USAID: United States Announces More Than $80 Million in Additional Humanitarian Assistance for the People of Ethiopia
WASHINGTON, March 18 -- The U.S. Agency for International Development issued the following news release on March 16, 2024:
Today, the United States, through USAID, announced more than $80 million in additional humanitarian assistance to help people affected by the ongoing humanitarian crisis in Ethiopia. USAID Assistant to the Administrator for the Bureau for Humanitarian Assistance Sonali Korde announced the funding during her visit to the country.
According to the UN, more than 21 million people are estimated to require humanitarian assistance in Ethiopia in 2024 due to the compounding effects ... Show Full Article WASHINGTON, March 18 -- The U.S. Agency for International Development issued the following news release on March 16, 2024: Today, the United States, through USAID, announced more than $80 million in additional humanitarian assistance to help people affected by the ongoing humanitarian crisis in Ethiopia. USAID Assistant to the Administrator for the Bureau for Humanitarian Assistance Sonali Korde announced the funding during her visit to the country. According to the UN, more than 21 million people are estimated to require humanitarian assistance in Ethiopia in 2024 due to the compounding effectsof conflict, climate shocks, and insecurity across the country.
This funding will support USAID humanitarian partners providing urgently needed assistance to the most vulnerable communities. Through UN and non-governmental organization partners, this USAID assistance will support agriculture and nutrition activities, as well as gender-based violence prevention and response services. In response to significant nutrition needs, USAID will treat and prevent acute forms of malnutrition for more than 1.5 million children under five years of age and more than 600,000 pregnant and nursing mothers this year. With ongoing Fiscal Year 2023 assistance, USAID continues to support food security, health, and other activities, reaching at least 4.5 million people across eight regions of Ethiopia.
The United States remains committed to delivering life-saving aid to those in need across Ethiopia. While USAID's humanitarian assistance has helped save lives and alleviate suffering of the most vulnerable, the humanitarian needs in Ethiopia are staggering. As the largest bilateral donor of humanitarian assistance to the country, we continue to call on others to join us in delivering desperately needed aid to help save lives.
* * *
Original text here: https://www.usaid.gov/news-information/press-releases/mar-16-2024-united-states-announces-more-80-million-additional-humanitarian-assistance-people-ethiopia
USAID: Administrator Samantha Power Meets With UN Under-Secretary-General for Humanitarian Affairs and Emergency Relief Coordinator Martin Griffiths
WASHINGTON, March 18 -- The U.S. Agency for International Development issued the following readout on March 16, 2024:
* * *
The below is attributable to Spokesperson Jessica Jennings:
On March 15, Administrator Samantha Power spoke with United Nations Under-Secretary-General for Humanitarian Affairs and Emergency Relief Coordinator (ERC) Martin Griffiths about the worsening humanitarian crises in Burkina Faso, Sudan, and Gaza. Administrator Power and ERC Griffiths discussed the dire food security situation in Burkina Faso and the obstacles to deliver humanitarian aid to Burkinabe, including ... Show Full Article WASHINGTON, March 18 -- The U.S. Agency for International Development issued the following readout on March 16, 2024: * * * The below is attributable to Spokesperson Jessica Jennings: On March 15, Administrator Samantha Power spoke with United Nations Under-Secretary-General for Humanitarian Affairs and Emergency Relief Coordinator (ERC) Martin Griffiths about the worsening humanitarian crises in Burkina Faso, Sudan, and Gaza. Administrator Power and ERC Griffiths discussed the dire food security situation in Burkina Faso and the obstacles to deliver humanitarian aid to Burkinabe, includingin blockaded communities at risk of famine. Administrator Power emphasized the need for strong UN leadership of the humanitarian response.
On Sudan, Administrator Power emphasized the importance of close U.S.-UN cooperation to prevent a looming famine. Administrator Power and ERC Griffiths discussed the dramatic impact of the Sudanese Armed Forces's decision to close the border crossing from Adre, Chad, into Darfur, where another humanitarian catastrophe is unfolding. Additionally, they discussed the urgency of establishing direct, UN-brokered talks on humanitarian access between the Sudanese Armed Forces and the Rapid Support Forces.
On Gaza, Administrator Power and ERC Griffiths discussed the possibility of famine in northern Gaza. The Administrator talked about her recent trip to Israel, where she spoke with Israeli officials about the need to do more to facilitate the flow of humanitarian assistance into Gaza and to improve deconfliction efforts so that aid workers can continue to deliver lifesaving assistance. They also discussed the maritime corridor announced by the U.S. government, which, in coordination with international partners, will scale up the amount of lifesaving assistance getting into Gaza. Administrator Power reiterated that not enough aid is getting in, and that the maritime route and airdrops are meant to augment, not replace, efforts to address the urgent need to increase land routes into Gaza.
* * *
Original text here: https://www.usaid.gov/news-information/press-releases/mar-16-2024-administrator-samantha-power-meets-un-under-secretary-general-humanitarian-affairs-and-emergency-relief-coordinator-martin-griffiths
SBA IG: 'FY 2023 Federal Information Security Modernization Act'
WASHINGTON, March 17 (TNSrep) -- The Small Business Administration Inspector General issued the following report (No. 24-07) on March 7, 2024, entitled "Fiscal 2023 Federal Information Security Modernization Act."
Here are excerpts:
* * *
EXECUTIVE SUMMARY
What OIG Reviewed
This report summarizes the results of our fiscal year (FY) 2023 Federal Information Security Modernization Act (FISMA) of 2014 evaluation and assessment of the U.S. Small Business Administration's (SBA) information security systems policies, procedures, and practices. Our objectives were to determine whether SBA complied ... Show Full Article WASHINGTON, March 17 (TNSrep) -- The Small Business Administration Inspector General issued the following report (No. 24-07) on March 7, 2024, entitled "Fiscal 2023 Federal Information Security Modernization Act." Here are excerpts: * * * EXECUTIVE SUMMARY What OIG Reviewed This report summarizes the results of our fiscal year (FY) 2023 Federal Information Security Modernization Act (FISMA) of 2014 evaluation and assessment of the U.S. Small Business Administration's (SBA) information security systems policies, procedures, and practices. Our objectives were to determine whether SBA compliedwith FISMA and assess the maturity of controls used to address risks in each of the nine security domains.
The Office of Inspector General (OIG) contracted with KPMG LLP, an independent public accounting firm, that then used FISMA's maturity model spectrum to test a subset of systems and security controls to assess SBA's adherence to FISMA requirements.
The maturity model uses scores of 1 (worst) to 5 (best) to determine if domains were ad hoc, 1; defined, 2; consistently implemented, 3; managed and measurable, 4; or optimized, 5. Also of note, a rating of 4, managed and measurable, describes security controls that are effective, so baseline. Ratings of ad hoc, defined, and consistently implemented are below the baseline for an effective security program.
