Skip to main content
Report File
Date Issued
Submitting OIG
National Aeronautics and Space Administration OIG
Agencies Reviewed/Investigated
National Aeronautics and Space Administration
Report Number
IG-25-004
Report Description

Zero trust architecture (ZTA) is a cybersecurity approach based on continual verification of each user, device, application, and transaction to protect critical systems and data. NASA has made progress implementing ZTA across its corporate systems (managed by the Office of the Chief Information Officer). However, by delaying ZTA implementation of non-corporate (mission and Jet Propulsion Laboratory) systems, the Agency is missing an opportunity to address enterprise-wide issues that will impact ZTA adoption within the non-corporate environment.

Report Type
Audit
Agency Wide
Yes
Number of Recommendations
4
Questioned Costs
$0
Funds for Better Use
$0
Report updated under NDAA 5274
No

Open Recommendations

This report has 4 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
1 No $0 $0

Collaborate with mission directorate officials to update NASA’s ZTA implementation plan to include all efforts associated with the transition to ZTA within the non-corporate environment.

2 No $0 $0

Develop a centralized process to track legacy systems that details deficiencies along with operational, technical, and financial constraints to determine a best course of action for remediation.

3 No $0 $0

Embed OCIO subject matter experts within the mission directorates to provide Agency-focused advocacy and expertise to analyze mission system cybersecurity compatibility and operational complexities.

4 No $0 $0

Engage mission directorates as ZTA pathfinders to identify and evaluate early adoption use-case candidates, employ a “test like you fly” approach, and provide insight to potential issues.

National Aeronautics and Space Administration OIG

United States