NASA infosec again falls short of required US government standard

2022-12-21 14:00

The NASA Office of Inspector General has published its annual audit of the aerospace agency's infosec capabilities and practices, which earned an overall rating of "Not Effective."

We could go on, but you get the idea: NASA infosec isn't great.

NASA agrees with most and in a letter responding to the audit gave November 17, 2023, as the estimated completion date for each.

NASA acted on all the recommendations from last year's infosec audit, and appears to have sorted out all but one.

NASA consistently scores low ratings when its infosec is assessed: the agency also scored a Level 2 rating in 2019, was earlier this year found to be unready to handle insider threats, and has identified that low-budget missions scarcely think of infosec because they try to spend every cent on science.

Seeing as NASA works on lots of secret projects, the persistent immaturity at the agency clearly has the potential for very nasty consequences.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/12/21/nasa_immature_cycbersecurity/

#infosec #nasa #US

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Nasa		7	0	9	9	0	18