What OIG Found
We found SBA generally responded to previously identified vulnerabilities and made progess in three of the nine domains. The agency met the baseline in the area of incident response but fell below the baseline for an effective security program in the following areas:
* Risk management: consistently implemented
* Supply chain risk management: defined
* Configuration management: defined
* Identity and access management: consistently implemented
* Data protection and privacy: consistently implemented
* Security training: defined
* Information security continuous monitoring: consistently implemented
* Contingency planning: defined
We rated SBA's overall information security program as "not effective."
OIG Recommendations
There are five open recommendations from two previous evaluations (Appendix 2). In this report, we made 11 recommendations for improvements in 6 domains: risk management, supply chain risk management, identity and access management, data protection and privacy, security training, and contingency planning. We did not repeat recommendations from previous years being implemented in the areas of risk management, supply chain risk management, and contingency planning.
Agency Response
The agency agreed with all 11 recommendations. To address these recommendations, the agency is implementing corrective measures to include inventory software, personal identity verification card compliance, and updating applicable policies and procedures.
* * *
MEMORANDUM
To: Isabel Casillas Guzman, Administrator
From: Hannibal "Mike" Ware, Inspector General
Subject: Evaluation of Fiscal Year 2023 Federal Information Security Modernization Act (Report 24-07)
This report presents the results of our evaluation on information security weaknesses, Fiscal Year 2023 Federal Information Security Modernization Act. SBA management agreed with all our recommendations. In this report we made 11 recommendations for improvements.
We appreciate the cooperation and courtesies provided by your staff. If you have any questions or need additional information, please contact me or Andrea Deadwyler, Assistant Inspector General for Audits, at (202) 205-6586.
cc: Dilawar Syed, Deputy Administrator
Arthur Plews, Chief of Staff
Isabelle James, Deputy Chief of Staff
Steve Kucharski, Acting Chief Information Officer, Office of the Chief Information Officer
Luis Campudoni, Deputy Chief Information Officer, Office of the Chief Information Officer
Kelvin Moore, Chief Information Security Officer, Office of the Chief Information Officer Therese Meers, General Counsel
Katherine Aaby, Associate Administrator, Office of Performance, Planning, and the Chief Financial Officer
Deborah Chen, Deputy Chief Financial Officer, Office of Performance, Planning, and the Chief Financial Officer
Walter B. Hill Jr., Chief Risk Officer, Office of Strategic Management and Enterprise Integrity
Kathryn Frost, Associate Administrator, Office of Capital Access
John Miller, Deputy Associate Administrator, Office of Capital Access
Peter Meyers, Senior Adviser, Office of Capital Access
Michael Simmons, Attorney Advisor, Office of General Counsel
Tonia Butler, Director, Office of Internal Controls
Anna Maria Calcagno, Director, Office of Program Performance, Analysis, and Evaluation
* * *
Contents
Introduction ... 1
Background ... 1
Objectives ... 3
Results ... 3
Challenges and Improvements ... 4
Domain Test Results ... 5
Finding 1: Risk Management ... 5
Software System Inventory ... 5
Hardware Asset Inventory ... 5
System Inventory ... 6
Plans of Action and Milestones ... 6
Update to Enterprise Risk Management Framework Guide ... 7
Recommendations ... 7
Finding 2: Supply Chain Risk Management ... 7
Development of a Supply Chain Risk Management Strategy ... 8
Review of Supply Chain Regarding Third-Party Suppliers ... 8
Recommendation ... 9
Finding 3: Configuration Management ... 9
Baseline Configuration Changes ... 9
Vulnerability Remediation Process ... 9
Recommendations ... 10
Finding 4: Identity and Access Management ... 10
Multi-factor Authentication for Non-privileged Users ... 10
Recommendation ... 11
Finding 5: Data Prevention and Privacy ... 11
Biannual Update of Polices ... 11
Recommendation ... 11
Finding 6: Security Training ... 12
Role Based Training ... 12
Recommendation ... 12
Finding 7: Contingency Planning ... 12
Contingency Planning Training ... 13
Recommendation ... 13
Testing of the Continuity of Operations Plan ... 13
Evaluation of Agency Response ... 14
Summary of Actions Necessary to Close the Recommendations ... 14
Figures
1: How Security Ratings are Determined ... 2
2: Domain Ratings for FY 2023 and FY 2022 ... 4
Appendices
1: Scope and Methodology ... 1
2: Open Recommendations ... 3
3: Assessment Maturity Level Definitions ... 5
4: Agency Response ... 6
* * *
Summary of Actions Necessary to Close the Recommendations
The following section summarizes the status of our recommendations and the actions necessary to close them.
Recommendation 1
Complete the implementation of an automated solution to help ensure a complete and accurate inventory of software assets.
Status: Resolved
SBA management agreed with the recommendation and has implemented ServiceNow for software management. SBA stated it implemented ServiceNow on September 10, 2023. SBA intends to complete final action by providing documentation by April 30, 2024. This recommendation can be closed when SBA management provides documentation that an automated solution for inventory of software assets has been established.
Recommendation 2
Define a required frequency for updating the system inventory and implement a quality control process to validate that system inventories are updated in a timely manner.
Status: Resolved
SBA managers agreed with the finding and stated that they are planning to implement ServiceNow to provide real time updates to Office of the Chief Information Officer personnel to ensure all systems are valid, as well as add continuous monitoring capabilities for unauthorized systems. SBA plans to have ServiceNow in place and this recommendation closed by September 30, 2024. This recommendation can be closed when SBA provides evidence that an established frequency for system inventory updates and a quality control process to update system inventories in a timely manner, have been developed and implemented.
Recommendation 3
Update existing policy and procedures to ensure plans of action and milestones are closed only after the planned corrective actions and milestones have been implemented.
Status: Resolved
SBA management agreed with the finding. SBA plans to update the policy to ensure plans of action and milestones are closed only after corrective actions have been taken. SBA plans to have this policy updated for closure of final action by September 30, 2024. This recommendation can be closed when SBA managers provide evidence that their plans of action and milestones policy has been updated to reflect closure only when the issues have been corrected.
Recommendation 4
Review the Enterprise Risk Management Framework Guide annually and update if needed.
Status: Resolved
SBA management agreed to update the Enterprise Risk Management Framework Guide on an annual basis. SBA intends to complete final action on September 30, 2024. This recommendation can be closed when SBA management provides documentation that the Enterprise Risk Management Framework Guide has been updated at least annually.
Recommendation 5
Develop a strategy to ensure that products, system components, systems, and services of external providers are consistent with the organization's cybersecurity and supply chain requirements.
Status: Resolved
SBA management agreed to develop strategy for external providers. The Office of the Chief Information Officer has updated its policy for cybersecurity and supply chain risk for IT acquisitions and will work with other program offices to incorporate this policy into SBA's acquisition program. SBA intends to complete final action by September 30, 2024. This recommendation can be closed when SBA provides documentation that policies regarding external providers have been updated to reflect cybersecurity and supply chain requirements.
Recommendation 6
Define timeframe and remediation requirements for baseline and configuration weaknesses.
