GAO Cites Gaps in NASA’s IT Mgmt Practices for Cybersecurity, Workforce Planning

The Government Accountability Office has found deficiencies in NASA’s implementation of information technology management practices.

GAO said in a report published Tuesday those deficiencies were observed in the space agency’s practices for cybersecurity, governance, workforce and strategic planning.

NASA falls short of implementing an effective cybersecurity risk management process that includes the establishment of a data security program plan; cyber risk management strategy; executive oversight of risks; and related policies to safeguard information systems, according to the report.

“Until NASA leadership fully addresses these leading practices, its ability to ensure effective management of IT across the agency and manage cybersecurity risks will remain limited,” GAO wrote.

The congressional watchdog found that NASA does not evaluate staffing and competency requirements and has failed to document processes related to IT strategic planning in agreement to leading practices.

Check Also

NSA

NSA Warns of Cyber Vulnerability in Email Transfer Software

The National Security Agency has identified a vulnerability that Russian cyber actors take advantage of to attack mail transfer networks. Sandworm Team, a Russian military group, has exploited the CVE-2019-10149 vulnerability found in the Exim software that Linux and Unix systems use as a mail transfer agent, NSA said Thursday.

Leave a Reply

Your email address will not be published. Required fields are marked *