NASA Continues To Flunk Basic IT and Cybersecurity Rankings

http://images.spaceref.com/news/2018/nasa.flunk.jpg

Potential Personally Identifiable Information (PII) Compromise of NASA Servers

"On Oct. 23, 2018, NASA cybersecurity personnel began investigating a possible compromise of NASA servers where personally identifiable information (PII) was stored. After initial analysis, NASA determined that information from one of the servers containing Social Security numbers and other PII data of current and former NASA employees may have been compromised."

Keith's note: According to NASA HQ PAO the latest security breach at NASA does not affect people outside of NASA who may have interacted with NASA security. But people who work or used to work at NASA are at risk. So y'all can expect another "Dear NASA Employee" letter from the agency offering free credit monitoring services.

NASA's performance in complying with Federal regulations governing IT and cybersecurity has been pitiful - especially during the tenure of NASA CIO Renee Wynn. Now there has been another security breach that affects all present and prior NASA employees - even those of us who left the agency decades ago. In the real world the person responsible for such pitiful performance would be fired.

Federal Information Security Modernization Act of 2014 (FISMA) - 2018 report

"Congress enacted the Federal Information Security Modernization Act of 2014 (FISMA) to improve federal cybersecurity and clarify government-wide responsibilities. The act is intended to promote the use of automated security tools with the ability to continuously monitor and diagnose the security posture of federal agencies, and provide for improved oversight of federal agencies' information security programs. In particular, the act clarifies and assigns additional responsibilities to entities such as OMB and DHS."

http://images.spaceref.com/news/2018/FISM2018.jpg

- Nov 2017 FITARA Scorecard

- NASA Totally Flunks FITARA Scorecard 2 Years In A Row (2016), earlier post

"There is a slightly goofy post at NASA CIO's Open.NASA.gov (not findable on the NASA search engine) "NASA's Approach to Implementing FITARA" from 10 March 2016 that opens with "My husband and I are planning a vacation to Disneyworld, an awesome destination for our five year old dreamer. How do we budget for such an grandiose trip?", and then goes on to spout happy talk - with added IT word salad - about how seriously NASA takes FITARA. If only."

  • submit to reddit


Loading



ICES 2020, July 12-16, 2020 in Lisbon, Portugal






Monthly Archives

About this Entry

This page contains a single entry by Keith Cowing published on December 19, 2018 5:16 PM.

CASIS Pays Big Bucks For Leadership With No Space Experience (Update) was the previous entry in this blog.

A Former Employee Calls NASA About The Security Breach is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.