Status: Resolved
SBA management agreed with the recommendation and stated the agency will review and update processes and procedures for defining baseline deviation remediation. SBA intends to complete final action by September 30, 2024. This recommendation can be closed when SBA provides documentation that remediation for baseline and configuration deviations have been defined.
Recommendation 7
Properly update and remediate vulnerabilities and configuration weaknesses throughout the SBA environment.
Status: Resolved
SBA management agreed with the recommendation and will work with system owners and information system security owners to ensure vulnerabilities are remediated according to policy. SBA intends to complete final action by September 30, 2024. This recommendation can be closed when SBA management provides documentation that vulnerabilities and configuration weaknesses are remediated according to agency policies.
Recommendation 8
Implement a process to track and enforce compliance with PIV implementation and multi-factor requirements.
Status: Resolved
SBA management agreed with the recommendation and will establish a process to monitor PIV compliance that will include a waiver process for those employees that are exempt. SBA intends to complete final action by September 30, 2024. This recommendation can be closed when SBA management provides documentation that a process has been established to track and enforce PIV implementation.
Recommendation 9
Ensure implementation procedures for data loss prevention are updated at least on a biannual basis to reflect new processes and new requirements.
Status: Resolved
SBA management agreed with the recommendation and will ensure policies and procedures are updated to reflect new processes and requirements. SBA intends to complete final action by September 30, 2024. This recommendation can be closed when SBA management provides documentation that the implementation procedures for data loss prevention have been updated at least biannually.
Recommendation 10
Update existing procedures that identify the roles of individuals with significant IT responsibilities who require role-based training and ensure such training is provided and tracked.
Status: Resolved
SBA management agreed with the recommendation and will update policies and procedures to identify roles with significant IT responsibilities and ensure that those users take role-based training. SBA intends to complete final action by September 30, 2024. This recommendation can be closed when SBA management provides documentation that procedures have been updated to identify roles with significant IT responsibilities and role-based training is provided and tracked.
Recommendation 11
Provide training to individuals with contingency planning roles and responsibilities.
Status: Resolved
SBA management agreed with the recommendation and will provide annual training to individuals with contingency planning responsibilities. SBA will also ensure that this training is tracked accordingly. SBA intends to complete final action by September 30, 2024. This recommendation can be closed when SBA management provides documentation that training has been provided to individuals with contingency planning responsibilities and that this training is tracked.
* * *
The report is posted at: https://www.sba.gov/sites/default/files/2024-03/SBA%20OIG%20Report%2024-07.pdf
[Category: IGIGRep]
Postal Service IG: 'Emergency Preparedness - Winter Storm Elliott'
WASHINGTON, March 17 -- The U.S. Postal Service Inspector General issued the following audit report (No. 23-094-R24) on March 12, 2024, entitled "Emergency Preparedness: Winter Storm Elliott."
Here are excerpts:
* * *
Background
The U.S. Postal Service provides customers across the nation mail service six days a week as required by law. In December 2022, Winter Storm Elliott arrived in Western New York, and within minutes, winds went from 10 to 70 miles per hour and brought about 36 inches of snow over four days. During a winter storm emergency that may disrupt normal operations, the Postal ... Show Full Article WASHINGTON, March 17 -- The U.S. Postal Service Inspector General issued the following audit report (No. 23-094-R24) on March 12, 2024, entitled "Emergency Preparedness: Winter Storm Elliott." Here are excerpts: * * * Background The U.S. Postal Service provides customers across the nation mail service six days a week as required by law. In December 2022, Winter Storm Elliott arrived in Western New York, and within minutes, winds went from 10 to 70 miles per hour and brought about 36 inches of snow over four days. During a winter storm emergency that may disrupt normal operations, the PostalService may continue its mission of delivering services to the American public or decide to close facilities and cease operations. It is vital for the Postal Service to prepare for and respond to winter emergencies in a timely manner to safeguard employees. Additionally, it is critical for the Postal Service to capture lessons learned and address potential preparedness and response weaknesses following a weather emergency.
What We Did
This report responded to a congressional inquiry. Our objective was to review the U.S. Postal Service's actions before, during, and after Winter Storm Elliott. We interviewed employees, supervisors, managers, and officials involved in the emergency event, and reviewed internal policies and procedures around weather emergencies. We also visited Williamsville and West Side delivery units in Buffalo, NY, referenced in the congressional inquiry, to assess management's actions throughout Winter Storm Elliott.
What We Found
The Postal Service did not fully comply with emergency preparedness and response procedures before, during, or after Winter Storm Elliott. Specifically, at the Williamsville delivery unit, district management did not ensure the manager was fully prepared to safeguard employees before Winter Storm Elliott arrived. Additionally, although management maintained accountability of employees during the storm, Williamsville and West Side employees were placed at risk when district management did not take immediate action when conditions became life threatening, to include releasing them in a timely manner. Lastly, district management did not complete a timely final assessment to identify and document lessons learned and address areas for improvement.
Recommendations
We recommended management update emergency preparedness policy to establish timelines for communicating preparedness information and outlining supplies needed to safeguard employees; reiterate responsibilities with district management and direct the Buffalo postmaster to take immediate action to close facilities when situations become life threatening during a winter weather emergency; update policy to specify responsibilities and timeframes to complete a formal after-action report; and develop a process to verify after-action reports include lessons learned and incorporate the lessons learned from Winter Storm Elliott regarding essential emergency supplies into the winter weather guidance.
* * *
The report was posted at: https://www.uspsoig.gov/sites/default/files/reports/2024-03/23-094-r24.pdf
NASA IG Audit: Mars Sample Return Program
WASHINGTON, March 17 (TNSRep) -- NASA Inspector General issued the following audit report (No. IG-24-008) on Feb. 28, 2024, entitled "The Mars Sample Return Program."
Here are excerpts:
* * *
RESULTS IN BRIEF
WHY WE PERFORMED THIS AUDIT
The Mars Sample Return (MSR) Program is a partnership between NASA and the European Space Agency (ESA) to return Martian geological samples to Earth for scientific study. One of the most technically complex, operationally demanding, and ambitious robotic science missions ever undertaken by NASA, the MSR Program consists of two major flight projects: the Earth ... Show Full Article WASHINGTON, March 17 (TNSRep) -- NASA Inspector General issued the following audit report (No. IG-24-008) on Feb. 28, 2024, entitled "The Mars Sample Return Program." Here are excerpts: * * * RESULTS IN BRIEF WHY WE PERFORMED THIS AUDIT The Mars Sample Return (MSR) Program is a partnership between NASA and the European Space Agency (ESA) to return Martian geological samples to Earth for scientific study. One of the most technically complex, operationally demanding, and ambitious robotic science missions ever undertaken by NASA, the MSR Program consists of two major flight projects: the EarthReturn Orbiter (ERO) and Sample Retrieval Lander (SRL). The MSR Program represents the second and third phases of the four-phased MSR Campaign: (1) collecting of samples by the Mars Perseverance rover, (2) landing a sample retrieval vehicle on Mars, (3) sending an orbiter to return samples to Earth, and (4) examining the samples.
