The Federal Information Security Modernization Act requires the Office of Inspector General to conduct an annual evaluation of NASA’s information security program. For fiscal year 2025, we rated NASA’s information security program at a Level 3—meaning policies, procedures, and strategies were consistently implemented, but quantitative and qualitative effectiveness measures were lacking—a rating that falls short to be considered effective.
