NASA Still Does Not Fully Comply With OMB Cybersecurity Guidance

Keith’s note: according to a new GAO report “Cybersecurity: Federal Agencies Made Progress, but Need to Fully Implement Incident Response Requirements“: “The Administrator of the National Aeronautics and Space Administration should ensure that the agency fully implements all event logging requirements as directed by OMB guidance. (Recommendation 17)” … “In written comments, reprinted in appendix XI, the National Aeronautics and Space Administration concurred with our recommendation and stated that it plans to address our recommendation by, among other things, creating a comprehensive plan to address all event logging requirements under a recently established Cybersecurity Improvement Portfolio. It also noted certain challenges it faces, such as data integration into the agency’s uniquely designed systems and resource constraints.” [Note: NASA’s response is on pages 63-64]. Previous NASA IT posts