The ERO is scheduled to launch in fall 2027 and arrive in Mars' orbit in late 2029. The SRL is scheduled to launch in spring/summer 2028 and land on the surface of Mars in 2030. The SRL and its components will transfer samples from the Perseverance rover or a sample depot into an Orbiting Sample container, where it will be launched from Mars aboard the Mars Ascent Vehicle rocket into orbit in early 2031. The ERO will rendezvous with the sample container in orbit, where the ERO's Capture, Containment, and Return System (CCRS) will capture and sterilize the sample container and deliver it back to Earth via the Earth Entry System in late 2033. ESA is developing and funding the ERO and Sample Transfer Arm component of the SRL, with NASA developing and funding the remaining components.
The MSR Program is approaching its next Key Decision Point (KDP) review (KDP-C) planned for March 2024 at which time NASA will evaluate Program plans, establish cost and schedule baseline commitments, and determine whether it should proceed from formulation to development. In this audit we evaluated NASA's management of the MSR Program to determine whether the Program (1) is on track to develop a stable design prior to proceeding to development, (2) is poised to establish a realistic life-cycle cost estimate at KDP-C, (3) is prepared to establish realistic launch schedule dates for the ERO and SRL projects at KDP-C, and (4) has identified and is addressing programmatic and technical issues and risks to accomplish its formulation goals. To complete this work, we obtained an understanding of the MSR Program's management, costs, schedules, issues and risks, technology readiness, business and procurement processes, and coordination with ESA. In addition, we reviewed MSR Program and project reports; key NASA and Center documents, procedures, and handbooks; scientific studies and independent board reports; agreements with ESA; and risks identified in NASA databases. We also interviewed NASA and ESA officials involved with the MSR Program.
WHAT WE FOUND
The MSR Program is facing significant obstacles completing its Formulation Phase - establishing a stable design with realistic cost and schedule estimates - in a timely and effective manner. As the Program prepares to recommend a life-cycle cost and schedule baseline at KDP-C, those obstacles include schedule and design/architecture issues with the CCRS. The CCRS's Preliminary Design Review - which demonstrates the design is complete and meets all system requirements - was scheduled for October 2022 but was not completed until December 2023. To simplify the CCRS's design, changes were made to its sample container sterilization system; however, the new system's effectiveness must be studied, and the technology matured, before it can be used in space.
These schedule and design issues, adding about $200 million to the budget and resulting in one year of lost schedule, can be attributed in part to inadequate guidance during the Pre-Formulation Phase, a problem experienced by several NASA large flagship missions. NASA completed a Large Mission Study in October 2020 that noted while large missions require greater priority, resources, and attention during pre-formulation when key architecture decisions are made, little guidance exists to guide activities during this period. NASA has yet to incorporate the study's results into its practices for these missions. Considering the CCRS's schedule and design issues, the MSR Program is at least 7 months behind schedule in completing its Formulation Phase as its KDP-C, originally scheduled for August 2023, will not occur until at least March 2024.
The trajectory of the MSR Program's life-cycle cost estimate, which has grown from $2.5 to $3 billion in July 2020, to $6.2 billion at KDP-B in September 2022, to an unofficial estimate of $7.4 billion as of June 2023 raises questions about the affordability of the Program. Characteristics intrinsic to big and complex missions like the MSR Program are hard to quantify in estimates but can drive project costs upwards throughout development. These include fully understanding the mission's complexity, initial over-optimism, a less than optimal design/architecture, and the team's ability to perform to expectations. When developing its cost and schedule estimate for KDP-C, and as the MSR Program addresses its architecture issues, Program management must consider these intrinsic characteristics and not attribute past cost growth to just the COVID-19 pandemic, inflation, or supply chain issues.
Additionally, MSR Program formulation is impacted by coordination challenges between NASA and ESA. While communication processes are formally documented and being followed, NASA and ESA are experiencing issues related to schedule transparency, asynchronous design progress, and mass allocation, which appear to stem from differing operational approaches, acquisition strategies, and agency funding mechanisms. The CCRS project team noted that significant progress has been made addressing interface issues between the two entities.
The MSR Program recently acknowledged it likely cannot meet the life-cycle cost estimate and launch dates established at KDP-B. A September 2023 report by an Independent Review Board recommended the Program consider modifications to specific mission designs. Accordingly, it is critical that before the MSR Program is approved to proceed from formulation into development, viable alternatives to the Program's mission architecture are considered - including mission launch and sample return alternatives--as well as the value of the samples returned, the Program's schedule, life-cycle cost estimate, and the Agency's historic leadership position in space exploration.
WHAT WE RECOMMENDED
To provide the Agency Program Management Council with the necessary information to make an informed decision at KDP-C, we recommended the Associate Administrator for Science Mission Directorate (1) ensure the MSR Program establishes a stable CCRS design prior to establishing the life-cycle cost and schedule estimate at KDP-C, (2) ensure the life-cycle cost and schedule estimates properly incorporate MSR Program complexity and performance, and (3) ensure the Agency Program Management Council is provided with a set of potential launch scenarios by KDP-C, including life-cycle cost and schedule estimates and an associated Joint Cost and Schedule Confidence Level for each. In addition, we recommended NASA's Chief Program Management Officer (4) assess the efficacy of large mission pre-formulation guidance and develop a corrective action plan that addresses the concerns and recommendations of the October 2020 Large Mission Study.
We provided a draft of this report to NASA management who concurred or partially concurred with our recommendations and described planned actions to address them. We consider management's comments responsive to Recommendations 2 and 3, and therefore both are resolved and will be closed upon completion and verification of the proposed corrective actions. Regarding Recommendations 1 and 4, while we consider management's comments responsive, we will require further discussions and documentation from management before deciding whether to close them as requested.
* * *
TABLE OF CONTENTS
Introduction ... 1
Background ... 3
Lack of a Stable Design Is Impairing the MSR Program's Ability to Establish a Realistic Life-Cycle Cost and Schedule Estimate ... 16
Capture, Containment, and Return System Design Issues Delayed Completion of Program Formulation Phase ... 16
Schedule Delays in Completing Formulation ... 19
Latest Life-Cycle Cost Estimate Is Not Realistic ... 22
Enhanced Coordination Needed between NASA and ESA ... 23
Other Factors to Consider in Establishing a Stable Design and Reliable Cost and Schedule Estimate ... 26
Conclusion ... 28
Recommendations, Management's Response, and Our Evaluation ... 29
Appendix A: Scope and Methodology ... 31
Appendix B: Mars Sample Return Program Components ... 34
Appendix C: Evolution of SRL and CCRS Design Architectures ... 36
Appendix D: NASA Mission Risk Classifications ... 38
Appendix E: Relevant Funding History ... 39
Appendix F: Management's Comments ... 40
Appendix G: Report Distribution ... 44
* * *
INTRODUCTION
The Mars Sample Return (MSR) Program is a partnership between NASA and the European Space Agency (ESA) designed to return Martian geological samples to Earth for scientific study in the early 2030s. A part of NASA's MSR Campaign, the MSR Program is one of the most technically complex, operationally demanding, and ambitious robotic science missions ever undertaken by NASA (see Figure 1).
