Web Policy Information

Adapted from Agency Web site Registration Application Help Text

Export Control (includes ITAR and EAR):

Export Control establishes restrictions pertaining to the export of proprietary U.S. goods including, but not limited to, encryption software, computer hardware, software applications, and technology-oriented products.

ITAR (International Traffic in Arms Regulations)

The ITAR is administered by the Department of State and covers the export and import of defense articles and defense services. The US Munitions List (USML) specifies what is under the jurisdiction of the ITAR. All launch vehicles (Shuttle) and all satellites are under the jurisdiction of the ITAR, also some rad hard parts, remote sensing instruments, etc. ITAR has 21 categories defined, but most of NASA ITAR exports are under category XV Space Systems and Associated Equipment, some under Category IV Launch Vehicles, Guided Missiles, Ballistic Missiles, Rockets, Torpedoes, Bombs and Mines. NASA seeks and obtains ITAR export licenses for the permanent transfer of USML (United States Munitions List) hardware or for any transfer of USML hardware or technical data involving a foreign person in/from a proscribed country.

EAR (Export Administration Regulations

The EAR are administered by the Department of Commerce, Bureau of Industry and Security. Controls for items under the jurisdiction of the EAR are found in the Commerce Control List (CCL) and are specific to the item or technology

 

All export controlled material on Web sites MUST be access restricted. No group passwords are allowed.Web logs for servers with ITAR/EAR data must be retained a minimum of 1 year, preferably 2.

For more information on Export Control, visit the Goddard Export Control Web site. There you can find guidance on how to determine if your information falls under export control regulation, as well as any forms required.

Section 508 Accessibility Guidelines

Explanation of Policy:

All Internet and intranet Web pages developed or procured after June 21, 2001 must comply with the Technical Standards of Section 508 part 1194.22. These Standards are designed to regulate the input and output functions of web pages and applications so people with disabilities may use them. These Standards are not designed to address any one particular disability, such as blindness, but a range of disabilities. For example, most users, whether vision or hearing impaired, share the ability to use a keyboard but not a mouse. Physically disabled users who are unable to use a keyboard because of the loss of digits or limbs will use a form of adaptive technology such as a pointer or blowpipe. These devices are designed to use the keyboard interface of the computer. Consequently, Section 508 requires that all web page and application input be made from the keyboard. This does not prevent the added functionality of mouse-enabled actions for sighted users, but requires that these mouse only actions be accompanied by keyboard access as well. The list of Technical Standards that the Federal Access Board developed for the Web is listed below:

§ 1194.22 Web-based intranet and Internet information and applications.

1. A text equivalent for every non-text element shall be provided (e.g., via "alt", "longdesc", or in element content).
2. Equivalent alternatives for any multimedia presentation shall be synchronized with the presentation.
3. Web pages shall be designed so that all information conveyed with color is also available without color, for example from context or markup.
4. Documents shall be organized so they are readable without requiring an associated style sheet.
5. Redundant text links shall be provided for each active region of a server-side image map.
6. Client-side image maps shall be provided instead of server-side image maps except where the regions cannot be defined with an available geometric shape.
7. Row and column headers shall be identified for data tables.
8. Markup shall be used to associate data cells and header cells for data tables that have two or more logical levels of row or column headers.
9. Frames shall be titled with text that facilitates frame identification and navigation.
10. Pages shall be designed to avoid causing the screen to flicker with a frequency greater than 2 Hz and lower than 55 Hz.
11. A text-only page, with equivalent information or functionality, shall be provided to make a web site comply with the provisions of this part, when compliance cannot be accomplished in any other way. The content of the text-only page shall be updated whenever the primary page changes.
12. When pages utilize scripting languages to display content, or to create interface elements, the information provided by the script shall be identified with functional text that can be read by assistive technology.
13. When a web page requires that an applet, plug-in or other application be present on the client system to interpret page content, the page must provide a link to a plug-in or applet. This applet or application must also be compliant with Section 508 Technical Standards §1194.21(a) through (l).
14. When electronic forms are designed to be completed on-line, the form shall allow people using assistive technology to access the information, field elements, and functionality required for completion and submission of the form, including all directions and cues.
15. A method shall be provided that permits users to skip repetitive navigation links.
16. When a timed response is required, the user shall be alerted and given sufficient time to indicate more time is required.

