Zero trust architecture (ZTA) is a cybersecurity approach based on continual verification of each user, device, application, and transaction to protect critical systems and data. NASA has made progress implementing ZTA across its corporate systems (managed by the Office of the Chief Information Officer). However, by delaying ZTA implementation of non-corporate (mission and Jet Propulsion Laboratory) systems, the Agency is missing an opportunity to address enterprise-wide issues that will impact ZTA adoption within the non-corporate environment.
Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
1 | No | $0 | $0 | ||
Collaborate with mission directorate officials to update NASA’s ZTA implementation plan to include all efforts associated with the transition to ZTA within the non-corporate environment. | |||||
2 | No | $0 | $0 | ||
Develop a centralized process to track legacy systems that details deficiencies along with operational, technical, and financial constraints to determine a best course of action for remediation. | |||||
3 | No | $0 | $0 | ||
Embed OCIO subject matter experts within the mission directorates to provide Agency-focused advocacy and expertise to analyze mission system cybersecurity compatibility and operational complexities. | |||||
4 | No | $0 | $0 | ||
Engage mission directorates as ZTA pathfinders to identify and evaluate early adoption use-case candidates, employ a “test like you fly” approach, and provide insight to potential issues. |