ES, IG-98-018, NASA Data Center General Controls -- Shuttle Processing Data Management System

NASA DATA CENTER GENERAL CONTROLS -
SHUTTLE PROCESSING DATA MANAGEMENT SYSTEM
IG-98-018

Executive Summary

Introduction
The Kennedy Space Center (KSC) is the National Aeronautics and Space Administration (NASA) Center of Excellence for launch and payload processing. The Shuttle Processing Data Management System (SPDMS) supports various critical applications in processing the Shuttle for launch.

The United Space Alliance (USA) is responsible for the daily operation and management of SPDMS. The USA operates the SPDMS data center under the Space Flight Operations Contract at an estimated annual cost of $2 million.

Objective
The objective of this audit was to determine whether KSC has established an adequate management control structure to provide a reliable computing environment, including:

physical and environmental protection; and
operating procedures applicable to general computer operations, library management, data communications, storage management, backup/recovery, and software change management.

Details on scope and methodology are in Appendix A.

Results of Audit
Overall, the KSC management control structure for SPDMS provides a reliable computing environment. The USA has done a commendable job of establishing data center physical and environmental protection controls and operating procedures for the SPDMS environment. However, controls associated with the monitoring of unauthorized system access attempts can be improved. KSC has not documented procedures for monitoring unauthorized access attempts in one computing environment. Lack of procedures could result in potential security compromises.

Recommendation
NASA should improve controls over SPDMS operations by documenting procedures to monitor unauthorized access attempts.

Management's Response KSC concurred with the recommendation and has established procedures to help improve controls. We consider the corrective action responsive to the intent of the recommendation.

Introduction	The Kennedy Space Center (KSC) is the National Aeronautics and Space Administration (NASA) Center of Excellence for launch and payload processing. The Shuttle Processing Data Management System (SPDMS) supports various critical applications in processing the Shuttle for launch. The United Space Alliance (USA) is responsible for the daily operation and management of SPDMS. The USA operates the SPDMS data center under the Space Flight Operations Contract at an estimated annual cost of $2 million.
Objective	The objective of this audit was to determine whether KSC has established an adequate management control structure to provide a reliable computing environment, including: physical and environmental protection; and operating procedures applicable to general computer operations, library management, data communications, storage management, backup/recovery, and software change management. Details on scope and methodology are in Appendix A.
Results of Audit	Overall, the KSC management control structure for SPDMS provides a reliable computing environment. The USA has done a commendable job of establishing data center physical and environmental protection controls and operating procedures for the SPDMS environment. However, controls associated with the monitoring of unauthorized system access attempts can be improved. KSC has not documented procedures for monitoring unauthorized access attempts in one computing environment. Lack of procedures could result in potential security compromises.
Recommendation	NASA should improve controls over SPDMS operations by documenting procedures to monitor unauthorized access attempts.
Management's Response	KSC concurred with the recommendation and has established procedures to help improve controls. We consider the corrective action responsive to the intent of the recommendation.