NASA – Extensible Control Assessment Tool (NeCAT)

Help NASA improve its cyber security posture by providing an easy to use assessment tool!

Purpose: The NASA Risk Management Framework is used to ensure compliance with federal standards issued by the National Institute of Standards and Technology (NIST). These standards allows the classification, management and tracking of cyber security risks related to all systems and components in the centers and agency. A control assessor performs periodic examination of compliance using a number of methods. Therefore, having a tool to record findings that is both mobile friendly and scalable to new standards would enable these assessors to perform more in-depth assessments to a wider set of controls in less amount of time.

Background: Control assessments are conducted in order to validate (via tests, examination and interviews) operational, administrative and technical controls based on standards defined by NIST. Some of these standards include, Special Publications (SP) 800-37, SP 800-53 Rev.4, and SP 800-53A Rev.4 which form the Risk Management Framework (RMF) for federal systems compliance. NIST SP 800-53A provides a list of functional controls categorized by “Control Families” as well as minimum security control impact (High, Moderate, Low, and Optional). Although, NIST SP 800-53A is the main standard used for federal systems, there are other industry standards such as (PCI DSS, NIST SP 800-171, etc.) which may be used to assess a specific system or organization. A Security Control Assessors (SCA), performs assessments, to validate functional control implementation. As such, SCAs are required to document findings (weaknesses or comments) regarding whether controls in placed are “Satisfied” (working) or “Other than Satisfied” (not working). SCAs also provide recommendations to be implemented in order to satisfy control found to be “Other than Satisfied.”

Challenge: To develop a scalable, responsive, and user-friendly web-based application that allows for easy selection of standards, controls, and related questionnaire to perform faster and targeted on-site assessments. The application could be an object-relational database and at the end of an assessment, it should be able to generate a report indicating date, control status and any findings (weaknesses, comments and recommendations) pertaining to the control(s) assessed.

A file with a full control list, and exportable fields is included. Columns highlighted in yellow denote mandatory fields for identification, blue and green fields denote user-defined fields.

Must Include:

  1. Implement mass import of standard baselines (e.g., NIST SP 800-53A Rev.4) via .xlsx, .csv, or xml file formats.

  2. Allow import of additional control standards and update to current ones via file import.

  3. Selection of control standard as well as being able to filter a subset of controls based on “control family” categorization and minimum risk impact (H, M, L, O).

  4. Further selection of sub-set controls to be assessed at the discretion of the control assessor.

  5. Easy to use interface for mobile use for on-site assessments, (laptop, tables or mobile devices) with optimal view of control descriptions and implementation details.

  6. Generate report of all selected controls with date, assessor name, control status, comments (findings) and method of assessment.


  1. Allow for manual update of individual control description [organization defined values] within a specific control standard.

  2. Selection of Authorization Package information (AA) or “security plan” name and ID from a defined list (imported via .xlsx file), as well as manual input of Authorization Package information when predefined data is not available.

  3. Link a security plan name to a specified ID.

  4. Allow for an AA, or security plan to be rated at (low, moderate or high) risk, and automatically allocate all controls corresponding to its own risk impact level.

  5. Module that allows creation of a questionnaire which answers (True/False or Fail/Pass) can be linked to one or several controls, their status (satisfied, other than satisfied), assessment method used to validate control and findings/recommendations/comments.

  6. Allow to filter controls within an AA based on responsibility (agency, center, or system).


  1. Risk impact categorization under NIST SP 800-53A implements a scalable rating, where all low impact risk controls are included in all moderate risk plans, and all moderate risk controls are included in high impact risk plans. Low risk plans, DO NOT include any controls above its own risk impact rating.

Figure 1: Hierarchical relationship of data


NIST Special Publications: 800

NIST SP 800-53 (Rev. 4):

NIST SP 800-53A (Rev. 4):

NIST Baseline Tailor Tool:

Magnetic Shield

Design a magnetic field configuration with current carrying conductors to deflect cosmic charged particles away from a spaceship traveling outside of a planetary magnetosphere. In other words, construct a magnetic cavity (a magnetosphere) encompassing a spaceship.  Specify as many parameters as you can, such as the magnetic field strength at the spaceship and at the current carrying elements; the geometry (shape) of the magnetic cavity with dimensions; the magnitude of the currents in the conducting elements; the plasma density and temperature of the trapped solar plasma; as well as other influencing parameters.

