Skip to main content
Report File
Date Issued
Submitting OIG
National Aeronautics and Space Administration OIG
Other Participating OIGs
National Aeronautics and Space Administration OIG
Agencies Reviewed/Investigated
National Aeronautics and Space Administration
Report Number
IG-23-017
Report Description

Cybersecurity remains one of NASA’s top management challenges. While NASA’s information security program maintained a Level 3 rating this year, it still falls short of what the Office of Management and Budget considers effective.

Report Type
Inspection / Evaluation
Agency Wide
Yes
Questioned Costs
$0
Funds for Better Use
$0

Open Recommendations

This report has 6 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
27 No $0 $0

Ensure that each information system owner of external systems has a current ISA that defines how each entity will manage, operate, use, and secure the interconnection.

20 No $0 $0

Continue its efforts to prioritize projects that address the complexities required across EL tiers to meet the intermediate (EL2) maturity level in accordance with OMB M-21-31.

8 No $0 $0

Revise its policies and procedures to document and implement a lessons learned process based on risk events within the ISCM and Risk Management areas. System security personnel should be instructed to record, analyze, and revise control activities to improve NASA's security posture.

11 No $0 $0

Continue to implement the necessary entity-wide oversight to improve enforcement mechanisms and controls to ensure all standard baselines and vulnerabilities are monitored and remediated in accordance with Federal and Agency requirements.

15 No $0 $0

Ensure that the security controls in control families PM, PT, and SR are updated and defined within the Agency's ISCM strategy.

16 No $0 $0

Document the NMI process in NASA's ISCM Strategy to ensure its hardware inventory monitoring process is accurate, complete, and fully aligns with NASA's other continuous monitoring guidance and integrates processes, associated outputs, and incorporates results to provide situational awareness.

National Aeronautics and Space Administration OIG

United States