Two Decade NASA CIO Struggle To Implement Effective IT Governance

Hearing link, Hearing on Cybersecurity Infrastructure and Information Technology Management, Policies, and Practices at NASA

Prepared statements

- Rep. Kendra Horn
- Rep. Eddie Bernice Johnson
- Rep. Brian Babin
- Jeff Seaton, Chief Information Officer (Acting) National Aeronautics and Space Administration
- Diana L. Burley, Vice Provost for Research, American University

- Paul K. Martin, Inspector General, National Aeronautics and Space Administration

"Our concerns with NASA's IT governance and security are long-standing and reoccurring. For more than two decades, NASA's OCIO has struggled to implement an effective IT governance structure that aligns authority and responsibility commensurate with the Agency's overall mission. Specifically, we have found that the Agency Chief Information Officer (CIO) and IT security officials have limited oversight and influence over IT purchases and security decisions within Mission Directorates and at NASA Centers. The decentralized nature of NASA's operations coupled with its long-standing culture of autonomy hinder the OCIO's ability to implement effective enterprise-wide IT governance. For example, in an August 2020 audit we found OCIO's visibility into the process Centers use to authorize and approve IT systems and devices to access Agency networks remains limited.4 Although the NASA CIO is responsible for developing an Agency-wide information security program, OCIO relies on Center-based CIOs and IT security staff to implement and enforce the Agency's information security policies. This practice has allowed Centers to tailor processes to meet their own priorities, which has in turn led to inconsistent implementation of NASA's enterprise-wide IT security management. Such a decentralized approach to cybersecurity management limits OCIO's ability to effectively oversee NASA's information security activities and make informed decisions related to project timelines, costs, and efficiencies as well as realistically assess the overall security of NASA's numerous IT systems."

- Earlier posts on NASA IT

  • submit to reddit





.
Battelle Research and Infrastructure.
Support SpaceRef, NASA Watch and the Astrobiology Web on Patreon.






Monthly Archives

About this Entry

This page contains a single entry by Keith Cowing published on September 18, 2020 11:45 AM.

The Path To Mars Flies Over Your House was the previous entry in this blog.

HEOMD Internal Reorganization Completed is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.