Create a Podcast from the NASA Image and Video Library Collection

Using the API for the NASA Image and Video Library, create a podcast based on searching a particular tag.

Write code to create a valid podcast RSS feed for a video podcast based on searching the NASA Image and Video Library using the Collection+JSON-based API for the tag “ScienceCasts”. 

The NASA website at is a large, fast-growing collection of the best of NASA’s video, audio, and still images. The current site is focused on Search of the collection. It is built for the Cloud, using dynamic page creation with a responsive design. The underlying collection returns query results in in the form of Collection+JSON content.

The code must:

  • Produce a valid RSS feed (per containing the 20 most recent videos matching the ScienceCasts keyword, linking to the “Large” version of the file in the collection.


  • Map metadata from each item to the appropriate metadata fields in the RSS feed
  • Include extension fields to support iTunes Music Store

Create Website to Browse the NASA Image and Video Library Collection

Using the API for the NASA Image and Video Library, create a web site that will allow browsing of the complete collection of the NASA Image and Video Library collection. 

The NASA website at is a large, fast-growing collection of the best of NASA’s video, audio, and still images. The current site is focused on Search of the collection. It is built for the Cloud, using dynamic page creation with a responsive design. The underlying collection returns query results in in the form of Collection+JSON content.

The task entails creating a website to browse the collection. The minimal successful implementation would index all the detail pages in the NASA Image and Video Library collection so that an outside search engine (e.g. Google, Bing, or DigitalGov) can navigate the site and index all the detail pages. However, there are a set of additional features that come into play to determine the best of successful implementations.

The site must:

  • Include a link to the detail page of each item in the collection


  • Display the thumbnail of each item in the collection, linked to the corresponding detail page
  • Be dynamically generated, so content is complete for each visitor
  • Be fully usable across multiple browsers and platforms
  • Be fully accessible, including informative alt tags for all images
  • Able to order results by various categories (dates starting with oldest, dates starting most recent, alphabetical by title, sorted by Center, etc.)
  • Aesthetically pleasing presentation.

Non-pyrotechnic Separation and Deployment Mechanisms

Currently, separation of stages, shrouds, and boosters is most often accomplished with the use of pyrotechnic devices.  Small low cost launch vehicle would benefit from non-pyrotechnic separation and deployment systems in both the development and operational phases.  This challenge is aimed at addressing that need.  Participants must design, build, and demonstrate a launch vehicle interstage that utilizes a non-pyrotechnic separation device.

Launch Vehicle Interstage Demonstration Requirements

The interstage demonstrator shall:

  • connect a 4 inch diameter stage to a 3 inch diameter stage
  • withstand an axial compressive load of 2,000 lbf
  • survive a 500 lb-ft bending moment
  • separate the 4 inch stage from the 3 inch stage with a remotely/programmed actuator
  • separation must occur in a 10 ft drop test
  • no component of the interstage or separation mechanism shall recontact the 3 inch stage before contacting the floor

In addition the following factors will be considered:

  • weight of the interstage and separation mechanisms (lower is better)
  • ability to scale up to a 20 inch diameter stage
  • costs including manufacturing, test, and operations

Earth Sensing for Situational Awareness

Hashtags: #earth, #earthsensing, #earthobserviz, #earthrightnow, #aircheck, #earthlive

Tags: data visualization, imagery, model, platform


Combined Earth observations can inform travelers of upcoming delays and hazards; inform environmental and space scientists of improved collection methods for remote sensing; support research scientists in understanding correlations of various Earth events; allow communities to understand air quality assessments and how it has affected their communities over time; help aid organizations in understanding historical, current, and future implications of geological events, such as landslides, floods, droughts, and storms; and many more potential uses.

