Home » News & Blogs » NASA Gets Failing Grade on Information Security
Bookmark and Share
Parabolic Arc

NASA Gets Failing Grade on Information Security

29 Jun 2020, 14:53 UTC
NASA Gets Failing Grade on Information Security
(200 words excerpt, click title or image to see full post)

by Douglas MessierManaging Editor

NASA has failed to implement an effective cyber security program even though the valuable technical and intellectual capital it possesses “presents a high-value target for hackers and criminals,” according to a new report from the agency’s Office of Inspector General (IG).

“NASA has not implemented an effective Agency-wide information security program. [System Security Plan (SSP)] documentation for all six information systems we reviewed contained numerous instances of incomplete, inaccurate, or missing information,” the report stated.

“We also performed a limited review of the Agency Common Control (ACC) system, which aggregates and manages common controls across all Agency information systems, and found that many controls were classified as ‘other than satisfied,’ indicating they had been assessed as less than effective,” the document added.

The review criticized the NASA Office of the Chief Information Officer (OCIO) for failing to address the deficiencies in the space agency’s information security program.

The weaknesses exist because the chief information security officers at NASA’s field centers “often are responsible for managing large portfolios of information systems and do not always have resources available to ensure data” in the Risk Information Compliance System are accurate and complete, the report said.

The IG made ...

Latest Vodcast

Latest Podcast

Advertise PTTU

NASA Picture of the Day

Astronomy Picture of the Day