OIG Report: NASA IT Security Still Falls Short

Keith’s note: according to the NASA OIG report Evaluation of NASA’s Information Security Program under the Federal Information Security Modernization Act for Fiscal Year 2025: “The Federal Information Security Modernization Act requires the Office of Inspector General to conduct an annual evaluation of NASA’s information security program. For fiscal year 2025, we rated NASA’s information security program at a Level 3 – meaning policies, procedures, and strategies were consistently implemented, but quantitative and qualitative effectiveness measures were lacking – a rating that falls short to be considered effective.”