NASA has a variety of Earth observations that are publically available that can allow for enhancing existing weather or mapping applications.  Additionally, NASA provides a large amount of Earth observation data in near real-time, for example, temperature, precipitation, clouds, ozone, Sulphur dioxide, snow cover, and wildfires.  Other sites provide real-time aircraft and satellite tracking.  Combining this information can put data into context to allow scientists, travelers, students, pilots, and communities to better understand previous events, current situational assessments, and planning for potential hazards.  



This challenge is an agglomeration of previous challenges, wrapped up into a one-stop-shop of Earth observation information to assist in understanding previous events, current situational assessments, and planning for potential hazards.  The app’s main users could be space scientists, Earth scientists, travelers, air traffic specialists, pilots, and students.


This challenge consists of three parts:

  • Combine Earth observations into a 3D globe with the possibility to display that information on a 2D map inset. Observations may include imagery, wind, pressure, wave height, thermal, UV levels, cloud information (height, type, etc.), relative humidity, air quality index (AQI), volcanic plumes, dust storms, dust clouds, fires, landslides, floods, droughts, terrain change, gravity fields, significant storms or other Earth observation data on a 3D globe right in your web browser or application. Information can be from NASA, NOAA, crowd-sourced information, weather stations, or any other sources.

  • Combine live flight information, so travelers, pilots, air traffic personnel can see in real-time potential hazards affecting air travel.

  • Combine live satellite orbiting information, so users can see when the last satellite pass has observed a specific area and when it may potentially observe again. This can include multiple orbit regimes, such as LEO and GEO.



  • HINT: Many open-source tools are out there to support this effort, including past NASA Space App Challenges.

  • Earth Observation Data:

    • The app should allow users to: input the coordinates or use user geo-located coordinates on Earth to extract local data values onto a 3D terrain map; retrieve Earth observation data in near real-time; visualize Earth observation data globally and locally (e.g. zoom); include historical observations for the users to see past significant events, include location max, min, and average values of conditions; and provide an interactive globe or map with data visualization layers.

    • Auto-identify countries, cities, states, rivers, and other features in the map.

    • Include observations not just at ground or top of the atmosphere, but at all aspects of the atmosphere.

    • If travelers do not have access to internet, allow the app to be downloaded and used off-line. Once the user is back on-line, the user may help improve the app information by uploading information observed to a database. This might include the location, time the data were collected, descriptions, and other metadata.  When the user has network access, the app could allow the user to interact with the existing map user interface to select imagery that can be downloaded and cached for offline use; provide map information within a certain spatial extent; and/or let people gather and record data that can be uploaded to a database afterwards, ideally as a layer on the map.

    • Option to include prediction-modeling overlay, such as where the storms will track, air pollution warnings, etc.  

  • Aircraft Data:

    • Show all aircraft flights with visualized flight information (altitude, speed, etc.)

    • Provide baseball card style statistics on individual flight information

    • Using the locator on the mobile device and various airport locations, the app should convey the expected weather conditions to the nearest possible time of departure. Based on flight safety rules, the app should predict whether the flight will take off on time or be delayed.

  • Satellite Data:

    • Show the trajectory of satellites in real time and allow for historical track display

    • Show aggregate and individual satellite tracks and data

    • Provide baseball card style statistics on individual satellites linking it to their data



Resource Type




NASA Codes for Various Projects

Various codes that may be helpful in the project

NASA Earth Data in Google Maps

Uses Global Imagery Browse Services (GIBS)


NASA Earth Data Resources, Formats, and Tools


The data format is not always the same across all NASA Earth data products, though HDF is one of the more common formats.  Second link has a list of tools available.

NASA Processed Data Information

If you’re trying to insert data values into a database, we suggest starting with Level 3 data products as they are usually gridded and available globally.

Google Earth Maps

Mobile device GPS locator

USGS 3D Maps



Check out ArcGIS Online.

