The Office of Inspector General (OIG) completed an assessment of NASA's third-party penetration testing of some of its systems. Our objectives were to review the methodology and scope of the testing, verify the testers' procedures and technical expertise, examine NASA's participation in the testing, review test results, and ensure that testing was done according to the contract with NASA. We made eight recommendations aimed at improving NASA's third-party penetration testing process. We consider NASA's response on all recommendations to be responsive.

This report contains information that may not be releasable to the general public.