Authoritative Source:

Date of Issue:

Last Updated:

Issuing Agency:

Relevant NASA Policy/Guidelines/Directives

NASA's Section 508 Policy is currently under review. Updates to this policy will be published on the Agency Section 508 web site http://section508.nasa.gov/. Please refer compliance questions to the Section 508 Coordinator at your Center.

FAR - Federal Acquisition Circular (FAC)97-27, Electronic and Information Technology (EIT) Accessibility: http://section508.nasa.gov/documents/doc_FAR.htm

PIC - Procurement Information Circular 01-13: http://section508.nasa.gov/documents/doc_508_pic.htm

NASA Directive: NPD 2090.5C , Nondiscrimination In Federally Assisted and Federally Conducted Programs of NASA - Delegation of Authority: http://nodis3.gsfc.nasa.gov/library/displayDir.cfm?Internal_ID=N_PD_2090_005C_&page_name=main&search_term=section%20508

Training/Self-Help

The resource section of NASA's Section 508 web site, contains links to training and informational resources developed by NASA as well as links to other Government and Private Sector resources: http://section508.nasa.gov/resources3.htm

Goddard has a 508 Checklist available to help you determine if your site is compliant.

COPPA: Children's Online Privacy Protection Act

Explanation of the Policy

The Child On-line Privacy Protection Act (COPPA) of 1998 helps place parents in control over information collected from their children online. Operators of Web sites or online services for children under 13 or that knowingly collect information from children under 13 must follow COPPA rules.

1. Post clear and comprehensive Privacy Policies on the Web site describing their information practices for children's personal information;
2. provide notice to parents, and with limited exceptions, obtain verifiable parental consent before collecting personal information from children;
3. give parents the choice to consent to the operator's collection and use of a child's information while prohibiting the operator from disclosing that information to third parties;
4. provide parents access to their child's personal information to review and/or have it deleted;
5. give parents the opportunity to prevent further collection or use of the information
6. maintain the confidentiality, security, and integrity of information they collect from children.

In addition, the Rule prohibits operators from conditioning a child's participation in an online activity on the child's providing more information than is reasonably necessary to participate in that activity.

The COPPA rules are explicit in its means for following the underlined issues in the rules above. You can read more at - http://www.ftc.gov/bcp/conline/edcams/kidzprivacy/index.html

(Excerpted from FAQ on COPPA)
http://www.ftc.gov/privacy/coppafaqs.htm

Authoritative Source

Date of Issue

Last Update

Issuing Agency

Training / Self Help

http://www.ftc.gov/bcp/conline/edcams/kidzprivacy/index.html

NASA Internet Publishing Guidelines

Explanation of Policy:

In order to balance NASA's Space Act mandate to disseminate information with the requirement to protect certain classes of information, NASA developed a set of content guidelines for Internet publishing. These govern what may and may not be made available to the public via the Internet. This covers not just the World Wide Web, but all TCP/IP connections.

Following are broad categories of information that MUST NOT be made available to the public.

If this information is available at all via the Internet, security mechanisms must be put in place to ensure that the information is available only to its intended, limited audience. This list is not all-inclusive, but is intended to give examples of information inappropriate for publication.

