Hi All,
NASA Office of Inspector General Office of Audits recently released its Insider Threat Program Audit Results
Given NASA's high-profile mission and broad connectivity with educational institutions, research facilities, and
international partners, its risk exposure from insider threats is significant and varied. In this audit, we examined
whether NASA has implemented an effective insider threat program in accordance with federal and Agency policies and
cybersecurity leading practices. Specifically, we examined whether: (1) NASA's insider threat strategy provides an
adequate framework for identifying malicious and unintentional insider threats; (2) NASA implemented appropriate
procurement controls to identify and prevent intellectual data theft from foreign adversaries, and (3) NASA developed
adequate cybersecurity controls to prevent, detect, and respond to the extraction or manipulation of data and
intellectual property. To conduct our work, we reviewed federal and Agency policies, regulations, and guidance, as well
as industry best practices; interviewed numerous NASA officials from the Office of Protective Services, Office of Chief
Information Officer, and Office of Procurement; and met with the National Insider Threat Task Force.
------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------