An audit of the space agency s computer systems found weaknesses in several critical areas, especially in the way NASA implemented access controls like user accounts, passwords and the encryption of sensitive data. The audiors warns that highly sensitive personal, scientific, and other data were at an increased risk of unauthorized use, or disclosure. NASA has not yet fully assessed information security risks; fully documented security policies and procedures; included key information in security plans; conducted comprehensive tests and/evaluation of its information system controls.
Source: https://threatpost.com/audit-finds-gaping-holes-nasa-security-102009/72348/