[All] ESPO PLEASE READ

Vasques, Marilyn F. (ARC-SGG) marilyn.vasques at nasa.gov
Mon Aug 8 13:20:00 PDT 2022 

All (Please read this whole email),

Do not post PII to the website without checking with the web admins first. Restricted pages and shared files are not secure.

A file that contained PII was recently posted to our website. This file needed to be shared with a number of people, but also contained the PII of all of those people. Our Web Admins tell me that uploading on Restricted Pages and posting in Shared Files are not secure enough. Both of these are accessible to the entire mission participants group. A file with PII must only be shared with those who NEED TO have access.  Also note that uploading files as Public Documents and then linking on the restricted page does not restrict access to the file.

I understand the often urgent need to disseminate information to the team as part of an active mission but when it comes to PII you need to be extra careful. Please note that there is only one place on the website that it is safe to post PII without talking with the web admins first.  This is uploading a document to an individual’s PII page.  While we generally think about this as a place they post files, you also have the ability to place files there that they can then access securely.

Steps to think about when dealing with a file that contains PII and must be shared:

  *   Can you send the person an encrypted email, use SAFE (CAC card required) to send them the file, or upload it to their PII Profile?
  *   Can the PII be erased from the file, or at least leave only the last 2 digits?
     *   Use Preview and Tools > Redact to cover the area in question.  Do not just stick a white box over the section.
  *   Password protecting the file is a good idea using a unique password, not the general mission password.  This password should be shared with the intended recipients in a manor different than the file is shared.

If you ever have a question about how to post a file, or if a file contains PII please don’t hesitate to ask our web admins. sysadmin at espo.nasa.gov<mailto:sysadmin at espo.nasa.gov>

Thank you for your help in keeping this information secure.
 M



-- Marilyn Vasques
ESPO Director
NASA Ames Research Center
MOBILE:  650-417-8796
OFFICE:  650-604-6120
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://espo.nasa.gov/pipermail/all/attachments/20220808/25402120/attachment-0001.htm>

More information about the All mailing list