TITLE XIII-COMPLIANCE WITH STATUTORY PAY-AS-YOU-GO ACT OF 2010 SEC. 1301. COMPLIANCE PROVISION. The budgetary effects of this Act, for the purpose of complying with the Statutory Pay-As-You-Go-Act of 2010, shall be determined by reference to the latest statement titled "Budgetary Effects of PAYGO Legislation" for this Act, submitted for printing in the Congressional Record by the Chairman of the Senate Budget Committee, provided that such statement has been submitted prior to the vote on passage. Approved October 11, 2010. LEGISLATIVE HISTORY-S. 3729: HOUSE REPORTS: No. 111-576 (Comm. on Science and Technology). SENATE REPORTS: No. 111-278 (Comm. on Commerce, Science, and Transpor tation). CONGRESSIONAL RECORD, Vol. 156 (2010): Aug. 5, considered and passed Senate. (A) The program shall include, at a minimum, ongoing classified and unclassified threat-based briefings, and automated exercises and examinations that simulate common attack techniques. (B) All agency employees and contractors engaged in the operation or use of agency information infrastructure shall participate in the program. (C) Access to NASA information infrastructure shall only be granted to operators and users who regularly satisfy the requirements of the program. (D) The chief human capital officer of NASA, in consultation with the chief information officer, shall create a system to reward operators and users of agency information infrastructure for continuous high achievement in the program. (c) INFORMATION INFRASTRUCTURE DEFINED.-In this section, the term “information infrastructure" means the underlying framework that information systems and assets rely on to process, transmit, receive, or store information electronically, including programmable electronic devices and communications networks and any associated hardware, software, or data. SEC. 1208. NATIONAL CENTER FOR HUMAN PERFORMANCE. (a) IN GENERAL.-The National Center for Human Performance is located in Houston's Texas Medical Center which is home to 49 non-profit and academic patient care, biomedical research, and health educational institutions serving 6 million patients each year, and works collaboratively with individuals and organizations, including NASA, to advance science and research on human performance in space, health, the military, athletics, and the arts. (b) DESIGNATION AS INSTITUTION OF EXCELLENCE.-The National Center for Human Performance is designated as an Institution of Excellence for Human Performance dedicated to understanding and improving all aspects of human performance. SEC. 1209. ENHANCED-USE LEASING. (a) SENSE OF THE CONGRESS.-It is the sense of the Congress that the NASA enhanced-use leasing program is a fiscally responsible program to further maintain the exploration-related infrastructure of our Nation's space centers while ensuring continued private utilization of these Federal assets, and every effort should be made to ensure effective utilization of this program. SEC. 1210. SENSE OF CONGRESS CONCERNING THE STENNIS SPACE CENTER. It is the sense of the Congress that the Stennis Space Center represents the national capability for development and certification of liquid propulsion technologies vital to our Nation's space flight program, and that the Federal government should fully utilize that resource and continue to make the testing facility available for further development of commercial aerospace capabilities. 42 USC 18445. Deadlines. (2) CRITERIA.—The criteria may include— (B) embedded security markings in parts; (D) identifying distinct lot and serial codes on external packaging; (E) radio frequency identification embedded into highvalue parts; (F) physical destruction of all defective, damaged, and sub-standard parts that are by-products of the manufacturing process; (G) testing certifications; (H) maintenance of procedures for handling any counterfeit parts that slip through; (I) maintenance of secure facilities to prevent unauthorized access to proprietary information; and (J) maintenance of product return, buy back, and inventory control practices that limit counterfeiting. (d) REPORT TO CONGRESS.-Within one year after the date of enactment of this Act, the Administrator shall report on the progress of implementing this section to the appropriate committees of Congress. SEC. 1207. INFORMATION SECURITY. (a) MONITORING RISK. (1) UPDATE ON SYSTEM IMPLEMENTATION.-Not later than 120 days after the date of enactment of this Act, and on a biennial basis thereafter, the chief information officer of NASA, in coordination with other national security agencies, shall provide to the appropriate committees of Congress (A) an update on efforts to implement a system to provide dynamic, comprehensive, real-time information regarding risk of unauthorized remote, proximity, and insider use or access, for all information infrastructure under the responsibility of the chief information officer, and mission-related networks, including contractor networks; (B) an assessment of whether the system has demonstrably and quantifiably reduced network risk compared to alternative methods of measuring security; and (C) an assessment of the progress that each center and facility has made toward implementing the system. (2) EXISTING ASSESSMENTS.-The assessments required of the Inspector General under section 3545 of title 44, United States Code, shall evaluate the effectiveness of the system described in this subsection. (b) INFORMATION SECURITY AWARENESS AND EDUCATION.— (1) IN GENERAL.-In consultation with the Department of Education, other national security agencies, and other agency directorates, the chief information officer shall institute an information security awareness and education program for all operators and users of NASA information infrastructure, with the goal of reducing unauthorized remote, proximity, and insider use or access. (2) PROGRAM REQUIREMENTS. the Presidential Commission on the Space Shuttle Challenger Accident; (8) the mission-critical software of NASA must operate dependably and safely; (9) the Independent Verification and Validation Facility of NASA plays an important role in assuring the safety of all NASA activities by improving methodologies for risk identification and assessment, and providing recommendations for risk mitigation and acceptance; and (10) the Independent Verification and Validation Facility shall be the sole provider of independent verification and validation services for software created by or for NASA. SEC. 1206. COUNTERFEIT PARTS. (a) IN GENERAL.-The Administrator shall plan, develop, and implement a program, in coordination with other Federal agencies, to detect, track, catalog, and reduce the number of counterfeit electronic parts in the NASA supply chain. (b) REQUIREMENTS.-In carrying out the program, the Administrator shall establish (1) counterfeit part identification training for all employees that procure, process, distribute, and install electronic parts that will (A) teach employees how to identify counterfeit parts; (B) educate employees on procedures to follow if they suspect a part is counterfeit; (C) regularly update employees on new threats, identification techniques, and reporting requirements; and (D) integrate industry associations, manufacturers, suppliers, and other Federal agencies, as appropriate; (2) an internal database to track all suspected and confirmed counterfeit electronic parts that will maintain, at a minimum (A) companies and individuals known and suspected of selling counterfeit parts; (B) parts known and suspected of being counterfeit, including lot and date codes, part numbers, and part images; (C) countries of origin; (D) sources of reporting; (E) United States Customs seizures; and (F) Government-Industry Data Exchange Program reports and other public or private sector database notifications; and (3) a mechanism to report all information on suspected and confirmed counterfeit electronic parts to law enforcement agencies, industry associations, and other databases, and to issue bulletins to industry on counterfeit electronic parts and related counterfeit activity. (c) REVIEW OF PROCUREMENT AND ACQUISITION POLICY. (1) IN GENERAL.-In establishing the program, the Administrator shall amend existing acquisition and procurement policy to purchase electronic parts from trusted or approved manufacturers. To determine trusted or approved manufacturers, the Administrator shall establish a list, assessed and adjusted at least annually, and create criteria for manufacturers to meet in order to be placed onto the list. 42 USC 18444. Plans. Database. List. Deadline. |