BEGIN ARTICLE PREVIEW:
The Office of the Inspector General (OIG) at NASA blamed the lack of information security programs, missing contingency plans, and ineffective IT security handbooks for the agency’s Federal Information Security Modernization (FISMA) Act shortcomings in Fiscal Year 2019.Following an October 2019 report concluding the NASA’s information security program was less than ideal, inspectors general evaluated NASA from March 2019 through May 2020 for the June 25 report to further understand why the program struggles. Overall, OIG concluded that NASA is facing an “unnecessarily high level of risk” that threatens the security of agency information.
“NASA information security personnel are not sufficiently aware of agency information security policies and procedures, and the current oversight process does not ensure that delinquent information security assessments are identified and mitigated,” the report reads. “As a result, information systems throughout the agency face an unnecessarily high level of risk that threatens the confidentiality, integrity, and availability of NASA’s information.”
Of the six system security plans reviewed by the inspectors general, four were operating without contingency plans. While three updated their plans during OIG’s evaluation process, the auditors noted that the NASA CIO has not addressed other deficiencies in the agency common control system security plans …
END ARTICLE PREVIEW