ES, IG-98-009, NASA Data Center General Controls -- JPL

NASA DATA CENTER GENERAL CONTROLS -
JET PROPULSION LABORATORY
IG-98-009

Executive Summary

Introduction The Jet Propulsion Laboratory (JPL) is a Federally Funded Research and Development Center (FFRDC) operated by the California Institute of Technology (CalTech) under NASA Contract NAS7-1260. The Laboratory, staffed with largely CalTech employees, is a Government-owned installation located in Pasadena, California. Its primary NASA mission is to conduct challenging robotic space missions. JPL also operates other NASA facilities in Southern California, at the Goldstone Tracking Station and Talbe Mountain. The NASA Management Office (NMO) at JPL provides NASA management oversight of JPL operations.

The NASA Office of Inspector General has completed an audit of JPL's Institutional Processing Center (IPC). The IPC houses computer systems for three different operations: (1) Institutional Business Systems (IBS), (2) Flight project systems, and (3) Supercomputing. The IPC is also the hub for JPL's high-speed network.

The primary focus of this audit was the IBS operations. Its mainframe computers operate 24 hours a day, 6.5 days a week. The five major JPL financial/administrative functions supported by the IBS are:

Acquisition;
finance;
human resources;
resource information; and
services and property.

The operation's primary goal is to ensure system availability, performance accuracy and adequate response time to meet its service agreements with users. The IBS Manager reports to the JPL Controller.

Objectives The objective of this audit was to determine whether JPL has established an adequate internal control structure to provide for a reliable computing environment, including:

physical and environmental protection; and
operating procedures associated with general computer operations, library management, data communications, storage management, backup and recovery, and software change management.

Results of Audit Overall, JPL has established an adequate internal control structure to provide for a reliable computing environment. However, we identified improvement opportunities in the areas of: (1) automated information security planning and audits, (2) physical security, (3) automated job scheduling security, (4) technical support, (5) tape management, and (6) hardware/software change management.

Recommendations This report provides recommendations which we believe will help improve controls in the areas cited above. In some cases, management initiated immediate actions during audit field work to address our concerns.

Introduction	The Jet Propulsion Laboratory (JPL) is a Federally Funded Research and Development Center (FFRDC) operated by the California Institute of Technology (CalTech) under NASA Contract NAS7-1260. The Laboratory, staffed with largely CalTech employees, is a Government-owned installation located in Pasadena, California. Its primary NASA mission is to conduct challenging robotic space missions. JPL also operates other NASA facilities in Southern California, at the Goldstone Tracking Station and Talbe Mountain. The NASA Management Office (NMO) at JPL provides NASA management oversight of JPL operations. The NASA Office of Inspector General has completed an audit of JPL's Institutional Processing Center (IPC). The IPC houses computer systems for three different operations: (1) Institutional Business Systems (IBS), (2) Flight project systems, and (3) Supercomputing. The IPC is also the hub for JPL's high-speed network. The primary focus of this audit was the IBS operations. Its mainframe computers operate 24 hours a day, 6.5 days a week. The five major JPL financial/administrative functions supported by the IBS are: Acquisition; finance; human resources; resource information; and services and property. The operation's primary goal is to ensure system availability, performance accuracy and adequate response time to meet its service agreements with users. The IBS Manager reports to the JPL Controller.
Objectives	The objective of this audit was to determine whether JPL has established an adequate internal control structure to provide for a reliable computing environment, including: physical and environmental protection; and operating procedures associated with general computer operations, library management, data communications, storage management, backup and recovery, and software change management.
Results of Audit	Overall, JPL has established an adequate internal control structure to provide for a reliable computing environment. However, we identified improvement opportunities in the areas of: (1) automated information security planning and audits, (2) physical security, (3) automated job scheduling security, (4) technical support, (5) tape management, and (6) hardware/software change management.
Recommendations	This report provides recommendations which we believe will help improve controls in the areas cited above. In some cases, management initiated immediate actions during audit field work to address our concerns.