Audit of NASA’s Zero Trust Architecture

View Report

Date Issued

Thursday, March 27, 2025

Submitting OIG

National Aeronautics and Space Administration OIG

Agencies Reviewed/Investigated

National Aeronautics and Space Administration

Report Number

IG-25-004

Report Description

Zero trust architecture (ZTA) is a cybersecurity approach based on continual verification of each user, device, application, and transaction to protect critical systems and data. NASA has made progress implementing ZTA across its corporate systems (managed by the Office of the Chief Information Officer). However, by delaying ZTA implementation of non-corporate (mission and Jet Propulsion Laboratory) systems, the Agency is missing an opportunity to address enterprise-wide issues that will impact ZTA adoption within the non-corporate environment.

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

External Link

https://oig.nasa.gov/wp-content/uploads/2025/03/final-report-ig-25-004-audit-of…

Open Recommendations

This report has 4 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
1	No	$0	$0
Collaborate with mission directorate officials to update NASA’s ZTA implementation plan to include all efforts associated with the transition to ZTA within the non-corporate environment.
2	No	$0	$0
Develop a centralized process to track legacy systems that details deficiencies along with operational, technical, and financial constraints to determine a best course of action for remediation.
3	No	$0	$0
Embed OCIO subject matter experts within the mission directorates to provide Agency-focused advocacy and expertise to analyze mission system cybersecurity compatibility and operational complexities.
4	No	$0	$0
Engage mission directorates as ZTA pathfinders to identify and evaluate early adoption use-case candidates, employ a “test like you fly” approach, and provide insight to potential issues.