Patents and Intellectual Property Information disclosing a new invention in which the Federal Government owns or may own a right, title, or interest. Candidate Descriptor 2007-01-26 2007-01-26 2007-01-27 13 Public Materials which have been reviewed and whose release to the public has been approved. Approved Descriptor 2007-01-26 2007-01-26 2007-01-27 4 FOIA-exempt Information originated within or furnished to NASA that falls under one or more of the exemption criteria of the Freedom of Information Act (5 U.S.C. §552). Other categories of SBU do not imply that the information has been determined to be exempt from disclosure under FOIA. Requests under FOIA, for information designated as SBU, will be reviewed and processed in the same manner as any other FOIA request. Candidate Descriptor 2007-01-26 2007-01-26 2007-01-26 10 Export Controlled Information subject to export control under the International Traffic in Arms Regulations (ITAR) or the Export Administration Regulations (EAR). Candidate Descriptor 2007-01-26 2007-01-26 2007-01-27 11 Classified Materials which have access controlled for reasons of national security. Materials should not be marked as "Classified", they must be marked according to the more specific classification levels of Confidential, Secret, or Top Secret. Classified materials must not be transferred to an unclassified system. Approved Node label 2007-01-26 2007-01-26 2007-01-27 2 Sensitive But Unclassified SBU Information, regardless of its form (digital, hard-copy, magnetic tape, etc.), the release of which could cause harm to a person's privacy or welfare, adversely impact economic or industrial institutions, or compromise programs or operations essential to the safeguarding of our national interests is designated as SBU to control or restrict its access. Information designated as SBU shall be afforded appropriate protection sufficient to safeguard it from unauthorized disclosure. Within NASA and the Federal Government, such information had previously been designated "FOR OFFICIAL USE ONLY." This designation was changed at NASA to "Administratively Controlled Information" for clarity and to more accurately describe the status of information to be protected. However, recent efforts to apply consistent terminology across multiple federal agencies have prompted NASA to change the designation to "Sensitive but Unclassified." Therefore the caveat "SENSITIVE BUT UNCLASSIFIED (SBU)" will be used to identify sensitive but unclassified information within the NASA community when that information is not otherwise specifically described and governed by statute or regulation. The use of caveats other than SBU will be governed by the statutes and regulations issued for the applicable category of information. (Source: NPR 1600.1 NASA Security Program Procedural Requirements, Section 5.2.4). Approved Descriptor 2007-01-26 2007-01-26 2007-01-26 3 Confidential Approved Descriptor 2007-01-26 2007-01-26 2007-01-27 6 Unreviewed Used to mark materials which have not been reviewed for relase to the public. Until they have been reviewed, the materials should be treated as Sensitive But Unclassified, with moderate levels of risk around compromise of their confidentiality, integrity, and availability. Approved Descriptor 2007-01-26 2007-01-26 2007-01-26 5 Privacy Act Information subject to the Privacy Act of 1974 (5 U.S.C. §552a). Candidate Descriptor 2007-01-26 2007-01-27 16 NASA Designated Information that is determined by a designated NASA official to be unusually sensitive (refer to paragraph 5.22.5. for decontrol provisions). The following are examples of such information. (1) Predecisional materials such as national space policy not yet publicly released, pending reorganization plans, or sensitive travel itineraries (2) Geological and geophysical information and data, including maps, concerning wells. (3) Center maps and/or plain text documents describing locations/directions (e.g., latitude, longitude, depth, etc.) of underground utility conduits (e.g., sewers, gas, data, communications, etc.). (4) Drawings and specifications that identify existing or proposed security measures for mission essential infrastructure designated assets or other key resources (5) Mission specific security plans that identify protective measures and procedures for assets that are sensitive in nature but are not classified. (Example: Payloads that utilize special nuclear materials, payloads that contain certain animal experiments, and STS missions, as determined by the CCS, etc.) (6) Emergency contingency or continuity of operations plans that provide detailed information regarding emergency response processes and procedures that, if publicized, could give a potential adversary vital information with which to thwart or compromise emergency response efforts. (7) Sensitive scientific and technical information (STI) (See NPD 2200.1 and NPR 2200.2 for requirements for documentation, approval, and dissemination of NASA STI). (8) Information that could result in physical risk to personnel. (9) NASA information technology (IT) internal systems data revealing infrastructure used for servers, desktops, and networks; applications name, version and release; switching, router, and gateway information; interconnections and access methods; mission or business use/need. Examples of information are systems inventories and enterprise architecture models. (10) Systems security data revealing the security posture of the system. For example, threat assessments, system security plans, contingency plans, risk management plans, Business Impact Analysis studies, and Certification and Accreditation documentation. (11) Reviews or reports illustrating or disclosing facility infrastructure or security vulnerabilities, whether to persons, systems, or facilities, not otherwise eligible for classification under Executive Order 12958, as amended. (12) Information that could constitute an indicator of U.S. government intentions, capabilities, operations, or activities or otherwise threaten operations security. (13) Developing or current technology, the release of which could hinder the objectives of NASA, compromise a technological advantage or countermeasure, cause a denial of service, or provide an adversary with sufficient information to clone, counterfeit, or circumvent a process or system. Candidate Descriptor 2007-01-26 2007-01-27 17 Space Act Information developed by NASA under a Space Act agreement and subject to section 303(b) of the Space Act (42 U.S.C. 2454(b)). Candidate Descriptor 2007-01-26 2007-01-27 15 Non-NASA Proprietary Proprietary information of others provided to NASA under a nondisclosure or confidentiality agreement. Small Business Innovative Research Data, Limited Rights Data, and Restricted Computer Software received in performance of NASA contracts Information concerning or relating to private entity trade secrets or confidential commercial or financial information received by a NASA employee in the course of government employment or official duties. Candidate Descriptor 2007-01-26 2007-01-26 2007-01-27 12 Top Secret Approved Descriptor 2007-01-26 2007-01-26 2007-01-27 8 Access Controls Based on NPR 1450.10D (for Classified) Section 8and NPR 1600.1 (NASA Security Program Procedural Requirements), Section 5.24, and discussions with the NASA Taxonomy Team. This vocabulary is not intended for designing systems. It is intended to be used to mark individual information items so that their access can be controlled properly when they are moved between systems. For selecting the proper access controls when designing information systems, see NASA NPR 2810 and NASA IS-SOP-0019B. Approved Descriptor 2007-01-26 2007-01-26 2007-01-26 1 Procurement Sensitive Source selection and bid and proposal information. Candidate Descriptor 2007-01-26 2007-01-26 2007-01-27 14 Secret Approved Descriptor 2007-01-26 2007-01-26 2007-01-27 7