"NASA has not fully established an effective approach to managing agency-wide cybersecurity risk," a press release summarizing the report stated. "The agency's cybersecurity weaknesses make its systems more vulnerable to compromise."
The release explained that the latest IT management strategy represents an improvement over a previous plan, according to the release.
However, the release added: "The updated plan is not comprehensive because it does not fully describe strategies for achieving desired results or describe interdependencies within and across programs."
Of ten recommendations included in the report, NASA agreed with seven, partially concurred with two and rejected one, while the GAO maintained that all ten recommendations remained valid, according to the release.