1、NASA-STD-2804 FY 2014 MINIMUM INTEROPERABILITY SOFTWARE SUITE Approved September 10, 2013 NASA TECHNICAL STANDARD Document History Log Status Document Revision Approval Date Description Informal Draft 0.1 06/25/2013 Draft Release Formal Draft 0.2 07/30/2013 Draft Release Final Draft 0.3 08/30/2013 F
2、inal Draft Version Baseline 1.0 09/10/2013 Approved Version Table of Contents FOREWORD 1 SCOPE 1.1 Purpose 1.2 Applicability 1.3 Waivers 2 ACRONYMS AND DEFINITIONS 2.1 Acronyms 2.2 Definitions 3 DETAILED REQUIREMENTS 3.1 Architectural Compliance Requirements 3.2 Security for NASA systems 3.3 Agency
3、Security Configuration Standards 3.4 Client Reference Configurations 3.4.1 Client Reference Configuration for Windows 7 3.4.2 Client Reference Configuration for Windows 8 3.4.3 Client Reference Configuration for Mac OS X 10.7 3.4.4 Client Reference Configuration for Mac OS X 10.8 3.4.5 Client Refere
4、nce Configuration for Linux 3.4.6 Client Reference Configuration for Mobile Computing Systems 3.4.7 Table of Optional Software for Mobile Computing Systems 3.5 Operating System Standards, Timelines, and Compliance Dates 3.5.1 Microsoft Windows 3.5.2 Apple OS X 3.5.3 Linux 3.5.4 UNIX 3.6 Additional C
5、lient Reference Configuration Guidance Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,- 3.6.1 Office Automation Applications 3.6.2 Electronic Messaging 3.6.3 Web Browsers 3.6.4 System Configuration Reporting and Patch Management 3.6.5 Data Encryption
6、 3.7 ICAM Device Integration Configuration Requirements 3.7.2 NASA Client Trust Reference 3.8 Electronic forms 3.9 Section 508 Compliance Requirements 3.10 FIPS 140-2 Compliance Requirements 3.11 Wireless Requirements 3.12 Internet Protocol version 6 (IPv6) Requirements 3.13 Energy Management 3.14 V
7、irtualization 3.15 Password Management Tool 4 ADDITIONAL SOFTWARE TABLES 4.1 Optional Software 4.2 Agency Required Software 5 REVIEW AND REPORTING REQUIREMENTS 6 DURATION 7 SUPPORTING DOCUMENTS FOREWORD This Standard is approved for use by NASA Headquarters and all NASA centers and is intended to pr
8、ovide a common framework for consistent practices across NASA programs. The material covered in this Standard is governed and approved by the NASA Information Technology Management Board. Its purpose is to define the baseline software suite necessary to support interoperability both between NASA end
9、 user computers and within the NASA operating environment. The Standard establishes Client Reference Configurations, Operating System Standards, and Compliance Dates for computers running Microsoft Windows, Apple OS X, and various Linux and UNIX operating systems. Adherence to this Standard ensures
10、compliance with Federal requirements for desktop computers, laptops, and other end user devices. Requests for information, corrections, or additions to this Standard should be directed to the John H. Glenn Research Center at Lewis Field (GRC), Emerging Technology and Desktop Standards Group (ETADS),
11、 MS 142-4, Cleveland, OH, 44135 or to desktop-standardslists.nasa.gov. /signature on file/ Larry N. Sweet Chief Information Officer 1 SCOPE 1.1 Purpose Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-This Standard defines the baseline software suite
12、necessary to support interoperability both between NASA end user computers and within the NASA operating environment. The Standard establishes Client Reference Configurations, Operating System Standards, and Compliance Dates for Agency interoperability systems, including computers running Microsoft
13、Windows, Apple OS X, and various Linux and UNIX operating systems. Adherence to this Standard ensures compliance with Federal requirements for desktop computers, laptops, and other end user devices. 1.2 Applicability Center CIOs will ensure that all NASA employees at their respective centers have ac
14、cess to an interoperable system that is equipped with a minimum software suite that meets the standards listed in Section 3 below. The Client Reference Configuration (CRC) establishes required functionality and required products necessary to meet that functionality. Future procurements intended to a
15、ddress this functionality are restricted to the products defined in the CRC. Existing licenses for other products may not be renewed. Products will be added, replaced, or removed as appropriate to address Agency interoperability requirements. 1.3 Waivers This technical Standard is governed by Enterp
16、rise Architecture Function as defined in Section 1.2.1.3 of NPR 2800.1B Managing Information Technology. Adherence to this Standard ensures compliance with the future state architecture as described in NPR 2830.1 NASA Enterprise Architecture Procedures. The Emerging Technology and Desktop Standards