* * *
Figure 1: Mars Sample Return Concept Illustration
Source: NASA Office of Inspector General (OIG) presentation of Agency information.
* * *
The potential for discovering evidence of life on other planets as well as the desire to understand the geology and history of Earth's closest planetary neighbor has inspired exploration efforts on Mars for several decades. Recommendations from the National Academies of Sciences, Engineering, and Medicine spanning nearly 30 years identified these efforts among the highest priorities of the planetary science research community. Since the 1960s NASA has invested billions of dollars in exploring the Red Planet with satellites, landers, and rovers culminating in the creation of the MSR Campaign. As the first phase of that campaign, NASA's Perseverance rover is currently operating on Mars and collecting samples on the planet's surface./1
NASA will soon review the MSR Program's plan for retrieving and returning the samples to Earth and determine whether to authorize the Program to proceed into development. To this end, MSR Program management is currently assessing the stability of its mission design and seeking to develop realistic cost and schedule estimates as part of the Program's Formulation Phase. However, since NASA approved the MSR Program to proceed into formulation in December 2020, the Program has faced significant challenges finalizing the design of one of its key flight components, leading to schedule delays that may ultimately result in the loss of one or more potential launch window opportunities. In addition, the unofficial life-cycle cost estimate of $7.4 billion as of June 2023 is almost 20 percent above the top of the preliminary life-cycle cost estimate of $5.9 to $6.2 billion established in September 2022 during the Program's Formulation Phase. An independent review of the MSR Program released in September 2023 recommended the Program evaluate alternative mission architectures, including options that delay launch dates and could lead to cost estimates in the range of $8 to $11 billion.
Because of highly constrained launch windows associated with planetary science missions, environmental conditions affecting operations on the surface of Mars, and other constraints that need to be considered in planning a mission schedule, changes to the MSR Program's architecture and timing could impact the quantity and quality - and ultimately the scientific value - of any samples returned. Additionally, considering the constrained budget environment NASA is likely to find itself in for the next several fiscal years, budget increases required for the MSR Program to maintain its current funding profile will most likely come at the expense of other projects in the Agency's science portfolio.
Until the MSR Program design is stable, a realistic cost and schedule baseline commitment cannot be established. MSR is approaching its next Key Decision Point (KDP) review (KDP-C) at which time NASA will evaluate Program plans and determine whether the Program should proceed into development. NASA must be able to conduct this review based on a stable design and realistic cost and schedule commitments while considering the interests of its various stakeholders. This review process will assist the Agency in making an informed decision regarding the future of the MSR Program that could include options such as (1) approving the Program to proceed into development and targeting more immediate launch opportunities, (2) delaying Program development and launch, or (3) canceling the Program outright.
In this audit, we evaluated NASA's management of the MSR Program relative to established cost, schedule, technological goals, and risks. Specifically, we determined whether the Program (1) is on track to develop a stable design prior to proceeding to development, (2) is poised to establish a realistic life-cycle cost estimate at KDP-C, (3) is prepared to establish realistic launch schedule dates for the Earth Return Orbiter (ERO) and Sample Retrieval Lander (SRL) projects at KDP-C, and (4) has identified and is adequately addressing programmatic and technical issues and risks to effectively accomplish its formulation goals. Details of the audit's scope and methodology are outlined in Appendix A.
* * *
Background
Planetary Science Decadal Survey
NASA solicits guidance from the National Academies of Sciences, Engineering, and Medicine on planning and prioritizing planetary exploration missions and research through the Academies' Planetary Science Decadal Survey process. Updated approximately every 10 years, the Decadal Survey identifies what the Academies believe are the most pressing planetary science and astrobiology questions based on input from the wider planetary science community.
In its 2003 Decadal Survey, the Academies noted that the underlying motivation for exploration of Mars is "the possibility that conditions favorable for life may have existed there in the past."/2
Therefore, a sample return mission would be required because it is unlikely that examination of the Martian atmosphere, soil, and rock conducted on the surface of Mars (i.e., an in situ examination) could perform the requisite analysis at an acceptable level of scientific certainty to thoroughly answer questions about the planet's geochemistry and climate and ultimately establish whether life does now or did previously exist on Mars. In addition to supporting smaller Mars exploration efforts, the Decadal Survey noted that its Mars Panel "attaches the greatest importance to Mars Sample Return" with its eye on a launch "early in the next decade (2013-2020)."
Similarly, the 2013 Decadal Survey recommended a high-priority focus on Mars exploration efforts, supporting a "Mars Astrobiology Explorer-Cacher" mission as "the first of three components of the Mars Sample Return campaign."/3
The cacher mission was recommended as the "highest priority flagship mission for the decade 2013-2022," intended to perform in situ science on the surface of Mars as well as collect samples for future return to Earth as "fundamental advances in addressing the important questions [related to planetary science] will come only from analysis of returned samples." The 2023 Decadal Survey stated that "the highest scientific priority of NASA's robotic exploration efforts this decade should be completion of Mars Sample Return," noting that the mission "is of fundamental strategic importance to NASA, U.S. leadership in planetary science, and international cooperation and should be completed as rapidly as possible."/4
It also stated that costs needed to be contained so as to not undermine the balance of the planetary portfolio. Specifically, if costs increased by 20 percent or more above $5.3 billion or annual budget requests exceeded approximately 35 percent of the total Planetary Science Division budget, then NASA should work with the Administration and Congress to secure additional funding.
* * *
CONCLUSION
NASA is in the process of formulating one of the most significant and complex missions it has ever undertaken. The MSR Program is the culmination of decades of Mars missions that have aggregated knowledge and capabilities to enable the retrieval of the first-ever samples from another planet. Beyond the scientific value of potentially answering the question of whether life has or can exist outside our planet, the MSR Program is also important in supporting the United States in its quest to land humans on Mars in the coming decades.
However, the MSR Program recently acknowledged that it likely cannot meet the life-cycle cost and schedule estimates it set for the Program when it started formulation. The Program has already experienced significant cost growth and delays to its formulation timeline, and in September 2023 an IRB made significant recommendations that could affect the current mission design. While adjustments to cost, schedule, and scope during formulation are typical in complex missions, as NASA moves to establish a stable design with the optimal samples to be retrieved and optimal launch dates, it is critical not to underestimate the corresponding cost and schedule when it sets its baseline commitment at KDP-C.
Due to the scale of the MSR Program and the resources required for its successful completion, the potential magnitude of adjustments to its design or cost and schedule commitments after formulation likely will have consequences to other NASA science missions. To maximize the potential for MSR's success while also minimizing the risk of negative impacts outside of the MSR Program, it is vital that NASA review the Program as a comprehensive plan including a variety of mission scenarios and incorporate stakeholder interests. Only with a stable design and reliable cost and schedule estimates can NASA evaluate MSR and commit to a realistic path forward for this Program with a full understanding of the potential requirements and consequences of its decision at KDP-C.