• Information critical to protecting Agency assets and personnel

• Computer passwords or pass phrases
• Computer network configurations or designs
• Identification of operating systems (vendor, product, and version) used on specific servers
• Internet Protocol addresses
• Telephone numbers for dial-up computer connections
• IT System capabilities (e.g., staffing levels, hours of operation) or limitations
• IT System security plans, risk analyses, system vulnerabilities, procedures, and controls methods
• IT System compromise information, including evidence data
• IT System security/auditing logs
• Names/telephone numbers that uniquely identify system administrators
• Physical security information such as key codes and cipher lock combinations, significant badging information, including pictures of NASA badges
• Internal Center maps, including labeled aerial views
• Technically detailed schematics or drawings of utilities, networks, airfields, aircraft, buildings
• Facility information including detailed drawings, schematics, physical locations, staffing levels, hours of operation
• Specific information on the composition, preparation, storage locations or optimal use of hazardous materials, explosives or biotoxins
• Detailed disaster recovery plans
• Details on emergency response procedures, evacuation routes, or officials responsible for these issues
• Personnel locator information as contained in Center or Agency telephone books (e.g., mail stops, building numbers)
• Internal Center policies and procedures that have not been analyzed re content publishing issues
• Personnel locators (i.e., building and room numbers or other information which could be used to determine personnel whereabouts at a given point in time, e.g., calendar information)
• Information on internal NASA-only or Center-only activities or events (e.g., picnics, symposiums), especially which specifies exact locations
• Non-work-related personal information (including links to personal Web pages or resumes)
• Date and time identification of security-sensitive events
• Video streaming or still images of locations where physical vulnerabilities might be exposed

• Information protected by law

• National security information (classified information)
• Personal information prohibited from disclosure by the Privacy Act or FOIA Exemption 6. This information includes, but is not limited to, Social Security numbers, home telephone numbers, home addresses, and medical data
• Export controlled information
• Technical innovations prior to release approval by patent counsel
• Proprietary information of the Government or others such as:
• Information disclosing inventions and technical innovations, including software, protected under 35 U.S.C. 205 and FOIA Exemption 3, unless release is approved by Center Patent Counsel
• Trade secret information protected or prohibited from disclosure under the Trade Secrets Act (18 U.S.C 1905) or FOIA Exemption 4
• Copyrighted materials unless approved for publication by the copyright owner
• Investigative information
• Commercially licensed software restricted in accordance with the license or agreement under which it was obtained
• Information protected by treaty or agreement
• Invention disclosures
• Source evaluation information
• Confidential financial data relating to contractors
• Other information determined non-releasable under FOIA
• Procurement sensitive information, such as vendor quotes (except vendor quotes as part of an electronic auction), attribution information or results, negotiating positions

• Information protected by Government or Agency policy or regulation

• NASA developed software (unless authorized)
• Information characterized as 'Administratively Controlled Information' (per recent NASA policy) or previously designated 'For Official Use Only'
• Pre-decisional information such as the Agency budget prior to formal release
• Embargoed scientific, technical, launch or other mission information
• Launch-related information whose compromise may adversely impact safety or security

The following are broad categories of information that MAY be made available to the public.

• Documents Intended for General Dissemination

• The NASA Strategic Plan
• Enterprise Strategic Plans and related documents
• Personnel locator information not related to physical location (e.g., e-mail addresses, telephone numbers)
• Organizational information not covered by Privacy Act restrictions
• Directions to a Center, and related information that meet the legitimate needs of the public wishing to visit our Centers
• Information intended by the Agency to assist the public in better understanding the Agency’s history, organization, missions, programs, and projects
• Work-related personal biographies that do not compromise any sensitive aspect of the project with which the individual is associated.

• Official Agency web sites which provide Agency policy documents

• Agency policy documents via the NASA Online Directives Information System (NODIS)

• Information released by the Agency and Center Public Affairs Offices

• Press releases and similar information
• Public service messages such as anti-drug campaign information Official Agency Information Approved for Release

• Published Information

• Science and engineering information and data that complies with NASA policy for publication (see NPG 2200.2)
• NASA Standards Program information, including official Agency engineering and information technology standards
  

Links to appropriate related sites may also be published. However, links to non .gov sites must include a disclaimer or an exit page.