17、group, in cooperation with the End User Services Service Executive and the Chief Enterprise Architect, will evaluate and process waivers to this Standard as appropriate. Waiver requests will include: 1. the reason the waiver is required 2. justification for the waiver 3. a proposed date by which com
18、pliance with the standard will be met Waivers will be granted by the NASA CIO or at his/her discretion responsibility will be delegated to the Center or Mission Directorate CIO. 2 ACRONYMS AND DEFINITIONS 2.1 Acronyms ACES Agency Consolidated End-User Services ASCS Agency Security Configuration Stan
19、dards ASUS Agency Security Update Service CA Certificate Authority CIO Chief Information Officer CIS Center for Internet Security CRC Client Reference Configuration Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-CSS Cascading Style Sheets DAR Data a
20、t Rest (encryption) ESR Extended Support Release ETADS Emerging Technology and Desktop Standards FDCC Federal Desktop Core Configurations FIPS Federal Information Processing Standards FISMA Federal Information Security Management Act FPKI Federal Public Key Infrastructure GnuPG GNU Privacy Guard HTM
21、L HyperText Markup Language HTTP HyperText Transfer Protocol HTTPS HyperText Transfer Protocol Secure ICA Independent Computing Architecture ICAM Identity Credential and Access Management IDI ICAM Device Integration IE Internet Explorer IPv4 Internet Protocol version 4 IPv6 Internet Protocol version
22、 6 ISO International Standards Organization ITAR International Traffic in Arms Regulations IMAP Internet Message Access Protocol LTS Long-term Support MAPI Messaging Application Programming Interface MIME Multipurpose Internet Mail Extension NCTR NASA Client Trust Reference NEFS NASA Electronic Form
23、s System NFCE NASA Firefox Configuration Extension NIST National Institute of Standards and Technology NOCA NASA Operational Certificate Authority NOMAD NASA Operational Messaging and Directory Service NSS Network Security Services NTAM NASA Trust Anchor Management OASIS Organization for the Advance
24、ment of Structured Information Standards OCIO Office of the Chief Information Officer Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-OCS Microsoft Office Communications Server PDF Portable Document Format PII Personally Identifiable Information PIV
25、Personal Identity Verification PKI Public Key Infrastructure RFC Request for Comments RPC Remote Procedure Call SBU Sensitive But Unclassified SCAP Security Content Automation Protocol SFTP Secure File Transfer Protocol SHA Secure Hash Algorithm SIP Session Initiation Protocol SMTP Simple Mail Trans
26、port Protocol SSH Secure Shell Protocol SSL Secure Sockets Layer S/MIME Secure/Multipurpose Internet Mail Extensions TLS Transport Layer Security USGCB United States Government Configuration Baseline VPAT Voluntary Product Accessibility Templates W3C World Wide Web Consortium XHTML eXtensible HyperT
27、ext Markup Language XML Extensible Markup Language XMPP Extensible Messaging and Presence Protocol 2.2 Definitions 2.2.1 Basic Interoperability Interoperability is the ability to obtain consistent and deterministic results within a specific platform (operating system software, minimum hardware, requ
28、ired and optional software) as well as between platforms (Microsoft, OS X, Linux, Unix) based on the established standards. 2.2.2 End User Computing System The term end user computing system is used generically to refer to traditional desktop systems, as well as laptop computers, notebooks, slates,
29、tablets, engineering workstations, and similar platforms that are utilized to provide basic interoperability. Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-2.2.3 Mobile Computing Systems Mobile Computing Systems may sacrifice appreciable functional
30、ity for specific form factor benefits and in some instances enterprise interoperability. Example Hardware Reference Configurations include smartphones, slates devices such as the iPad and tablets. 2.2.4 Slate Computer A slate is a touch oriented computing device whose design omits a permanently atta
31、ched physical keyboard, to achieve a much lighter weight than other form factors. NASA-STD-2805 FY 2014 includes three slate Hardware Reference Configurations: the Apple iPad, the Apple iPad Mini, and a Windows 8 Slate offering. 2.2.5 Tablet Computer A tablet computer is defined as a computing devic
32、e with a physically attached keyboard and a touch screen. Tablets are noteworthy for their light weight and generally smaller display sizes. Hardware innovations such as slates and ultra lightweight laptops with touch screens have encroached on, and minimized the prominence of, the PC Tablet within
33、the market. These marketing pressures are relegating PC Tablets to the category of sunsetting technology. 2.2.5 Support for Basic Interoperability Systems supporting basic interoperability are defined as Agency systems used to exchange information electronically by end users that require any of the