* * *
RECOMMENDATIONS, MANAGEMENT'S RESPONSE, AND OUR EVALUATION
To provide the Agency Program Management Council with the necessary information to make an informed decision at KDP-C in the best interest of stakeholders regarding development of the MSR Program, we recommended NASA's Associate Administrator for Science Mission Directorate:
1. Ensure the MSR Program establishes a stable CCRS design prior to establishing the life-cycle cost and schedule estimate at KDP-C, incorporating recommendations from the 2023 IRB as appropriate.
2. Ensure the life-cycle cost and schedule estimates properly incorporate MSR Program complexity and performance as factors and do not only focus on external cost growth impacts and ongoing design issues.
3. Ensure the Agency Program Management Council is provided with a set of potential launch scenarios by KDP-C, including life-cycle cost and schedule estimates and an associated Joint Cost and Schedule Confidence Level for each.
In addition, we recommended NASA's Chief Program Management Officer:
4. Assess the efficacy of large mission pre-formulation guidance and develop a corrective action plan that addresses the concerns and recommendations of the October 2020 Large Mission Study.
We provided a draft of this report to NASA management who concurred or partially concurred with our recommendations and described planned actions to address them. We consider management's comments responsive to Recommendations 2 and 3, and therefore both are resolved and will be closed upon completion and verification of the proposed corrective actions. Regarding Recommendations 1 and 4, while we consider management's comments responsive, we will require further discussions and documentation from management before deciding whether to close them as requested.
Management's comments are reproduced in Appendix F. Technical comments provided by management and revisions to address them have been incorporated as appropriate.
* * *
View full report here: https://oig.nasa.gov/docs/IG-24-008.pdf
NASA IG Audit: High-End Computing Capabilities
WASHINGTON, March 17 (TNSRep) -- NASA Inspector General issued the following audit report (No. IG-24-009) on March 14, 2024, entitled "High-End Computing Capabilities."
Here are excerpts:
* * *
RESULTS IN BRIEF
WHY WE PERFORMED THIS AUDIT
Since its inception, NASA has pioneered many high-end computing (HEC) technologies and techniques that have become standard. HEC, or supercomputing, provides the critical processing power and time-saving capabilities that allow NASA to gain insight from large amounts of data that would take normal computers much longer to assess. A broad spectrum of employees, ... Show Full Article WASHINGTON, March 17 (TNSRep) -- NASA Inspector General issued the following audit report (No. IG-24-009) on March 14, 2024, entitled "High-End Computing Capabilities." Here are excerpts: * * * RESULTS IN BRIEF WHY WE PERFORMED THIS AUDIT Since its inception, NASA has pioneered many high-end computing (HEC) technologies and techniques that have become standard. HEC, or supercomputing, provides the critical processing power and time-saving capabilities that allow NASA to gain insight from large amounts of data that would take normal computers much longer to assess. A broad spectrum of employees,researchers, partners, external collaborators, and NASA Mission Directorates use the Agency's HEC capabilities. For example, NASA is currently using HEC capabilities to model the Agency's planned human landing on Mars, as well as to process and analyze the physics and environmental data critical to a successful landing. NASA's two main HEC facilities are the NASA Center for Climate Simulation at Goddard Space Flight Center and the NASA Advanced Supercomputing facility at Ames Research Center, but--thanks to remote access and cloud computing - NASA's HEC resources are used across NASA Centers and by authorized external partners around the world.
NASA manages HEC systems differently than its other computer systems. As one of five capability portfolios - a collection of functionally similar, site-specific capability components - NASA policy calls for HEC to be managed in an integrated manner and within budget constraints to meet certain requirements and strategic needs. Although HEC resource requirements are overseen by the Science Mission Directorate (SMD), each Mission Directorate has the autonomy to manage their own data and user access based on their individual requirements. Further, securing HEC systems is challenging due to their size; performance requirements; complex hardware, software, and applications; varying security requirements; and the nature of shared cyber resources.
In this audit, we assessed NASA's overall management of its HEC capabilities. Specifically, we focused on relevant policies, processes and controls, capacity planning, stakeholder engagement, and cybersecurity. We reviewed applicable policies and criteria; interviewed key officials, personnel, and stakeholders; evaluated capacity planning and success metrics; and reviewed techniques to identify and mitigate HEC cybersecurity risks. We met with officials and stakeholders from Headquarters and NASA Centers and benchmarked best practices with the Department of Energy and National Oceanic and Atmospheric Administration. We also participated in the National Institute of Standards and Technology (NIST) HEC security working group meetings to increase our comprehension of supercomputing technical architecture and cybersecurity techniques.
WHAT WE FOUND
Despite a history of innovation in HEC, NASA needs a renewed commitment and sustained leadership attention to reinvigorate its HEC efforts. Without key changes, the Agency's HEC is likely to constrain future mission priorities and goals. NASA's HEC is not managed as a program or centralized Agency strategic service; instead, resources are managed within the Earth Science Research Program within SMD, and this organizational placement hinders NASA's HEC efforts. One scientist within that Program is responsible for HEC capabilities at both HEC facilities, in addition to their Earth science responsibilities. This disjointed organization and management of HEC resources exacerbates several issues, including oversight, monitoring, and the foreign national accreditation access process. Although NASA has identified HEC as a capability portfolio, we found that key guiding documents and frameworks are absent, such as a management plan - an agreement detailing how the portfolio will be managed - and a commitment agreement designed to engage all relevant stakeholders and identify HEC as a strategic activity. Furthermore, while the Office of the Chief Information Officer (OCIO) has some oversight of HEC, it is not directly engaged in HEC activities or governance. Lastly, NASA is not keeping up with technological developments and advanced research computing requirements, in part due to these organizational and funding constraints.
NASA's HEC resources are oversubscribed and overburdened--in other words, Mission Directorates are requesting more computing time than existing capacity can provide. This scarcity drives schedule delays and often leads to NASA teams purchasing their own HEC resources to meet deadlines. For example, the Space Launch System team invests about $250,000 annually to purchase and locally manage their own HEC clusters rather than waiting for existing HEC resource availability. Agency officials told us that, except for Goddard Space Flight Center and Stennis Space Center, there are independent HEC assets installed at almost every NASA Center. NASA also lacks a comprehensive strategy for when to use HEC assets on the premises versus when to utilize cloud computing options - or a widespread understanding of the cost implications for each choice. Stakeholders told us that while they know NASA has HEC cloud computing options, they were hesitant to use them due to unknown scheduling practices or assumed higher costs.
