NASA's 'act of desperation' demonstrates continued cyber deficiencies, Federal News Radio
"One of NASA's main networks used by almost every employee and contractor and managed by Hewlett Packard Enterprise is in such bad shape, the agency's chief information officer could no longer accept the risk and let the cybersecurity authorization expire. Renee Wynn, NASA's new CIO, didn't sign off on the authority to operate (ATO) for systems and tools under the $2.5 billion Agency Consolidated End-user Services (ACES) contract, which HPE won in 2010. Under the 10-year contract, HPE provides and manages most of NASA's personal computing hardware, agency-standard software, mobile information technology services, peripherals and accessories, associated end-user services and supporting infrastructure. A NASA spokeswoman confirmed the ATO expired on July 24. She said Wynn signed a "conditional" ATO for the systems under ACES, but internal NASA sources said the authorization is just for the management tools and not for the desktops, laptops and other end user devices. Letting an ATO expire on a major agency network is unheard of in government. Multiple federal cyber experts said agencies know at least a year in advance when an authorization and accreditation needs to be renewed."
NASA Totally Flunks FITARA Scorecard 2 Years In A Row, earlier post
"I need to thank NASA's AA for Legislative Affairs, Seth Statler, for pointing out the hearing - and NASA's 'F' grade. NASA has the distinction in 2016 for being the only agency to get an overall 'F', so congratulations are in order. Of course, in telling everyone about FITARA, it is quite obvious that Statler was doing a little blame shifting as he spoke for NASA CIO Renee Wynn - while throwing her under the bus."