Authoritative Source:

NASA Internet Publishing Content Guidelines

Date of Issue:

Last Updated:

Issuing Agency:

Relevant NASA Policy / Guidelines/ Directives:

1. NPD 1382.17E, Privacy Act - Internal NASA Direction in Furtherance of NASA Regulations
2. NPD 1440.6E, NASA Records Management
3. NPG 1441.1C, Records Retention Schedules
4. NPD 2110.1D, Foreign Access to NASA Technology Transfer Materials
5. NPD 2190.x, NASA Export Control Program
6. NPG 2190.x, NASA Export Control Program
7. NPG 2200.2, Guidelines for Documentation, Approval, and Dissemination of NASA Scientific and Technical Information
8. NPD 2210.1, External Release of NASA Software
9. NPG 2210.1, External Release of NASA Software
10. NPD 2220.5E, Management of NASA Scientific and Technical Information (STI)
11. NPD 2800.1, Managing Information Technology
12. NPG 2800.1, Managing Information Technology
13. NPD 2810.1, Security of Information Technology
14. NPG 2810.1, Security of Information Technology
15. NPD 2820.1, NASA Software Policies
16. NASA's E-FOIA Regulations, 64 Federal Register 39,401-39,414 (1999) (codified at 14 CFR Part 1206)
17. Attorney General Policy Memorandum of October 12, 2001 on the Freedom of Information Act

Cookies

Explanation of Policy:

Cookies are a small piece of text generated by a server and stored in a web browser to maintain a user's identification between web pages. OMB Memorandum M-00-13 restricts the use of Cookies on Federal Web sites maintained by Civil Servants or Contractors. The clarification of the policy limits the use of "persistent" cookies (cookies that remain after a browser has quit) on public Internet sites. Intranet sites internal to Federal agencies are not included in the scope of the memorandum. The clarification document allows the use of temporary or session cookies (cookies that expire when the browser is closed) on Federal public Web sites When using cookies, an explanation of their use is required in the privacy statement. Use of persistent cookies on public Internet sites requires the personal approval of the agency head, a compelling need to do so, safeguarding of the information and notice to the users of the use of persistent cookies.

Authoritative Source:
Office of Management and Budget

• Original Memorandum
  http://www.whitehouse.gov/omb/memoranda/m00-13.html
• Clarification of Memorandum
  http://www.whitehouse.gov/OMB/inforeg/cookies_letter90500.html

Date of Issue:
June 22, 2000

Last Updated:
September 5, 2000

Issuing Agency:
Office of Management and Budget

Relevant NASA Policy / Guidelines/ Directives:
NASA Follows OMB Guidelines

Training / Self-help
http://webwork.larc.nasa.gov/policy/cookie/index.html

Logo Policy

Explanation of Policy

A new logo policy was defined by the NASA Associate Administrator for Public Affairs. The intent is to follow standard industry practice and emphasize use of a single, recognizable logo, namely, the NASA insignia, or "meatball."

The core guidelines in this policy include:

1. In terms of media awareness and overall visibility to the public, the use of the NASA "meatball" should take precedence over the use of mission logos.
2. Program and project logos can be used internally as team-building efforts, but they should not appear in any type of NASA publicity, commercial merchandise, external publications, or on any hardware, vehicles, or spacecraft.
3. Center logos, which have never been officially recognized as Agency identifiers, are only to be used for efforts that are Center specific. The "meatball" should be used to represent efforts involving more than one Center.
4. When the Center logo appears, the "meatball" should appear beside it. Alternatively, Centers may use the "meatball" with simple Helvetica type underneath displaying the Center's name.
5. Office logos should not be used as Agency identifiers. If there is a need to identify a certain office, the "meatball" should be used with the office name underneath, according to NASA graphics standards.
6. The NASA Seal is reserved for the Administrator's use only and on literature containing his signature (such as awards and certificates). It is not to be used as the primary Agency identifier, except on NASA flags.

