The work here is to confer with the Pleiades 'system owner', NASA Security and the systems Authorizing Official on specific security requirements for workflows that span MAAP/HECC. These persons role and identity is defined in the HECC security plan (e.g. pleiades). Collectively, they are responsible for determining the operating environment boundaries for the system, assessment of risks, making recommendations, and authorizing the continued operation of the system.
[x] Deliverable 3 - Brief NASA/ARC security on approach for R3 and respond to actions
[x] Deliverable 4 - Determine the need for an ISA and MOU in accordance with NIST SP 800-47 for R3
[x] Deliverable 5 - Absent an ISA/MOU defined by NIST SP 800-47, document approval of MAAP/HECC workflow by HECC system owner on R3 approach.
[x] Deliverable 6 - Inform JPL Dev team when the can start writing code to implement the approved HECC A&A approach.
NAS security made the recommendation that an MOU is likely required for multi-user interoperability with the MAAP project. Specifics are that some details on container configurations are needed and some (should be minor changes) may be asked for. Will create a separate item with George C on this issue.
The work here is to confer with the Pleiades 'system owner', NASA Security and the systems Authorizing Official on specific security requirements for workflows that span MAAP/HECC. These persons role and identity is defined in the HECC security plan (e.g. pleiades). Collectively, they are responsible for determining the operating environment boundaries for the system, assessment of risks, making recommendations, and authorizing the continued operation of the system.
Definition of Done:
NAS security made the recommendation that an MOU is likely required for multi-user interoperability with the MAAP project. Specifics are that some details on container configurations are needed and some (should be minor changes) may be asked for. Will create a separate item with George C on this issue.