From: NASA Office of the Chief Information Officer
Posted: Wednesday, April 8, 2020
April 8, 2020
All NASA Personnel
NASA’s Authorized Internal and External Collaboration Tools
The NASA CIO has worked for the past several years to establish a consistent and modern set of tools to support both internal and external collaboration. While there is still work to do to support some of the more complex use-cases, such as sharing sensitive data with foreign partners, many others are met through Agency approved collaboration tools. A site has been established, with current approved collaboration resources, here: https://nasa.sharepoint.
Anyone with collaboration needs that are not met by Agency authorized collaboration tools is encouraged to work with their Center CIO to identify alternative solutions. Agency CIO list (best viewed with Edge or Chrome): https://inside.nasa.
Authorized NASA Collaboration Tools have been licensed, vetted, reviewed by NASA IT Security, and are managed or procured directly by NASA. Utilizing publicly available tools, such as those listed on the Unapproved Tools site, may expose NASA data, systems, and personnel to risks and can create a breach of NASA’s IT Security posture. If a tool is not listed, it is not authorized for NASA use.
Moreover, use of publicly-available, unauthorized tools on NASA devices introduces potential risk to NASA including:
· External sharing and storing of sensitive data, especially with unauthorized cloud services that may allow outside access.
· Enabling targeted phishing attempts or malware attacks through embedded advertisements and code.
· Sharing of personal information with other sites and applications.
· Interference with applying updates and security patches.
· Allowing access to more information on the device or network than intended.
· Downloading unexpected extra features, creating additional vulnerabilities.
Use only NASA-authorized Collaboration Tools. Immediately uninstall and delete unauthorized Collaboration Tools from your NASA-authorized smartphones, tablets, and computers. Please refer to https://approvedtools.nasa.
Specifically, we are fielding many questions about Zoom. Please keep in mind the following:
· Zoom is not licensed nor authorized for use by NASA employees and contractors, and is not allowed on NASA IT devices. This includes all Government Furnished Equipment (GFE) or contractor-provided equipment, or any device that connects to the NASA network or VPN. This includes desktops, laptops and mobile devices (smartphones and tablets). View alternatives for Zoom here: https://nasa.sharepoint.
· NASA employees and contractors may not initiate or host a Zoom meeting. There are several approved virtual meeting tools that are authorized and that allow external parties to participate.
· If an external partner invites a NASA employee or contractor to use Zoom, NASA employees and contractors can participate, andonly the browser-based web interface is authorized. Do not download the Zoom app on your NASA device.
· When participating in an externally-hosted Zoom meeting, you may not discuss or share SBU information, or collaborate using SBU data.
A NASA-authorized alternative to Zoom is Microsoft Teams. WebEx is also an approved tool for collaborative meetings involving external participants.External partners and users can join Teams and WebEx meetings, if they are invited by the meeting host, with capabilities that include audio, video and screen sharing. Check out data-sharing FAQs on the Agency O365 site here: https://nasa.
· Visit this NASA Collaboration Site for frequently asked questions, and how to use authorized collaboration tools for successful telecommuting: https://nasa.
· Familiarize yourself with the list of NASA authorized tools here: https://approvedtools.
Enterprise Service Desk (ESD) online at https://esd.nasa.gov, or by phone at 1-877-677-2123, Option 2.
For questions or to report any suspicious IT Security incidents, please contact NASA’s Security Operations Center (SOC) available 24x7 via phone: 1-877-627-2732 (877-NASA-SEC), or email firstname.lastname@example.org.
This notice was sent by the Office of the Chief Information Officer.
// end //