Official guidelines for use of NASA emblems (insignia, logo, seal) are documented in the Code of Federal Regulations (14 CFR §1221.1). The NASA Graphics Coordinator in the Office of Public Affairs is responsible for ensuring proper use of the NASA emblems in any setting in which they appear.

The NASA logotype (NASA 'worm') has been retired since 1992, and should only be used in historical context or with the approval of the NASA Graphics Coordinator. The NASA Logo should never be used with the NASA Insignia. The NASA Seal is reserved for use in association with the NASA Administrator. The Seal should never be used with the NASA Insignia.

Program logos and other emblems should not contain the NASA Insignia in them because of their relatively small size. The word NASA should be used instead.

These emblems must not be used to imply the Agency's endorsement of another party’s goods or services. They should not appear on non-NASA Web pages. And NASA employees should not give permission for other groups to use the Insignia. They should never be used on NASA Web sites as a "hot link" except to the NASA Home Page: http://www.nasa.gov/.

Authoritative Source:

Code of Federal Regulations (14 CFR §1221.1)
http://www.access.gpo.gov/nara/cfr/waisidx_02/14cfr1221_02.html

Code P, Office of Public Affairs - Office Work Instruction - Protect Trademark and Corporate Identity
http://www.hq.nasa.gov/hqiso9000/dbdocs/pdf/HOWI1382-P006fA.pdf

Memo: NASA Public Affairs
http://www.hq.nasa.gov/pao/insignia/text/newlogopolicy.html

Date of Issue:
Code of Federal Regulations (14 CFR §1221.1)
NASA Code P Work Instruction - January 2000
NASA Public Affairs Memo

Last Updated:
Code of Federal Regulations (14 CFR §1221.1) Revised January 1, 2001.
NASA Code P Work Instruction - April 2000

Issuing Agency:
US Government Printing Office
NASA

Relevant NASA Policy / Guidelines/ Directives:
Code P, Office of Public Affairs - Office Work Instruction - Protect Trademark and Corporate Identity
http://www.hq.nasa.gov/hqiso9000/dbdocs/pdf/HOWI1382-P006fA.pdf

Memo: NASA Public Affairs
http://www.hq.nasa.gov/pao/insignia/text/newlogopolicy.html

Training / Self-help
Code of Federal Regulations (14 CFR §1221.1):
http://www.access.gpo.gov/nara/cfr/waisidx_02/14cfr1221_02.html

NASA Graphic Standards WWW Manual - This document includes information about appropriate use and incorrect use of NASA emblems.
http://www.hq.nasa.gov/pao/insignia/

Memo: NASA Public Affairs
http://www.hq.nasa.gov/pao/insignia/text/newlogopolicy.html

HQ Web site - The NASA Insignia
http://www.hq.nasa.gov/pao/insignia/text/Welcome.html

Banners

Explanation of Policy:

NASA Web sites must include a link to the combined NASA banner statement at the bottom of the front page of the Web site. The link must read: "NASA Privacy, Security, Notices." The combined banner statement includes:

1. Privacy Statement
2. IT Security Warning Banner
3. Accessibility Statement
4. Linking Disclaimer

The banner must be a local copy. It may not point to a copy on another server. A copy of the banner is available for your convenience at the webmaster site. To use it, download a copy of the file, open it, and update the mailto: link for the "webmaster for this site" to point to the correct email address. Save it to the root directory of your web site and name it "banner.html."

Privacy Statement

Federal Web sites must post privacy policies to the Department or Agency's principal web site as well as any other known, major entry points to your sites and at any web page where you collect substantial personal information from the public. Each policy must clearly and concisely inform visitors to the site what information the agency collects about individuals, why the agency collects it, and how the agency will use it. Privacy policies must be clearly labeled and easily accessed when someone visits a web site. Posting a privacy policy helps ensure that individuals have notice and choice about, and thus confidence in, how their personal information is handled when they use the Internet. Agency contractors should also comply with those policies when operating web sites on behalf of agencies.