NASA's decentralized HEC management also raises cybersecurity concerns. In addition to teams building their own HEC assets, OCIO-mandated cybersecurity controls are sometimes ignored or bypassed by Mission Directorates that view them as too stringent. OCIO's limited involvement with HEC system management can also result in duplicate spending (such as for software that OCIO already licenses) and difficulty in identifying and controlling access to HEC systems that are not included in OCIO's asset inventory tools. We also identified extensive use of NASA's HEC assets by external and foreign national parties without adequate user activity monitoring or a review process by security personal for gaining access to HEC systems. Finally, we found that individual Center HEC asset users are not steadily monitored, and there are no evaluations conducted to verify rights and accesses granted to international partners. Without an integrated HEC strategy and a more focused, security management approach, the Agency's trailblazing science and technology research will continue to be unnecessarily limited by NASA's disjointed HEC efforts.
WHAT WE RECOMMENDED
To establish executive leadership and strategically position NASA's HEC to meet the Agency's specialized needs, we recommended NASA's Associate Administrator (1) appoint executive leadership to determine the appropriate definition, scope, ownership, organizational placement, and structure for NASA's HEC. Additionally, we recommended that the Associate Administrator establish a tiger team to collaborate and strategize on HEC issues, including: (2) develop enterprise-wide stakeholder requirements to validate commitment agreements as required by policy; (3) identify technology gaps essential for meeting current and future needs and strategic technological and scientific requirements; (4) develop a strategy to improve prioritization and allocation of HEC assets, including on-premises versus cloud resources; (5) evaluate cyber risks to determine oversight and monitoring requirements; (6) implement an HEC classification designation for identifying HEC assets; (7) develop an inventory of enterprise-wide HEC assets; (8) document risk impact, classification, and categorization for all HEC jobs; and (9) identify and mitigate gaps in the foreign national accreditation access process.
We provided a draft of this report to NASA management who concurred with Recommendation 1 and partially concurred with Recommendations 2 through 9. NASA described planned actions to address Recommendation 1 and stated that a tiger team will be established to collaborate and strategize on HEC issues; subsequently, the tiger team will determine the implementation of Recommendations 2 through 9. While we consider management's comments responsive, OIG requests regular updates to understand the planned actions and timeline for implementation and to monitor progress towards implementation of Recommendations 2 through 9. The recommendations are resolved and will be closed upon completion and verification of the proposed corrective actions.
* * *
TABLE OF CONTENTS
Introduction ... 1
Background ... 2
Sustained Leadership Attention and Renewed Commitment Are Needed to Reinvigorate NASA's HEC ... 10
Organizational Structure Hinders NASA's HEC Efforts ... 10
HEC Oversubscription Impacts Missions ... 12
NASA's HEC Lacks a Comprehensive Commercial Cloud Strategy ... 15
Diluted Cybersecurity Practices Expose HEC Risks ... 16
Conclusion ... 19
Recommendations, Management's Response, and Our Evaluation ... 20
Appendix A: Scope and Methodology ... 22
Appendix B: Anatomy of an HEC ... 24
Appendix C: Examples of NASA's HEC in Action ... 25
Appendix D: World Top500 HEC Rankings ... 27
Appendix E: Management's Comments ... 29
Appendix F: Report Distribution ... 32
* * *
INTRODUCTION
Serving a broad spectrum of employees, customers, researchers, partners, and external collaborators, NASA's high-end computing (HEC) capability - previously known as "supercomputers" - provides a comprehensive set of resources and services for the Agency's Mission Directorates as well as the NASA Engineering and Safety Center./1
Because HEC environments differ from traditional information technology (IT) systems, it is more difficult to strike the right balance between scientific and engineering requirements and cybersecurity protections.
Analyzing immense amounts of data would be impossible without HEC capabilities--a typical computer simply cannot process data rapidly enough to meet Agency scientific and engineering demands. For example, HEC capabilities enabled NASA to ingest and analyze months of Kepler observation data to more quickly identify evidence pointing to the existence of exoplanets--many located in the habitable zone./2
Currently, NASA is using HEC capabilities to model the Agency's planned human landing on Mars, as well as to process and analyze the physics and environmental data critical to a successful atmospheric entry and landing on the Martian surface.
Because HEC systems transfer user data into the HEC environment, the system owner is responsible for ensuring the confidentiality, integrity, and availability of that data by employing effective cybersecurity controls./3
However, traditional cybersecurity tools can be either incompatible or overly disruptive in an HEC environment. As a result, cybersecurity considerations may take a back seat to the processing speed and system capabilities needed for scientific research.
In this audit, we assessed NASA's overall management of its HEC capabilities. Specifically, we focused on relevant policies, processes and controls, capacity planning, stakeholder engagement, and cybersecurity. See Appendix A for details on the audit's scope and methodology.
* * *
Background
In a complex, rapidly changing world, government agencies increasingly rely on HEC to manage and process massive volumes of data to solve mission-critical challenges. With the ability to process large amounts of data and perform calculations at high speeds, HEC helps solve large-scale technical and scientific problems, enabling researchers to study subjects that would otherwise be impractical, or impossible, to investigate due to their complexity or the danger they pose. In recent years, HEC has helped the federal government develop treatments for COVID-19, advance scientific research and discovery, and conduct high fidelity operational simulations.
Designed in 1964 by Seymour Cray - known as the "father of supercomputing" - the Control Data Corporation 6600 is considered the first high-end computer. Today, the 6600 is dwarfed when compared to the computing power of common smartphones.
Assessing computing power is highly complex. To simplify for illustration and ease of understanding: the computer's processor clock speed determines how quickly the central processing unit can retrieve and interpret instructions. Today, mobile devices have more computing power than HEC assets through the turn of the 21st century--including the computational ability of the Apollo 11 Guidance Computer that helped put astronauts on the Moon more than half a century ago. See Figure 1 for an illustration comparing processing power through the years and Appendix B for additional information.
* * *
Figure 1: Example Comparing Computer Processing Power
Source: NASA Office of Inspector General (OIG) presentation of Adobe information.
Note: "FLOPS" stands for floating point operations per second.
* * *
However, while interesting, this comparison is not precise. It's like comparing the first airplanes designed by the Wright Brothers and a fighter jet - both could fly, but the two are, technologically, worlds apart. Making a side-by-side comparison of computing power is difficult because there are many ways to measure computational performance, such as the speed at which a system calculates floating point operations per second, known as FLOPS, or the speed at which a system can run graphics-intensive applications. Performance also depends on several other factors, such as the amount and speed of memory, network performance, and how well the computer code utilizes the system hardware.
In 1991, when the Federal High-Performance Computing and Communications initiative began ramping up, NASA was tasked with conducting basic and applied research in networking and information technology, particularly in the field of computational science, with emphasis on aerospace sciences, Earth and space sciences, and remote exploration and experimentation./4
In 2015, an Executive Order established the National Strategic Computing Initiative (NSCI) and a whole-of-government HEC strategy./5
The NSCI, in collaboration with industry and academia, led to the creation of a cohesive, multi-agency vision and federal investment to maximize the benefits of HEC for the United States. As such, NASA was established as a deployment agency - meaning that NASA, along with other deployment agencies, participates in the co-design process to integrate the special requirements of its missions and to influence the early design stages for new HEC systems, software, and applications./6
In 2021, the Government Accountability Office (GAO) conducted a review of agencies charged with HEC responsibilities in the NSCI Executive Order./7
Although GAO noted that NASA and the other agencies made advances in HEC research, development, and deployment activities, stakeholders cited ongoing challenges related to the uncertainty over how to meet future funding needs, cloud utilization, and software maintenance.
