Security News > 2023 > December > Data loss prevention isn't rocket science, but NASA hasn't made it work in Microsoft 365
In an audit [PDF] published Tuesday, the OIG found NASA has a "Comprehensive privacy program that includes processes for determining whether information systems collect, store, and transmit PII; publishing System of Records Notices; and providing general privacy training to its workforce."
That's a welcome assessment, given NASA employs around 16,000 people and - as with all government agencies - collects PII about them and the contractors, partners, and members of the public it engages.
NASA uses Microsoft's suite and is implementing its DLP capabilities.
NASA therefore lacks the data to track and monitor PII leaks.
Even if NASA did know when to assemble a BRT, some of its members don't receive required annual training - such as participation in a tabletop exercise that simulates a breach response.
Another issue is that NASA has overlapping rules on privacy reporting, so "Information on whether collections of data are compliant with applicable laws and policies may be incomplete." That means the agency "Could fail to notify the public about the information the agency is collecting and storing on their behalf and the safeguards that exist to protect their personal information."
News URL
https://go.theregister.com/feed/www.theregister.com/2023/12/21/nasa_oig_privacy_review/
Related news
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Microsoft 365 Admin portal abused to send sextortion emails (source)
- Microsoft now testing hotpatch on Windows 11 24H2 and Windows 365 (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- Microsoft 365 outage takes down Office web apps, admin center (source)
- CISA orders federal agencies to secure Microsoft 365 tenants (source)
- Microsoft 365 users hit by random product deactivation errors (source)