Audit of Space Force’s Implementation of Software Assurance for the Next Generation Overhead Persistent Infrared Program

View Report

Date Issued

Friday, October 4, 2024

Submitting OIG

Department of Defense OIG

Other Participating OIGs

Department of Defense OIG

Agencies Reviewed/Investigated

Department of Defense

Report Number

DODIG-2025-001

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

Open Recommendations

This report has 7 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
D-2025-0001-D000CS-0001-0001	No	$0	$0
(U) Rec. 1: The DoD OIG recommended that the Under Secretary of Defense for Research and Engineering revise program protection plan guidance to include a process for the identification of software assurance risks and steps for how the acceptance of risks should be tracked, if left unmitigated.
D-2025-0001-D000CS-0001-0002.a	No	$0	$0
(U) Rec. 2.a: This recommendation is Controlled Unclassified Information
D-2025-0001-D000CS-0001-0002.b	No	$0	$0
(U) Rec. 2.b: This recommendation is Controlled Unclassified Information
D-2025-0001-D000CS-0001-0002.c	No	$0	$0
(U) Rec. 2.c: This recommendation is Controlled Unclassified Information
D-2025-0001-D000CS-0001-0002.d	No	$0	$0
(U) Rec. 2.d: This recommendation is Controlled Unclassified Information
D-2025-0001-D000CS-0001-0003.a	No	$0	$0
(U) Rec. 3.a: The DoD OIG recommended that the Next Generation Overhead Persistent Infrared Program Manager ensure that the Geosynchronous Earth Orbit Program Protection Lead regularly updates the Geosynchronous Earth Orbit program protection plan, at a minimum annually, to accurately reflect the program management office and contractor's progress implementing software assurance activities.
D-2025-0001-D000CS-0001-0003.b	No	$0	$0
(U) Rec. 3.b: The DoD OIG recommended that the Next Generation Overhead Persistent Infrared Program Manager submit the program protection plan to the Milestone Decision Authority for approval, in accordance with the Air Force Systems Security Engineering Cyber Guidebook.