The Government Accountability Office has found deficiencies in NASA’s implementation of information technology management practices.
GAO said in a report published Tuesday those deficiencies were observed in the space agency’s practices for cybersecurity, governance, workforce and strategic planning.
NASA falls short of implementing an effective cybersecurity risk management process that includes the establishment of a data security program plan; cyber risk management strategy; executive oversight of risks; and related policies to safeguard information systems, according to the report.
“Until NASA leadership fully addresses these leading practices, its ability to ensure effective management of IT across the agency and manage cybersecurity risks will remain limited,” GAO wrote.
The congressional watchdog found that NASA does not evaluate staffing and competency requirements and has failed to document processes related to IT strategic planning in agreement to leading practices.