Cybersecurity remains one of NASA’s top management challenges. While NASA’s information security program maintained a Level 3 rating this year, it still falls short of what the Office of Management and Budget considers effective.
Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
27 | No | $0 | $0 | ||
Ensure that each information system owner of external systems has a current ISA that defines how each entity will manage, operate, use, and secure the interconnection. | |||||
20 | No | $0 | $0 | ||
Continue its efforts to prioritize projects that address the complexities required across EL tiers to meet the intermediate (EL2) maturity level in accordance with OMB M-21-31. | |||||
8 | No | $0 | $0 | ||
Revise its policies and procedures to document and implement a lessons learned process based on risk events within the ISCM and Risk Management areas. System security personnel should be instructed to record, analyze, and revise control activities to improve NASA's security posture. | |||||
11 | No | $0 | $0 | ||
Continue to implement the necessary entity-wide oversight to improve enforcement mechanisms and controls to ensure all standard baselines and vulnerabilities are monitored and remediated in accordance with Federal and Agency requirements. | |||||
15 | No | $0 | $0 | ||
Ensure that the security controls in control families PM, PT, and SR are updated and defined within the Agency's ISCM strategy. | |||||
16 | No | $0 | $0 | ||
Document the NMI process in NASA's ISCM Strategy to ensure its hardware inventory monitoring process is accurate, complete, and fully aligns with NASA's other continuous monitoring guidance and integrates processes, associated outputs, and incorporates results to provide situational awareness. |