NASA OIG: Audit of Cybersecurity Oversight of [A NASA] System

"[The NASA system that we reviewed for this audit] is a core system used to process, store, and distribute vital Agency intellectual property, such as [. . .], and crucial program and project information. [The reviewed system] is categorized as a "high-impact system" under Federal Information Processing Standards (FIPS) Publication 199, "Standards for Security Categorization of Federal Information and Information Systems," February 2004. As such, a compromise of security controls1 for a high-impact system could result in severe adverse impact, leading to degradation in or loss of NASA's mission capability, harm to individuals, or life-threatening injuries. In October 20[XX], NASA awarded a 4-year contract to [a contractor] for, among other things, operation of [the reviewed system]."

Full report

Keith's note: I can certainly understand redacting information that would compromise national security. But this report is often incomprehensible due to the huge number of redactions. Simply redacting the entire report would have made more sense. Plus, if there really was a concern about keeping the contractor/system from being identified, why give hints as to when the contract being discussed was awarded? If I really wanted to take the time I could go back and look at NASA press releases from the month of October between 2000 and 2009 and search back through one of more easily accessible websites for NASA contract awards as well.

  • submit to reddit


Loading




Join our mailing list




Monthly Archives

About this Entry

This page contains a single entry by Keith Cowing published on August 5, 2010 3:45 PM.

Constellation Flight Test Office Budget Cut was the previous entry in this blog.

Critical ISS EVA Now Planned For Saturday is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.