34、functionality listed in Section 3.4, Client Reference Configurations. 3 DETAILED REQUIREMENTS 3.1 Architectural Compliance Requirements NASA has base-lined and approved the NASA Integrated Information Technology Architecture. The architecture is predicated on: The selection of standards for a broad
35、and cost-effective infrastructure using commercial off-the-shelf and well-supported open source products to the greatest extent practical - Interoperability both within and external to NASA Flexibility for future growth - Consistency with generally accepted consensus standards as much as feasible Se
36、curity for NASA systems and data Among these objectives, ensuring interoperability is one of NASAs most critical issues related to information technology. In many cases, it is in NASAs best interest to specify commercial products as standards for an interoperable implementation of a particular set o
37、f related and integrated functions. The products themselves often include additional functionality or proprietary extensions not specified by this Standard. While these products can be used to create higher-level interoperability solutions, these solutions may not be recognized within the context of
38、 the NASA interoperability environment and may be deprecated without warning by future revisions to this Standard. Users of this Standard are advised to apply appropriate caution when implementing proprietary or non-standard extensions, features and functions that go beyond the explicitly stated sta
39、ndard functionality. Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-3.2 Security for NASA systems The ongoing utility and security of the NASA IT environment is directly dependent on a continuous stream of software (and hardware) updates. All NASA I
40、T service providers must therefore develop processes and solutions which minimize the time required to install updates and new versions of software. This NASA-STD-2804 document will list specific minimum versions of software required for compliance. Except as specifically indicated, all NASA IT serv
41、ice providers will install minor updates throughout the life-cycle maintenance for the systems, and prepare major new versions of software (including operating systems and browsers) in the shortest time possible, cognizant with required testing. The Client Reference Configurations will specify softw
42、are that will be required to participate in the continuous stream of automatic software vendor updates in real time. NASA IT service providers should take note of this intent and implement their system support and application update processes (or alternative environments), to support an appropriatel
43、y secure and modernized NASA IT environment. 3.3 Agency Security Configuration Standards The NASA Office of the Chief Information Officer (OCIO) establishes Agency Federal Information Security Management Act (FISMA) compliance goals and reporting requirements for NASA systems, through the use of NAS
44、A System Configuration Baselines, managed by the Agency Security Configuration Standards (ASCS) Service. OCIO policy requires deployment of the NASA ASCS system configurations to all systems. The NASA ASCS system configuration baselines are developed from various sources, including the National Inst
45、itute of Standards and Technology (NIST) Security Content Automation Program (SCAP) checklists, Center for Internet Security (CIS) Benchmarks, vendor and third-party sources, and are also internally developed by NASA. These system configuration baselines, and their associated compliance monitoring m
46、easurement content, are managed by ASCS. NASA system configuration baselines for each operating system and applicable software listed in this Standard can be obtained at http:/etads.nasa.gov/ascs/ Centers wishing informed local consultation should contact their ASCS Point of Contact, listed here: ht
47、tp:/etads.nasa.gov/ascs/communications or consult the ASCS web site for additional information. 3.4 Client Reference Configurations To address application, data, and infrastructure interoperability, and ensure compliance with federally mandated system configuration settings, the software functionali
48、ty, applications, interface standards, configuration settings, versions, and deployment settings established by this Standard are definitive. Client Reference Configurations (CRC) are included for each operating system, with the version numbers that were current at the time of this writing, and requ
49、ired configurations listed as appropriate. Current versions of applications must be used as made available by the application vendor unless specifically stated otherwise. Interface standards are included to guide service providers and system integrators. The Client Reference Configurations define the operational config
