NASA’s office of inspector general (OIG) has recommended that the space agency establish metrics to track the performance of its enterprise architecture and integrate it with the enterprise security architecture to help strengthen its cybersecurity readiness.
The OIG made the recommendation after it found that NASA’s “disorganized approach to Enterprise Architecture” hampers the agency’s ability to detect, mitigate and prevent cyberattacks, according to a May 18th report.
Enterprise architecture is a blueprint of IT assets, governance principles and business processes used to establish a standardized and unified software and hardware environment. Enterprise security architecture integrates cybersecurity into the overall enterprise architecture.
The inspector general also called on NASA to work with the chief engineer on strategies to identify enterprise architecture gaps across institutional and mission IT boundaries and assess the optimal organizational placement of enterprise architect and enterprise security architects during and after Mission Support Future Architecture Program implementation to enhance cyber readiness.
“We also noted that NASA conducts its assessment and authorization (A&A) of IT systems inconsistently and ineffectively, with the quality and cost of the assessments varying widely across the Agency,” the OIG report reads.
To address the issue, NASA should identify each center's annual cost for conducting independent assessments and establish baseline requirements in the proposed Cybersecurity and Privacy Enterprise Solutions and Services contract for a dedicated team to oversee the assessment process for NASA’s 526 IT systems.