The Office of Inspector General (OIG) summarized the findings from five OIG audits of host-based UNIX security and integrity controls for six NASA information systems. The OIG reviewed certain UNIX-based hosts from each of the six systems. We identified significant recurring weaknesses in security and integrity controls for the UNIX systems reviewed.

As a result of the deficiencies, NASA’s UNIX system environments were vulnerable to unauthorized access, which could have lead to intentional or unintentional system compromises affecting the availability, confidentiality, and integrity of NASA information.

In prior reports on the five audits, we recommended corrective actions that would help ensure compliance with applicable requirements and improve UNIX system security and integrity controls. Management generally concurred with the recommendations or the intent of the recommendations and has taken or planned appropriate corrective actions. This report does not include any new recommendations.

This report contains information that may not be releasable to the general public.