GAO report titled NASA Needs to Remedy Vulnerabilities in Key Networks: “NASA did not consistently implement effective controls to prevent, limit, and detect unauthorized access to its networks and systems” “it did not always sufficiently (1) identify and authenticate users, (2) restrict user access to systems, (3) encrypt network services and data, (4) protect network boundaries, (5) audit and monitor computer-related events, and (6) physically protect its information technology resources” “As a result, highly sensitive personal, scientific, and other data were at an increased risk of unauthorized use, modification, or disclosure” “NASA’s computing facilities may be vulnerable to attack because of weaknesses in controls over physical access points, including designated entry and exit points to the facilities where information systems reside” “The agency’s IT budget in fiscal year 2009 was $1.6 billion, of which $15 million was dedicated to IT security.“ The response to the report by Deputy Administrator Lori B. Garver explains that much of the recommendations are part of on-going strategic improvements within IT.  She also comments that  NASA IT has consistently improved over the last three years and is addressing the significant gaps which require more time to alleviate.]]>