IT Security Warning Banner

Government computer systems may be targets of hostile activities and subject to other forms of unauthorized use. To counter these activities, the Government may monitor and record the use of Government computer systems through keystroke monitoring and other methods. In order to deter misuse and notify all users that their use may be monitored, the NASA CIO has provided guidance on implementing a warning banner on all appropriate NASA computer systems. This direction applies to all NASA-owned or funded IT systems, regardless of location or user, including Government-provided equipment.

Accessibility Statement

At a minimum, every NASA Center's top level home page will include contact information. Contact information must allow the site user to get in direct contact with a NASA employee or representative to report problems with accessing Center Web sites or other electronic/information technology, and to request information in an accessible format. Contact information should include at least an e-mail address. Centers should ensure that reports of accessibility problems are acknowledged within a reasonable time frame, but no longer than 5 business days after receipt. Centers should also furnish information in an accessible format, as requested by site users via the contact, in as timely a fashion as possible. Centers are highly encouraged to also provide contact information on other Center Web pages, especially at major entry points into Center Web sites and on those pages with significant accessibility problems, so that a user with an accessibility problem can readily find it.

Linking Disclaimer

A clear accountability for the accuracy and appropriateness of information to be displayed must be established before any information regarding NASA activities, missions, organizations, publications, is posted on the Internet via NASA "servers" for public access. This accountability requirement applies when using World Wide Web, Gopher, or other Internet information service. Furthermore, the accountability requirement applies to direct references ("hyperlinks") to external information sources. Whenever a hyperlink is established, NASA is responsible for linking to appropriate material and ensuring that the link is viable. If the content of the link changes, NASA must reevaluate whether or not to maintain the link. When linking to external sites (outside the .gov domain), a disclaimer shall be displayed.

Authoritative Source:

M-99-18 - OMB MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES Privacy Policies on Federal Web Sites
http://www.whitehouse.gov/OMB/memoranda/m99-18.html

14 CFR Part 1212, NASA Privacy Act Regulations
http://www.access.gpo.gov/nara/cfr/cfrhtml_00/Title_14/14cfr1212_00.html

Relevant NASA Policy / Guidelines/ Directives:

NPD 1382.17F - Privacy Act - Internal NASA Direction in Furtherance of NASA Regulation
http://nodis3.gsfc.nasa.gov/library/displayDir.cfm?Internal_ID=N_PD_1382_017F_&page_name=main

NPG 2800.1: Managing Information Technology
http://nodis3.gsfc.nasa.gov/library/displayDir.cfm?Internal_ID=N_PG_2800_0001_&page_name=main

Guidance on Implementation of Information Technology (IT) Security Warning Banners
http://cio.gsfc.nasa.gov/banner.shtml

NASA Section 508 Web Policy
http://webmaster.gsfc.nasa.gov/policy/gsfc/508policy.html

Log Retention Policy

Explanation of Policy

Server log files are invaluable sources of information for generating reports necessary to improve operations and performance, to determine which services and information are of most interest to the public, and to aid in the safeguarding of Internet services from security threats. The specific data that is collected in server logs is determined by the judgment of the management of the facility that is responsible for the operation of the servers. However, there is a cost associated with the long term maintenance of the raw data contained in the server logs (due to such factors as retention and storage of the data in appropriate media) that should be minimized.

Therefore, the intent of the policy is to specify the maximum length of time that server logs shall be maintained that is consistent with the purpose of collecting the log information. Specific data that is required for long-term purposes or on an ongoing basis shall be extracted from the server logs, formatted into an appropriate report(s), and the server log purged. Those extracted data reports shall be scheduled for a longer retention period.