Maps from Balloon and Kite Photography 


Earth Observation Resources

NASA World View 


NASA Visible Earth


NASA Earth Observations

Precipitation, landslides, elevation data, gravity, natural disaster tracker, sea, ice,



ESA Observation Data

Includes a variety of observations, including gravity, magnetic fields


MODIS and MISR for fires and pollution outbreaks; Models – HYSPLIT for trajectory predictions, GEOS-Chem (Stratospheric intrusions), NRL-NAAPS, SmartFire Secondary Data; and CALIPSO, OMI for vertical resolution and volcanic eruptions.

NCAR Hysplit

HYbrid Single-Particle Lagrangian Integrated Trajectory


3-D chemical transport algorithm


Navy Aerosol Analysis and Prediction System

EPA Toxics Release Inventory


Plant Observations



Data access, National Data Buoy Center

Bird Observations 


Various (bird, bugs, animals, etc.) Observations


Blue Sky Air Quality


Earth Wind Speeds


SERVIR Products


Open Weather Map

Various maps with APIs

Canadian Weather Forecasts


European Weather Forecasts


Japan Weather Forecasts


Aviation/Aircraft Resources

Aviation Weather Data



Airport status and delay information; FAA web-based weather services

NOAA Aviation Weather Center


Article on Weather Effects on Aviation




Live/Historical Aviation Tracking


Satellite Resources

Satellite Tracking


Tracking Information

Two-line Element: a data format used to convey sets of orbital elements that describe the orbits of Earth-orbiting satellites. A computer program called a model can use the TLE to compute the position of a satellite at a particular time.


Mechanical tracking system for tracking a low earth orbit satellite

Develop a mechanical tracking system platform built to accurately track the location of a low earth orbit satellite (including ISS, Hubble, any commercial crew or cargo vehicles, etc.) as it passes across the sky.  Bonus points if it has some indicator for when the satellite is visible from the platform’s location (above the horizon AND dark skies AND satellite still in sunlight AND etc.).  Inputs to the system would be simply the platform’s lat/long location and the Keplarian two-line element data for whatever satellite you want to track.  Output would be a dynamically moving platform (with maybe a mounted drinking straw or something that can be used like a telescope) pointing to the satellite’s real-time location.

Here’s an example of a recent Keplarian two-line element set for ISS (with explanation):

1) 25544U 98067A   17080.51624851.0001671700000-010270-3 09016

2) 2554451.6409 115.3209 0007348 320.122839.9384 15.542122018117

Epoch (UTC): 21 March 2017 12:23:23

Eccentricity: 0.0007348

inclination: 51.6409°

perigee height: 399 km

apogee height: 409 km

right ascension of ascending node: 115.3209°

argument of perigee: 320.1228°

revolutions per day: 15.54212201

mean anomaly at epoch: 39.9384°

orbit number at epoch: 811

Virtual and Augmented Reality Worlds for Earth Science Missions

Hashtags: #3D, #intermediate, #earthobservation


Most of the currently available Virtual Reality (VR) and Augmented Reality (AR) content is experimental demonstrations or oriented towards entertainment. Recently, VR and AR systems have become more affordable for laboratories and citizen scientists. Application Programming Interfaces (API) are code libraries that enable the development of VR and AR applications and web-apps. The NASA Open Data website provides API to existing data sets.


Viewing large data sets and Computer Aided Design (CAD) models with VR or AR enables scientists and engineers to gain a better understanding of relationships among the data points or parts of the model. This challenge requests VR and AR models of Earth Science systems and mission data. Desirable interactivity features include a capability to filter or highlight portions of a data set, navigating through the model, and resizing the model. If the development team has access to VR gloves or controllers then other desired features include interactive selection and movement of objects within the VR or AR world.


Links to articles and websites in the Sample Resources section provide some information about how NASA currently uses VR, the NASA Open Data repository, recommendations for developing VR and AR models for the web, and information VR and AR APIs and standards. When developing a VR or AR web-app or application, consider standard file formats so that it can be used for viewing more than one model. Conversion utilities to translate existing data into a standard format would be a beneficial contribution. If the plan is to develop a web-app demonstrate it by deploying a web-page with the embedded web-app. Code ought to be well commented and documented so that it can be adapted and reused for other projects.

Sample Resources