[ISN] Panel wants IT security reports from NASA

From: InfoSec News (alerts@private)
Date: Fri May 23 2008 - 00:13:29 PDT


By Wade-Hahn Chan
May 22, 2008

Some lawmakers want NASA to determine where the agency stands on 
information technology security and report back to Congress.

The fiscal 2008 NASA Authorization Bill . which has cleared the House 
Committee on Science and Technology Committee's Space and Aeronautics 
Subcommittee - has language that would require the space agency to 
submit two reports to the committee on IT security plans.

The first report would include details on NASA.s mission-critical 
network security controls, featuring the following:

    * The network's ability to limit, detect and monitor access to 
      resources and information to safeguard and protect it from 
      unauthorized access.

    * How network resources can be physically accessed.

    * The extent of encryption on sensitive research and mission data.

The subcommittee also adopted language to require the Government 
Accountability Office to perform detailed vulnerability assessments on 
NASA's networks.

GAO would then compare the results of those assessments with previous 
intrusions into the system, successful or attempted, over the past two 
years. The lawmakers also want GAO to determine what NASA is doing to 
plug any security holes. The measure was approved and referred to the 
full committee in May 20.

The bill would require NASA to submit the reports to Congress a year 
after the bill becomes law.

Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com

This archive was generated by hypermail 2.1.3 : Fri May 23 2008 - 00:28:30 PDT