Server log files for servers that provide Internet services shall be maintained for the minimum amount of time practical, but for no longer than 30 calendar days from their creation. The creation date is the last day that data are added to the old log and a new log begins.. This limit applies to electronic, paper, and all other forms of media in which the log files may be stored, in accordance with NPG 1441.1C. Effective with this notice, NASA Internet server log files shall be processed according to the NASA records retention procedure (scheduled) so that they can be officially recognized as systems that periodically purge all contents. For retention and disposal purposes, log files will be captured and blocked as a "set" (e.g., month) rather than every day's log file being disposed of individually. That is, 30 days' worth of daily logs shall be collected and "blocked" together. This "block" shall be retained until the last entry in the block is 30 days old.

Exceptions to this policy may be made on a case-by-case basis at the discretion of the Center Chief Information Officer (CIO) Representative, in order to support security, administrative, and/or criminal investigations or other extraordinary purposes for which longer retention of the server logs is required. Prior to granting an exception, the NASA Records Officer in the Office of the NASA CIO must be notified in writing. Server logs retained for longer than 30 days for such reasons shall be immediately purged, following the conclusion of the specific activity for which they were retained.

Web server logs for sites with export controlled data MUST be retained for a minimum of one year.

Authoritative Source:

NPG 1441.1C, NASA Records Retention Schedules
http://nodis.gsfc.nasa.gov/library/displayDir.cfm?Internal_ID=N_PG_1441_001C_&page_name=main

Policy for Retention of Internet Services Server Log Files
http://webmaster.gsfc.nasa.gov/policy/gsfc/log-policy.html

Issuing Agency:
NASA

Center Web Policy

Explanation of Policy

In addition to the NASA policies and Federal regulations referenced above, Goddard Space Flight Center has certain policies that apply to its Web sites. These include guidance as to contact information, banners, structure, security, and appropriate use.

Administrivia

There is required policy information that must be provided at the bottom of the front page of every GSFC web site:

• Responsible NASA Official Name and contact information
• Webmaster name and contact information
• Banners

The Responsible NASA Official (RNO) is responsible for the appropriateness and timeliness of information, links and graphics on the page, and is accountable for compliance with policy. The RNO must be a civil servant. The webmaster for a site and the RNO may not be the same person, even if the individual is a civil servant, because it is important that there is management accountability for every web site.

One or more webmasters may be listed on the site. For example, instead of "webmaster," there may be separate contacts for questions relating to page content and for technical problems, such as "curator" or "content owner" and "technical webmaster" or "web server administrator."

Contact names must be real individuals, not a group; however, contact addresses do not have to be. Linking a person's name to a generic address such as "webmaster@foo.gsfc.nasa.gov" is permissible.

Metatags

In order to better support the management of Goddard's Web environment, webmasters must implement particular HTML code in the <head> of the front page of every Web site. These required metatags include the standard HTML tags such as title and description, and the Goddard-specific tags listed below.

Standard HTML tags:

• title: Title of Web site (must be SITE title, not PAGE title)
• description: Short Description of Web Site

Goddard Specific:

• orgcode: Owning Organization Code
• rno: Responsible NASA Official Name
• content-owner: Content Owner name
• webmaster: Technical Webmaster name (multiple webmaster tags allowed)

Please note that names must be in X.500 permanent email address format (for example, Emma.K.Antunes.1). Only include the information before the @ sign; do not include the @ sign or anything after it. Using X.500 format for names allows for machine readable results, as it makes allowance for spaces and punctuation in names as well as uniqueness. The tags themselves must be in lowercase. Webmasters must list both a content-owner tag and a webmaster tag, even if the person listed is the same.

