NASA did not develop information technology (IT) security performance measures that fully addressed security program performance requirements in the Government Information Security Reform Act. Although NASA's Chief Information Officer established FY 2001 Agencywide IT security performance measures for unclassified systems, based on our audit work, these measures either did not fully accomplish NASA's intended Agencywide IT security program goals or did not ensure that NASA information, data, and systems were adequately protected.

This report contains information that may not be releasable to the general public.