NASA Information Technology

Enterprise Service Desk (ESD)

Website: https://esd.nasa.gov/esdportal

Telephone: 877-677-2123; Option 2

IT Updates

Accessing NASA's Cloud Computing Services

Good News! The Computing Services Program Office (CSPO) has established commercial cloud computing services contracts with Amazon Web Services and Microsoft Azure for Agency-wide use. These are the official, mandatory use, strategic source contracts for buying cloud computing services at NASA. Guidance for using these contracts is available at https://www.nssc.nasa.gov/elmt, click on Cloud Computing Contract List.

All NASA organizations and individuals interested in acquiring and using commercial cloud computing are encouraged to consult with the Computing Services Program to ensure alignment with NASA’s cloud computing strategy.

A list of approved cloud solutions is available at: https://intranet.share.nasa.gov/agency/cloudservices/Pages/Approved-Cloud-Services.aspx

Miscellaneous

PIV Cards/Badges

If you have an issue with your NASA badge/PIV Card while teleworking, contact the ESD 877-677-2123 to troubleshoot. If the issue cannot be resolved, you can get a temporary exemption that will allow you to log into your device and agency applications with an alternate multi-factor solution.

When you return to your worksite, be sure to get a new PIV card.

Non-NASA Devices

Please refer questions to your center unauthorized device point of contact at https://inside.nasa.gov/ocio/unauthorized-devices-contacts. If a non-NASA device has been authorized for use on the NASA network, the user has a valid NASA account, and has an approved form of multi-factor authentication (e.g. PIV Card, Smart Badge, or RSA token), they should call the ESD for support. If NASA standards for connection cannot be met using the non-NASA device, the user should be provided with a CIO-managed NEST seat for connecting to the NASA network and remote access.

Network Access

Use Cisco AnyConnect to access NASA's virtual private network (VPN) anytime you are working on a network away from your NASA worksite, such as your home Wi-Fi.

Personal Computers: NASA has been working to enable employees to work securely from anywhere. Personal computers connecting to the NASA network present a risk that, today, the agency is not prepared to mitigate, so no one should use a personal computer to connect to the NASA network, onsite or via the VPN. Even as the agency is enabling greater flexibility for employees to continue working during this time, we cannot lower our cybersecurity standards and potentially increase the risk of successful cyberattacks.

More Information

IT Security

Adding New Software or Devices

No software shall be installed, or peripheral equipment connected by wired or wireless (including Bluetooth) or device/system used to process NASA data from the following companies or any subsidiary or affiliate of such entities:

  • Kaspersky Lab
  • Huawei Technologies
  • ZTE Corp.
  • Hikvision Digital Technology Company
  • Dahua Technology Company
  • Hytera Communications Corp.

Software Patching

OCIO will continue full-time operational support of critical patching during this long-term telework situation. Please accept patches and allow them to be processed.

Digital Signatures

Digital signatures, like handwritten signatures, are unique to each signer and provide a means of guaranteeing that the contents of a signed message or document have not been altered in transit. To enable secure digital signatures, digital signature certificates are already installed on an employee's badge (PIV card.) One of the digital certificates on the PIV card includes what is known as a non-repudiation certificate, which is a legally-binding signature.

Signing Documents

Adobe Acrobat Reader is already installed on most NASA computers. This free application includes the ability to digitally sign documents.

To add your digital signature to a PDF document, open the Certificate/Signature tool in Adobe Reader then select Digitally Sign and indicate where you want to place the signature. After validating the signature certificate on your PIV card, you will see an indication of your digital signature, including the time stamp, embedded in your document.

Signing Emails

Sign a Single Message

  1. In the message, on the Message tab, in the Security group, click Sign (look for the red ribbon).
    • If you don't see the Sign Message button, do the following:
      • In the message, click Options.
      • In the More Options group, click the dialog box launcher Dialog Box Launcher button on the ribbon in the lower-right corner.
      • Click Security Settings, and then select the Add digital signature to this message check box.
      • Click OK, and then click Close.
    • If you don't see the Sign Message button, you might not have a digital ID configured to digitally sign messages, and you need to do the following to install a digital signature.
      • On the File menu, click Options & Trust Center.
      • Under Microsoft Outlook Trust Center, click Trust Center Settings > Email Security
      • Click Import/Export to import a digital ID from a file on your computer, or click Get digital IDs to find a list of services that issue digital IDs for your use.
  2. Compose your message, and then send it.