Examples:

• <title>Title of Web Site</title>
• <meta name="orgcode" content="920">
• <meta name="rno" content="Dwaine.A.Kronser.1">
• <meta name="content-owner" content="Emma.K.Antunes.1">
• <meta name="webmaster" content="April.L.Hildebrand.1">

Examples of good descriptions:

• <meta name="description" content="The Crustal Dynamics Data Information System (CDDIS) supports data archiving and distribution activities for the space geodesy and geodynamics community.">
• <meta name="description" content="NASA's Constellation X-Ray Mission project office home page.">
• <meta name="description" content="Aura is a NASA mission to study Earth's ozone, air quality, and climate and conduct research on the composition, chemistry, and dynamics of Earth's atmosphere.">

Limitations on Web Surveys

Web surveys are considered "information collection from the public," and accordingly, fall under the regulation of the Paperwork Reduction Act of 1995. The Paperwork Reduction Act assures that all proposed collections minimize the paperwork burden on the public, consistent with the Federal Government's need for information, including through the use of automated collection techniques or other forms of IT.

Any NASA employee proposing collection of information from the public, including from NASA contractors, must justify the requirement, take steps to minimize the collection burden, and comply with clearance and reporting procedures. What this means is that every Web survey of 10 or more people (contractors included) must be cleared first at GSFC, then at the Agency level, and finally by OMB. In addition, internal employee surveys must also be cleared through Goddard Labor Relations.

For more guidance on Web surveys, see NPG 2800.1 Management of Information Technology, Section 2.3.

Structure

• Every server must have a page at the root level that responds to web requests, even if the site home page is not located at the root level.
  • This page must also include info about owning organization, banners, etc.
    
• No directory listings permitted at the root level
  
• The default home page at the root level may not be a user's personal page, even if it's work-related.
  • This implies that the sole reason of the site is for the user, and that makes it look like non-appropriate use
    

Appropriate Use

NASA/GSFC Internet resources are provided for official government business only. Use of these resources to access Internet and its resources should be related to professional duties and interests only. Any web page in the nasa.gov domain represents an official NASA publication and is subject to normal publication authorization criteria.

What this means is that all content on Web sites must be work related, and it must go through the same review process as a paper publication. Every Web page represents NASA, and needs to reflect well on the Agency.

Limited professional pages are allowed, such as:

• work-related biography
• professional photograph (such as a head shot, or the receipt of an award)
• list of publications
• list of current projects

Resumes may not be posted, because it would appear that NASA resources are being used for personal gain (in this case, to aid in a job search).Webmasters may not link to a personal home page on an ISP, or list a non-work email address. For further guidance on the appropriateness of content, please contact the Goddard Webmaster.

Security Policy

Goddard Web sites must follow the same Goddard security guidance as other services. This includes:

• Compliance with NPG 2810.1 Security of Information Technology
• Limited access pages must be appropriately protected and restricted from public access
• NO GROUP PASSWORDS
• All Web servers must have a security plan

For help with security, visit the Code 297 Web site.

Server Configuration

Every server must have a page at the root level that responds to web requests, even if the site home page is not located at the root level. This page must also include the required banners and information about owning organization. No directory listings are permitted at the root level. In addition, the default home page at the root level may not be a user's personal page, even if it's work-related. This implies that the sole reason for the sites existence is for the user, and that makes it look like inappropriate use. Use http://server.gsfc.nasa.gov/~username or http://server.gsfc.nasa.gov/username/ instead.

Authoritative Source, Date Issued, Last Updated and Issuing Agency:

NPD 2800.1 Managing Information Technology
Date issued: March 23, 1998
Last updated: None Issued
Issuing Agency: NASA

NPD 2810.1 Security of Information Technology
Date issued: August 26, 1999
Last updated: None Issued
Issuing Agency: NASA

Training/Self-help:

NASA WWW Best Practices ( http://nasa-wbp.larc.nasa.gov/devel/)
Last updated: August 30, 2000

Curator: Emma Kolstad Antunes
NASA Official: Mark Walther
Last Updated: Friday February 25, 2005