d) Tax preparation software.(e) Free, test, trial, or demo software. (f) "Push" technology applications.(g) Network monitoring software.(h) Video-conferencing software.(i) Virtual machines.(12) Not engage in prohibited activities on NASA IT or NASA-approved and authorized networks and devices, including, but not limited to:(a) Peer-to-peer (P2P) file sharing.(b) Online file storage using services not explicitly authorized by NASA. (c) Online gaming or gambling.(d) Cryptocurrency-mining.(e) Installing, viewing, or accessing the following types of software or websites:(i) Pornographic, sexually explicit, or sexually oriented materials.(ii) Personal services websites, such as dating services where a user registers NASA credentials creating an appearance that the user is acting in an official capacity or with NASA's endorsement.(iii) Hacking-related websites or sites which expose NASA to unacceptable security risk regardless of the known or potential security risks or lack thereof.(iv) Proxy-bypass services, or services of similar capabilities. See Attachment E.(v) Unauthorized remote access sites, software, or services of similar capabilities. See Attachment E.(13) Not install software created or maintained by companies banned by the Federal Government on NASA IT, services or resources, or on any system storing, transmitting, or processing NASA data. See Attachment F.(14) Not connect by any method equipment manufactured by companies banned by the Federal Government to NASA IT, services or resources, or on any system storing, transmitting, or processing NASA data. See Attachment F.(15) Not use equipment manufactured by companies banned by the Federal Government for any Government or non-government business use including but not limited to hardware, telecommunications, data storage, data processing, or video or voice communications. Federal Government has banned the equipment of the following companies that manufacture them: 1. Telecommunications equipment produced by Huawei Technologies Company, including telecommunications or video surveillance services provided by such entity or using such equipment.2. Telecommunications equipment produced by ZTE Corporation, including telecommunications or video surveillance services provided by such entity or using such equipment.3. Video surveillance and telecommunications equipment produced by Hytera Communications Corporation, to the extent it is used for the purpose of public safety, security of Government facilities, physical security surveillance of critical infrastructure, and other national security purposes, including telecommunications or video surveillance services provided by such entity or using such equipment.4. Video surveillance and telecommunications equipment produced by Hangzhou Hikvision Digital Technology Company, to the extent it is used for the purpose of public safety, security of Government facilities, physical security surveillance of critical infrastructure, and other national security purposes, including telecommunications or video surveillance services provided by such entity or using such equipment.5. Video surveillance and telecommunications equipment produced by Dahua Technology Company, to the extent it is used for the purpose of public safety, security of Government facilities, physical security surveillance of critical infrastructure, and other national security purposes, including telecommunications or video surveillance services provided by such entity or using such equipment.6. Information security products, solutions, and services supplied, directly or indirectly, by AO Kaspersky Lab or any of its predecessors, successors, parents, subsidiaries, or affiliates.7. International telecommunications services provided by China Mobile International USA Inc., subject to section 214 of the Communications Act of 1934.8. Telecommunications services provided by China Telecom (Americas) Corp. subject to section 214 of the Communications Act of 1934.9. Detailed and updated information can be found at This prohibition applies to:(a) All business uses and infrastructure, including those not tied to Government or its data.(b) Any and all Bring Your Own Device (BYOD) programs, meaning all banned equipment cannot participate in any contractor BYOD programs.(c) All contractor's IT equipment, services, or resources including corporate, visitor, test, stage, production, stand-alone; prohibited telecommunications equipment cannot connect to any contractor-owned, managed, or out-sourced network or system.(d) Connecting any contractor IT equipment, services, or resources to any equipment, personally owned or otherwise, that uses or is equipment banned by the Federal Government.(16) Not connect any personal device, used wholly and entirely for personal use, to NASA network when they are on the premises of a NASA Center, facility, campus, or any type of NASA property. (17) Access the NASA Visitor Network only:(a) for non-NASA purposes;(b) using NASA Domain Name System (DNS) servers; and(c) using Hypertext Transfer Protocol (HTTP) over Transport Layer Security (HTTPS).(18) Not access the NASA Visitor Network using NASA IT.(19) Not use personally owned equipment to access NASA IT, except as explicitly authorized by the NASA CIO. See Attachment C.(20) Not connect unauthorized non-NASA devices to NASA IT via Universal Serial Bus (USB), Bluetooth, or any other connection methods.(21) Not connect NASA IT via any method to any non-NASA IT that provides data storage, including, but not limited to USB or "thumb drive" external storage devices, external hard drives, smartphones, tablets, and cameras.(22) Notwithstanding f(20) above, connect NASA IT assigned to them to the following acceptable personally owned non-NASA devices through wired or wireless connections, when conducting Government business remotely and if such equipment is not manufactured by companies banned by the Federal Government (see Attachment F).(a) A personally owned monitor.(b) A personally owned keyboard.(c) A personally owned mouse.(d) A personally owned scanner.(e) A personally owned printer.(f) A personally owned home network router.(g) A personally owned headset or hands-free audio device.(h) Personally owned headphones.(i) A personally owned webcam.(23) Remove NASA IT from the workplace for official business only.(24) Use NASA IT equipment outside of the workplace for official business and ensure that the equipment:(a) remains in their custody;(b) is handled and maintained properly, and (c) is returned in good condition.(25) Notify their supervisor, the NASA Security Operations Center at soc@nasa.gov or 877-NASASEC (877-627-2732), and their respective Center Physical Security office immediately when NASA IT is lost, stolen, or damaged.(26) Users of JPL FFRDC NASA IT shall report incidents to the JPL Security Operations Center (SOC) according to local user guidance agreed to between NASA and the contractor operating the JPL FFRDC.6. DELEGATION OF AUTHORITY None.7. MEASUREMENT/VERIFICATION ISOs may access any electronic communications conducted via NASA IT and services and employ monitoring tools to detect improper use. ISOs or their designees determine, implement, ensure, and document compliance by applying a verification approach tailored to meet the requirements of this directive. The Office of Protective Services conducts functional reviews, spot checks, and inspections to review compliance and implementation. The ISO has enterprise tools on their systems to detect unauthorized access. 8. CANCELLATION NPD 2540.1I, Personal Use of Government Office Equipment Including Information Technology, August 19, 2019.NID 2540.138, Acceptable Use of Government Furnished Information Technology Equipment, Services and Resources, August 18, 2021./s/ Bill NelsonAdministrator ATTACHMENT A: DefinitionsAuthorization to Operate (ATO) - the formal acceptance, by an AO, that the security of an information system's operation is commensurate with the risk and magnitude of harm resulting from a compromise of that system's confidentiality, integrity, and availability.Authorizing Official (AO) - a senior Federal official or executive with the authority to authorize (i.e., assume responsibility for) the operat