Sign All Messages

  1. On the File tab, click Options >Trust Center.
  2. Under Microsoft Outlook Trust Center, click Trust Center Settings.
  3. On the Email Security tab, under Encrypted Mail, select the Add digital signature to outgoing messages check box.
  4. If available, you can select one of the following options:
    • If you want recipients who don't have S/MIME security to be able to read the message, select the Send clear text signed message when sending signed messages check box. By default, this check box is selected.
    • To verify that your digitally signed message was received unaltered by the intended recipients, select the Request S/MIME receipt for all S/MIME signed messages check box. You can request notification telling you who opened the message and when it was opened, When you send a message that uses an S/MIME return receipt request, this verification information is returned as a message sent to your Inbox.
  5. To change additional settings, such as choosing between multiple certificates to use, click Settings.
  6. Click OK on each open dialog box.

If you have questions about digital signatures, contact NASA Forms Manager Jennifer Rosenberger.

IT Requirements for Teleworking
RequirementWindowsMac
Government-issued or government-approved laptop with:
  • AnyConnect VPN software installed
  • Computer power cord
✔️✔️
High-speed Internet access from an Internet Service Provider (ISP)✔️✔️
VPN User Guide (Save a copy to your computer)✔️✔️
NASA PIV Smartcard badge and current PIN✔️✔️
External card reader – for VPN access✔️
AUID username (e.g., jdoe) and NDC password✔️
Access Launchpad password✔️
Voicemail password✔️✔️
Audio Conferencing (Instant Meeting Service) account information
Headset for Teams, Jabber or WebEx
SecurID token and eight-digit alpha-numeric PIN -- for VPN access

ONLY for users who do not have a PIV smartcard (NASA badge)
✔️✔️
SecurID token and eight-digit alpha-numeric PIN

ONLY if you require access to “token only” services
✔️✔️

Connecting a Personal Printer

** A Note About Personal/Home Printers **

When your NASA computer is connected to NASA's virtual private network (VPN), it can access only printers on the NASA network. If you want to connect wirelessly to your home printer, which is on your home Wi-Fi network, you must first disconnect from the NASA VPN. Once you disconnect from the NASA VPN, you are operating on your home Wi-Fi - the same network as your printer. Then you can connect to your home printer. To send print jobs to your home printer, you also must disconnect from the NASA VPN to reconnect to your printer.

Windows

  1. Press the Windows Key or click Start and type printer.
  2. Click Printers & Scanners.
  3. Click Add a printer or scanner and wait while the system searches.
  4. Windows should find your printer and install drivers automatically.

If your printer appears in the list but will not print, you may need to download a driver from the printer manufacturer. Refer to KB0018594 for instructions.

Mac

  1. Click the Apple logo in the upper-left corner of the screen.
  2. Click System Preferences.
  3. Click Printers & Scanners.
  4. If your printer is not listed, click the plus symbol (+) to add it.
    1. If the plus symbol (+) is grayed out, close System Preferences and reconnect to VPN.
    2. Open Applications and double-click the Self-Service icon.
    3. Select Setup from the left menu.
    4. Click Allow Printer Setup.
    5. Disconnect from VPN.
    6. Click System Preferences.
    7. Click Printers & Scanners and you should be able to click the plus symbol (+).
  5. After the system finds and gathers information from your printer, click Add.
  6. The system will set up your printer. Once the printer is set up, you will return to the main printer pane and your printer will appear on the left.

If you are unable to set up your home printer, ESD technicians are standing by to help. A technician can assist with loading printer drivers and getting your printer functional.

Please contact ESD or submit a ticket online. For expedited service, include your printer make and model number in your ticket.

Non-Portable NASA Equipment

NASA has implemented a temporary Equipment Take-Home policy for nonportable enterprise-managed equipment provided by the End User Services Program Office (EUSO). This temporary policy is intended to allow those who require a desktop system to effectively telework (contingent upon appropriate supervisor approval) and is limited to computers, monitors (including those used with laptops), mice, keyboards, and PIV card readers.

If employees havegovernment-owned computer equipment or equipment provided under a different contract (not EUSO), they should follow their center's existing procedures for taking property off site and ensure they have the appropriate approvals before doing so.

More information...

Peripherals

In the current telework environment, you may have the need to use your personal printer, monitor or mouse, or even use a headset for a meeting from a NASA computer. The following guidelines should be followed:

  • Allowed non-NASA device categories for wired and wireless connectivity to a GFP computer include a personally owned: monitor, keyboard, mouse, scanner, printer, home network router, headset and headphone.
  • Disallowed non-NASA device categories for connection to a GFP computer: USB/thumb drive external storage device, external hard drive, smart phone/tablet and any device that provides/offers data storage.