NASA Faces Significant Challenges in Transitioning to a Continuous Monitoring Approach for Its Information Technology Systems

NASA Inspector General Paul K. Martin today released a report that found significant challenges with NASA’s ongoing transition from an information technology (IT) security oversight approach that relied on periodic, static assessments to one that emphasizes ongoing and continuous monitoring of Agency systems.

The Federal Information Security Management Act of 2002 (FISMA) requires NASA and other Federal agencies to annually report on the security posture of their information systems. Prior to May 2010, NASA assessed the security posture of its systems using a “snapshot” certification and accreditation (C&A) process in which the Agency assessed security on a periodic schedule and at a fixed point in time. However, in May 2010 NASA announced a new approach that emphasizes the need to continuously monitor components connected to NASA’s systems and focuses on critical controls that protect against the most common IT security incidents NASA has experienced.

The Office of Inspector General (OIG) reviewed NASA progress in this transition to determine whether the Agency was establishing a solid foundation for a continuous monitoring program.

We found that NASA has not successfully transitioned from its former “snapshot” C&A process to a fully implemented continuous monitoring program. Specifically, we found that NASA needs to (1) create and maintain a complete, up-to-date record of IT components connected to Agency networks; (2) define the security configuration baselines that are required for its system components and develop an effective means of assessing compliance with those baselines; and (3) use best practices for vulnerability management on all its IT systems.

The OIG review concluded that failure to make improvements in each of these areas will limit NASA’s ability to accurately assess the security of its IT systems under this new continuous monitoring approach.

The full report can be found on the OIG’s website at http://oig.nasa.gov/ under “OIG Audit Reports” or at the following link: http://oig.nasa.gov/audits/reports/FY12/IG-12-006.pdf

Please contact Renee Juhans at (202) 358-1220 if you have questions.

NASA Faces Significant Challenges in Transitioning to a Continuous Monitoring Approach for Its Information Technology Systems

Related

SpaceNews Celebrates 35th Anniversary as a Global Media Brand

Uniting Industry Leaders and Cutting-Edge Solutions to Shape the Future of Manufacturing

Leanspace secures €10.5 Million to Champion Next-Gen Satellite Constellation Operations

NASA Veteran Kevin McCormick Joins Desert Works Propulsion as Senior Master Technician

ImageSat International (ISI) Announces $54.5 Million Contract to Provide Space-Based Analytics Services

Leah Harris Joins SpaceNews as Marketing, Advertising Operations, and Audience Development Manager

SPAICE: AI in and for Space

World Space Business Week 2024: Bringing Together the World’s Industry Leaders

The Space Logistics Conference

Space Apps Seattle

The 75th International Astronautical Congress (IAC 2024)

Related

Sign up for a SpaceNews newsletter