Panel wants IT security reports from NASA
- By Wade-Hahn Chan
- May 22, 2008
Some lawmakers want NASA to determine where the agency stands on information technology security and report back to Congress.
The fiscal 2008 NASA Authorization Bill – which has cleared the House Committee on Science and Technology Committee's Space and Aeronautics Subcommittee – has language that would require the space agency to submit two reports to the committee on IT security plans.
The first report would include details on NASA’s mission-critical network security controls, featuring the following:
- The network’s ability to limit, detect and monitor access to resources and information to safeguard and protect it from unauthorized access.
- How network resources can be physically accessed.
- The extent of encryption on sensitive research and mission data.
The subcommittee also adopted language to require the Government Accountability Office to perform detailed vulnerability assessments on NASA's networks.
GAO would then compare the results of those assessments with previous intrusions into the system, successful or attempted, over the past two years. The lawmakers also want GAO to determine what NASA is doing to plug any security holes. The measure was approved and referred to the full committee in May 20.
The bill would require NASA to submit the reports to Congress a year after the bill becomes law.