A recent report from the Government Accountability Office reveals that NASA completed some cybersecurity tasks for its major projects, but did not fully execute key elements of its cybersecurity risk management program.
The report, released on Wednesday, is based on GAO’s evaluation of NASA’s cybersecurity policies and risk management processes for four selected systems. According to the government watchdog, the space agency has yet to conduct an organization-wide risk assessment, a vital step for identifying and mitigating high-priority cyber threats across its systems.
GAO also found that selected NASA systems did not document system-level continuous monitoring strategies due to the lack of guidance on how to do so. “Without documented strategies that are fully understood by key cyber personnel, organizations face increased risks of data breaches, delayed detection of threats, and slower responses to attacks,” the report said.
The space agency’s cybersecurity risk management program follows guidelines from the National Institute of Standards and Technology, which outlines seven key steps for risk management: prepare, categorize systems, select controls, implement controls, assess control implementation, authorize systems, and continuously monitor security controls. The report found that while NASA had partially or fully implemented most steps, important activities within these steps remained incomplete.
NASA to Invest $80B in Space Exploration Projects
GAO said a comprehensive cybersecurity risk management program is critical to protecting NASA’s systems and information, particularly as the agency plans to invest $80 billion in developing spacecraft and systems for exploring the Earth, the moon and the solar system.
GAO issued 16 recommendations for NASA to address cybersecurity weaknesses. Among the key recommendations are conducting an organization-wide risk assessment, improving the documentation of control assessments, and ensuring that critical controls are properly applied and monitored.
NASA concurred with seven recommendations, partially concurred with four recommendations, and did not concur with the remaining five recommendations.
Related Articles
The Senate Appropriations Committee on Thursday voted 26-3 to pass a bill that would appropriate $851.9 billion in discretionary defense funding for fiscal year 2026. Weapons Systems Procurement The committee said Thursday the proposed FY 2026 Defense Appropriations Act would allocate $171.3 billion for weapon systems procurement and $140.5 billion for platform research, development and testing. The measure includes a $280 million increase in funding for F-135 spare engines and an additional $500 million for F-35 sustainment spare parts; an additional $216 million for drone and counter-drone tech capabilities; $4.6 billion more for air and missile defense efforts; and a
NASA wants to team up with industry to develop advanced space technologies for future commercial or government use. The space agency on Wednesday issued an announcement of collaboration opportunity, or ACO, to solicit partnership proposals. Managed by the Space Technology Mission Directorate, the ACO gives industry partners access to NASA subject matter expertise, facilities, software and hardware to accelerate and enhance capability development. According to NASA, the ACO will be open for five years and will serve as an umbrella opportunity for topic-specific appendices that would be released every six to 12 months to address evolving needs. For the 2025
Robert F. Kennedy, Jr., head of the Department of Health and Human Services, and other government and healthcare technology leaders have committed to delivering a patient-centric digital health ecosystem. At an event hosted by the Centers for Medicare & Medicaid Services at the White House, over 60 companies pledged to collaborate and deliver results that benefit the public in the first quarter of 2026. Meanwhile, 11 health systems and providers said they will support patient use. Seven electronic health record companies pledged to facilitate data exchange. According to Kennedy, bureaucrats and entrenched interests have made health data inaccessible to patients,