an update on efforts to implement a system to provide dynamic, comprehensive, real-time information regarding risk of unauthorized remote, proximity, and insider use or access, for all information infrastructure under the responsibility of the chief information officer, and mission-related networks, including contractor networks;

an assessment of whether the system has demonstrably and quantifiably reduced network risk compared to alternative methods of measuring security; and

an assessment of the progress that each center and facility has made toward implementing the system.

The program shall include, at a minimum, ongoing classified and unclassified threat-based briefings, and automated exercises and examinations that simulate common attack techniques.

All agency employees and contractors engaged in the operation or use of agency information infrastructure shall participate in the program.

Access to NASA information infrastructure shall only be granted to operators and users who regularly satisfy the requirements of the program.

The chief human capital officer of NASA, in consultation with the chief information officer, shall create a system to reward operators and users of agency information infrastructure for continuous high achievement in the program.