CCB 2021-01-06 APPROVED

• Look more closely into requirements on emailing the SOC
• Add instructions to tag the issue with the "security" label. Make sure all repos have that label.
• Apply these changes to Fix #1068, Create cFE Security Policy Markdown cFE#1048 and Implement a Security Policy osal#743

@astrogeco

I called the hotline (877-627-2732) and was told that it is a publicly available service and there are no requirements regarding emailing or calling the service. I was told that there would be no concerns or issues placing the information in a security policy on a public GitHub Repository.

Additional References:

https://www.nasa.gov/content/cybersecurity-policies

Cybersecurity Hotline
If you wish to report a cybersecurity incident or concern please contact the NASA SOC either by phone at 1-877-NASA-SEC (877-627-2732) or via the SOC email address ([email protected]).

https://www.nasa.gov/offices/ocio/ittalk/07-2010_soc.html

NASA's SOC is tracking, monitoring and reporting issues 24x7x365. For more information or to report an issue, contact 1-877-NASA-SEC (1-877-627-2732) or [email protected]

https://hackerone.com/nasa?type=team

IT Security Hotline
Users can contact the new 24x7x365 NASA Security Operations Center (SOC) by phone, 1-877-NASA-SEC (877-627-2732) or via the SOC email address ([email protected]).

I updated the three security policies to include instructions on tagging reports with the security label. I added the security label to cFE, so now all repos have that label available.