NASA's Office of Inspector General has run its eye over the aerospace agency's privacy regime and found plenty to like - but improvements are needed.
That's a welcome assessment, given NASA employs around 16,000 people and - as with all government agencies - collects PII about them and the contractors, partners, and members of the public it engages.
Among those steps is to turn on data loss protection in Microsoft 365.
NASA uses Microsoft's suite and is implementing its DLP capabilities.
Curerntly users self-report data losses - and did so 118 times from October 2021 to March 2023.
NASA therefore lacks the data to track and monitor PII leaks.
Even if NASA did know when to assemble a BRT, some of its members don't receive required annual training - such as participation in a tabletop exercise that simulates a breach response.
The report lists recommendations to fix all of the above, and NASA management has agreed to implement all.
However the space agency's plan to address one of the suggestions is not considered effective - namely a requirement for those with specific security and privacy roles to take privacy role-based training - so that one will be revisited.
This Cyber News was published on go.theregister.com. Publication date: Thu, 21 Dec 2023 05:13:05 +0000