On December 18, an internal memo sent by Bob Gibbs, assistant administrator for NASA’s Office of Human Capital Management, warned employees of a potential hack.
It revealed that, in late October, NASA cybersecurity personnel began investigating the possible compromise of information from one of NASA’s servers that contained the Social Security numbers and other PII (personally identifiable information) of current and former NASA employees.
“Our entire leadership team takes the protection of personal information very seriously. Information security remains a top priority for NASA. NASA is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure that the latest security practices are being followed throughout the agency,” the memo said.
However, this isn’t the first time the space agency has been breached. In 2016, NASA suffered a huge breach in which 276GB of sensitive data, including flight logs and employee credentials, was released.
NASA’s OIG (Office of Inspector General) has continually criticized NASA’s approach to cybersecurity. “Through its audits, the OIG has identified systemic and recurring weaknesses in NASA’s IT security program that adversely affect the Agency’s ability to protect the information and information systems vital to its mission,” it said in its latest semi-annual report. It also noted the agency’s poor cybersecurity practices in a 2017 report.
NIST and ISO 27001
All organizations, whether public or private, must take the appropriate cybersecurity steps to protect their customers, finances, personnel, and reputation.
The NIST CSF (Cybersecurity Framework) is a voluntary framework for organizations to manage and mitigate cybersecurity risk based on existing standards, guidelines, and practices. The CSF can work in conjunction with ISO 27001, helping you comply with the NIST SP 800-171A requirements mandated by the DFARS cybersecurity rules.
Download our free green paper to learn about the NIST CSF and ISO 27001, and how to get started with compliance.
Learn how to plan, implement, and maintain an ISO 27001-compliant ISMS (information security management system) and achieve ISO 27001 certification with IT Governance’s ISO 27001 Foundation and Lead Implementer training courses.
Enroll by January 31, 2019 to take advantage of our holiday sale and save up to $500.
Take advantage of our special holiday offer:
Spend over $500 and receive $50 off
Spend over $1,000 and receive $100 off
Spend over $2,000 and receive $200 off
Spend over $5,000 and receive $500 off
Offer applies automatically at checkout. No promo code is required.
Sale ends on January 31, 2019. Save here >>