Hearing link, Hearing on Cybersecurity Infrastructure and Information Technology Management, Policies, and Practices at NASA
Prepared statements
- Rep. Kendra Horn
- Rep. Eddie Bernice Johnson
- Rep. Brian Babin
- Jeff Seaton, Chief Information Officer (Acting) National Aeronautics and Space Administration
- Diana L. Burley, Vice Provost for Research, American University
- Paul K. Martin, Inspector General, National Aeronautics and Space Administration
"Our concerns with NASA's IT governance and security are long-standing and reoccurring. For more than two decades, NASA's OCIO has struggled to implement an effective IT governance structure that aligns authority and responsibility commensurate with the Agency's overall mission. Specifically, we have found that the Agency Chief Information Officer (CIO) and IT security officials have limited oversight and influence over IT purchases and security decisions within Mission Directorates and at NASA Centers. The decentralized nature of NASA's operations coupled with its long-standing culture of autonomy hinder the OCIO's ability to implement effective enterprise-wide IT governance. For example, in an August 2020 audit we found OCIO's visibility into the process Centers use to authorize and approve IT systems and devices to access Agency networks remains limited.4 Although the NASA CIO is responsible for developing an Agency-wide information security program, OCIO relies on Center-based CIOs and IT security staff to implement and enforce the Agency's information security policies. This practice has allowed Centers to tailor processes to meet their own priorities, which has in turn led to inconsistent implementation of NASA's enterprise-wide IT security management. Such a decentralized approach to cybersecurity management limits OCIO's ability to effectively oversee NASA's information security activities and make informed decisions related to project timelines, costs, and efficiencies as well as realistically assess the overall security of NASA's numerous IT systems."
from NASA Watch https://ift.tt/3kyoQ7Z
via IFTTT
沒有留言:
張貼留言