by Douglas MessierManaging Editor
NASA has failed to implement an effective cyber security program even though the valuable technical and intellectual capital it possesses “presents a high-value target for hackers and criminals,” according to a new report from the agency’s Office of Inspector General (IG).
“NASA has not implemented an effective Agency-wide information security program. [System Security Plan (SSP)] documentation for all six information systems we reviewed contained numerous instances of incomplete, inaccurate, or missing information,” the report stated.
“We also performed a limited review of the Agency Common Control (ACC) system, which aggregates and manages common controls across all Agency information systems, and found that many controls were classified as ‘other than satisfied,’ indicating they had been assessed as less than effective,” the document added.
The review criticized the NASA Office of the Chief Information Officer (OCIO) for failing to address the deficiencies in the space agency’s information security program.
The weaknesses exist because the chief information security officers at NASA’s field centers “often are responsible for managing large portfolios of information systems and do not always have resources available to ensure data” in the Risk Information Compliance System are accurate and complete, the report said.
The IG made ...