August 24, 2016

"As part of a plan to help NASA 'modernize' its desktop and laptop computers, the space agency signed a $2.5 billion (~£1.9 billion) services contract with HP Enterprise Services in 2011."

ars technica: According to HP (now HPE), part of the Agency Consolidated End-User Service (ACES) program the computing company would "modernize NASA’s entire end-user infrastructure by delivering a full range of personal computing services and devices to more than 60,000 users." by Eric Berger

'HPE also said the program would "allow (NASA) employees to more easily collaborate in a secure computing environment."

'The services contract, alas, hasn't gone quite as well as one might have hoped. This week Federal News Radio reported that HPE is doing such a poor job that NASA's chief information officer, Renee Wynn, could no longer accept the security risks associated with the contract. Wynn, therefore, did not sign off on the authority to operate (ATO) for systems and tools.

'According to an anonymous NASA infosec officer quoted by Federal News Radio, more than 38,000 ACES-supported computers across all NASA centers have more than 378,000 unpatched vulnerabilities in aggregate. It's speculated that the refusal to sign off on the ATO is designed to bring the deficiencies of the HP contract to the attention of NASA's federal watchdogs, including the Office of Management and Budget, Congress and the US Government Accountability Office.'

No comments: