This is not a NASA Website. You might learn something. It's YOUR space agency. Get involved. Take it back. Make it work - for YOU.
IT/Web

Two Decade NASA CIO Struggle To Implement Effective IT Governance

By Keith Cowing
September 18, 2020
Filed under , ,
Two Decade NASA CIO Struggle To Implement Effective IT Governance

Hearing link, Hearing on Cybersecurity Infrastructure and Information Technology Management, Policies, and Practices at NASA
Prepared statements
Rep. Kendra Horn
Rep. Eddie Bernice Johnson
Rep. Brian Babin
Jeff Seaton, Chief Information Officer (Acting) National Aeronautics and Space Administration
Diana L. Burley, Vice Provost for Research, American University
Paul K. Martin, Inspector General, National Aeronautics and Space Administration
“Our concerns with NASA’s IT governance and security are long-standing and reoccurring. For more than two decades, NASA’s OCIO has struggled to implement an effective IT governance structure that aligns authority and responsibility commensurate with the Agency’s overall mission. Specifically, we have found that the Agency Chief Information Officer (CIO) and IT security officials have limited oversight and influence over IT purchases and security decisions within Mission Directorates and at NASA Centers. The decentralized nature of NASA’s operations coupled with its long-standing culture of autonomy hinder the OCIO’s ability to implement effective enterprise-wide IT governance. For example, in an August 2020 audit we found OCIO’s visibility into the process Centers use to authorize and approve IT systems and devices to access Agency networks remains limited.4 Although the NASA CIO is responsible for developing an Agency-wide information security program, OCIO relies on Center-based CIOs and IT security staff to implement and enforce the Agency’s information security policies. This practice has allowed Centers to tailor processes to meet their own priorities, which has in turn led to inconsistent implementation of NASA’s enterprise-wide IT security management. Such a decentralized approach to cybersecurity management limits OCIO’s ability to effectively oversee NASA’s information security activities and make informed decisions related to project timelines, costs, and efficiencies as well as realistically assess the overall security of NASA’s numerous IT systems.”
Earlier posts on NASA IT

NASA Watch founder, Explorers Club Fellow, ex-NASA, Away Teams, Journalist, Space & Astrobiology, Lapsed climber.