OIG Report: NASA Must Improve Info Security Controls, Contingency Plans

OIG Report: NASA Must Improve Info Security Controls, Contingency Plans

NASA’s Office of the Inspector General (OIG) has found that the agency failed to implement an enterprise-wide information security program and that it had inaccurate and incomplete security plans for six information systems.

The OIG said in a report that four out of six systems were operating without contingency plans or with outdated plans meant to meet requirements under the Federal Information Security Modernization Act (FISMA).

The report also states that many of NASA’s common controls for information systems were “other than satisfied” and that the Office of the Chief Information Officer (OCIO) is yet to address deficiencies through a system security plan (SSP).

According to the IG, NASA must issue clarifying policy guidances and ensure that agency-wide oversight procedures identify risk assessment operations and corrective actions.

The IG noted that having information systems with outdated or no contingency plans puts the agency “at an unnecessarily high risk” and is "threatening the confidentiality, integrity, and availability of NASA information maintained in those systems."

You may also be interested in...

Troy Rudd

AECOM Moves Global Headquarters to Los Angeles; Troy Rudd Quoted

AECOM will relocate its global headquarters from the Century City business district in Los Angeles to downtown Los Angeles, effective January 1, 2021. The company will close its offices at 1999 Avenue of the Stars and consolidate its headquarters and Corporate employees into existing AECOM offices at 300 South Grand Avenue.