NASA Information Technology: Urgent Action Needed to Address Significant Management and Cybersecurity Weaknesses, Report to Congressional Committees [open pdf - 7MB]
"NASA depends heavily upon IT [information technology] to conduct its work. The agency spends at least $1.5 billion annually on IT investments that support its missions, including ground control systems for the International Space Station and space exploration programs. The National Aeronautics and Space Administration Transition Authorization Act of 2017 included a provision for GAO [Government Accountability Office] to review the effectiveness of NASA's approach to overseeing and managing IT, including its ability to ensure that resources are aligned with agency missions and are cost effective and secure. Accordingly, GAO's specific objective for this review was to determine the extent to which NASA has established and implemented leading IT management practices in strategic planning, workforce planning, governance, and cybersecurity. To address this objective, GAO compared NASA IT policies, strategic plans, workforce gap assessments, and governance board documentation to federal law and leading practices. GAO also assessed NASA IT security plans, policies, and procedures against leading cybersecurity risk management practices. GAO is making 10 recommendations to NASA to address the deficiencies identified in NASA IT strategic planning, workforce planning, governance, and cybersecurity. NASA concurred with seven recommendations, partially concurred with two, and did not concur with one. GAO maintains that all of the recommendations discussed in this report remain valid."
Government Accountability Office: http://www.gao.gov/