목차
Title page
Contents
Highlights 2
Letter 5
Background 7
System Requirements 8
Federal Cybersecurity Policy 8
Government-wide Cybersecurity Standards and Guidance 9
NASA Enterprise Protection Program 11
NASA Management of Space Flight and Information Technology Projects 11
Overview of Selected Spacecraft Projects 13
Prior GAO Work 16
Selected NASA Spacecraft Contracts Require Contractors to Address NASA's 2019 Cybersecurity-Related Requirements 17
NASA Has Considered but Not Implemented Further Cybersecurity Updates to Its Spacecraft Acquisition Policies and Standards 20
Conclusions 22
Recommendation for Executive Action 22
Agency Comments and Our Evaluation 22
Appendix I: Objectives, Scope, and Methodology 27
Appendix II: Comments from the National Aeronautics and Space Administration 30
Appendix III: GAO Contacts and Staff Acknowledgments 33
Table 1. Selected Projects GAO Reviewed Included Protection Requirements from Space System Protection Standard (NASA-STD-1006) 18
Table 2. NASA Projects Selected for Review 27
Figure 1. Steps of National Institute of Standards and Technology's (NIST) Risk Management Framework 10
Figure 2. Gateway Power and Propulsion Element 14
Figure 3. Orion Multi-Purpose Crew Vehicle 15
Figure 4. Spectro-Photometer for the History of the Universe, Epoch of Reionization and Ices Explorer 16