TRENDING:

FISMA , Standards, Regulations & Compliance

NASA Remedies FISMA Compliance Failure

Agency Failed to Fulfill Reporting Terms in '07 and '08 Eric Chabrow (GovInfoSecurity) • August 31, 2009     When it comes to FISMA compliance, NASA's house is back in order.

The space agency's inspector general reported Friday that NASA has taken steps to remedy failures to comply with reporting requirements regarding its national security systems. NASA had not clearly assigned that responsibility to a specific NASA officer for its national security systems, which failed to comply with the reporting requirements of the Federal Information Security Management Act for fiscal years 2007 and 2008. NASA also had not formally designated an entity with appropriate resources to complete the annual independent evaluations of its national security systems required by FISMA.

The IG notified the agency about these problems in February, and NASA immediately assigned the responsibility to resolve the problem to its CIO office, according to an IG memorandum issued Friday.

In response to the IG's February draft report, NASA assigned its Office of Protective Services to work with its CIO to gather and compile the required information to report to the White House Office of Management and Budget. The agency told the IG that a formal agreement with an independent entity was being developed. "We consider management's proposed actions to be responsive and will close the related recommendation after verifying that the agency has established a formal agreement with an entity with the appropriate resources to conduct the annual independent evaluation of NASA's national security systems," the IG memo said.

The IG also reviewed the certification and accreditation program for NASA's national security systems to determine whether it provided adequate information security protection, and concluded that C&A program implementation at most of the locations it visited - the NASA headquarters and centers - generally provided adequate protection. At three of the centers, the IG reported it found systems that lacked appropriate C&A documentation, and recommended that those centers formally designate a certifier to ensure that center systems maintain current C&As, which they have done.

"All of the report's recommendations are resolved or closed," the IG report said. "As a result, NASA has reasonable assurance that its national security systems comply with national-level security requirements and maintain an appropriate security posture against current threat assessments at an acceptable risk level."

Previous
IT Sector Regulation Appears Inevitable
Next
The CAE at 10: Interview with Dickie George of the NSA

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.



Around the Network

Closing Privacy 'Loopholes' in Reproductive Healthcare Data
Closing Privacy 'Loopholes' in Reproductive Healthcare Data
HHS OCR Leader: Agency Is Cracking Down on Website Trackers
HHS OCR Leader: Agency Is Cracking Down on Website Trackers
Why Aren't 3rd Parties More Transparent About Breaches?
Why Aren't 3rd Parties More Transparent About Breaches?
Efficient Management of Enterprisewide Data Protection
Efficient Management of Enterprisewide Data Protection
Checking Out Security Before Using AI Tools in Healthcare
Checking Out Security Before Using AI Tools in Healthcare
What's Inside Washington State's New My Health My Data Act
What's Inside Washington State's New My Health My Data Act
HIPAA Considerations for AI Tool Use in Healthcare Research
HIPAA Considerations for AI Tool Use in Healthcare Research
Why Health Entities Need to Implement NIST Cyber Framework
Why Health Entities Need to Implement NIST Cyber Framework
Why Legacy Medical Systems Are a Growing Concern
Why Legacy Medical Systems Are a Growing Concern
CyberArk CEO Touts New Browser That Secures Privileged Users
CyberArk CEO Touts New Browser That Secures Privileged Users

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.