Since the NSCI was established, the use of HEC for modeling, simulation, and artificial intelligence (AI) has grown substantially./8
NASA, for example, uses a combination of high-end computers, AI, and satellite data to process extremely large volumes of imagery transmitted by the Transiting Exoplanet Survey Satellite./9
Once the high-end computer processes the raw data, the data is used to investigate vast regions of space for valuable scientific data hidden within multiple star systems. As more agencies rely on HEC to process their data, these systems become high-profile targets for attackers. To protect information, the Executive Order on Improving the Nation's Cybersecurity mandates that data be encrypted in transit and at rest./10
* * *
CONCLUSION
Preparing for future space exploration is not just about developing large rockets, exploring Mars, and making scientific discoveries. It is also about novel concepts, innovation, and trailblazing--using HEC to solve the most pressing problems with data-driven solutions. Since NASA's inception in 1958 to present day, the Agency's history is written with each unique scientific and technological achievement. NASA has landed people on the Moon, visited every planet in the solar system, touched the Sun, and solved some of the mysteries of our home planet. Although NASA's HEC ecosystem is vital to sustaining mission priorities and advancing science, we found that executive leadership and stakeholder engagement is absent, lacking a cohesive approach to managing HEC across organizational boundaries.
NASA's HEC is currently oversubscribed and overburdened by demand and competing priorities, which impact the wait time for missions to use the assets. The Agency also lacks a strategy on commercial cloud use, contributing to stakeholder misconceptions about cost, scheduling, and capacity. Finally, due to the unique nature of the HEC environment, security controls are often bypassed or not implemented, increasing the risk of cyberattacks. Without an integrated HEC strategy, a more focused management approach, and advocacy, the Agency's trailblazing science and technology research is severely limited while cyber risk is elevated.
* * *
RECOMMENDATIONS, MANAGEMENT'S RESPONSE, AND OUR EVALUATION
To establish executive leadership and to strategically position NASA's HEC capability to better meet the needs of specialized scientific and advanced research computing requirements, we recommended NASA's Associate Administrator:
1. Appoint executive leadership to determine appropriate definition/scope, ownership, organizational placement, and structure (e.g., portfolio, program, enterprise service) of HEC within NASA.
In addition, we recommended that the NASA Associate Administrator establish a tiger team to collaborate and strategize on wide-ranging HEC issues to:
2. Develop enterprise-wide HEC stakeholder requirements to validate commitment agreements as required in NPR 8600.1.
3. Identify technology gaps, such as GPU transition and code modernization, essential for meeting current and future needs and strategic technological and scientific requirements.
4. Develop a strategy to improve HEC asset allocations and prioritization for usage, including the appropriate use of on-premises versus cloud resources.
5. Evaluate cyber risks associated with HEC assets to determine oversight and monitoring requirements, establish risk appetite, and address control deficiencies. Consider using NASA's Splunk enterprise platform as a shared resource.
6. Implement an HEC classification/category designation within RISCS for identifying HEC assets.
7. Develop an inventory of enterprise-wide HEC assets and formalize procedures for hardware and software life-cycle management.
8. Document data risk impact levels, classification, and export control categorization for all HEC jobs.
9. Identify and mitigate gaps in the foreign national accreditation access process.
We provided a draft of this report to NASA management who concurred with Recommendation 1 and partially concurred with Recommendations 2 through 9. NASA described planned actions to address Recommendation 1 and stated that a tiger team will be established to collaborate and strategize on HEC issues; subsequently, the tiger team will determine the implementation of Recommendations 2 through 9. While we consider management's comments responsive, OIG requests regular updates to understand the planned actions and timeline for implementation and to monitor progress towards implementation of Recommendations 2 through 9. The recommendations are resolved and will be closed upon completion and verification of the proposed corrective actions.
* * *
View full report here: https://oig.nasa.gov/docs/IG-24-009.pdf
Federal Housing Finance Agency IG: Agency Regularly Analyze Workforce Data & Assessed Trends in Hiring, Awards & Promotions
WASHINGTON, March 17 (TNSrep) -- The Federal Housing Finance Agency Inspector General issued the following compliance review (No. COM-2024-004) entitled "Agency Regularly Analyze Agency Workforce Data and Assessed Trends in Hiring, Awards and Promotions.'
Here are excerpts:
* * *
Executive Summary
In 2014, nine members of the U.S. House of Representatives asked the Inspectors General at seven financial regulators, including FHFA, to review diversity and related workplace issues at their agencies to determine whether any personnel practices were discriminatory or otherwise disadvantaged minorities ... Show Full Article WASHINGTON, March 17 (TNSrep) -- The Federal Housing Finance Agency Inspector General issued the following compliance review (No. COM-2024-004) entitled "Agency Regularly Analyze Agency Workforce Data and Assessed Trends in Hiring, Awards and Promotions.' Here are excerpts: * * * Executive Summary In 2014, nine members of the U.S. House of Representatives asked the Inspectors General at seven financial regulators, including FHFA, to review diversity and related workplace issues at their agencies to determine whether any personnel practices were discriminatory or otherwise disadvantaged minoritiesfrom obtaining senior management positions.
As a result of this request, our 2015 evaluation analyzed workforce and diversity data available from FHFA for the period of 2011-2013, and we identified statistically significant differences in bonuses and awards. We recommended that FHFA "[r]egularly analyze Agency workforce data and assess trends in hiring, awards, and promotions." FHFA agreed with the recommendation.
In response to our recommendation, FHFA engaged the U.S. Office of Personnel Management (OPM) to perform an Equal Employment Opportunity (EEO) analysis of data regarding the Agency's 2015 employee performance ratings, performance-based bonus distributions, and awards (awards). FHFA analyzed its performance ratings, awards, and bonuses for the years 2016 and 2017 and confirmed that it planned to do so for 2018 and 2019. We closed the recommendation on March 25, 2020, based on the Agency's corrective actions.
We initiated this compliance review to assess whether FHFA regularly analyzed workforce data and assessed trends in hiring, awards, and promotions from April 1, 2020, through April 1, 2023 (the review period). We found that it did so. During the review period, FHFA analyzed workforce data and assessed trends in hiring and promotions, and reported its results in its OMWI Annual Report to Congress. We also found that FHFA analyzed hiring, awards, and promotions data and reported its results to the U.S. Equal Employment Opportunity Commission (EEOC) as required. Additionally, working with OPM, FHFA has performed analyses to identify and implement ways to enhance hiring, awards, and promotions.
This report was prepared by Kristopher Brash Dixon, Program Analyst, and Karen Van Horn, Senior Investigative Counsel. We appreciate the cooperation of FHFA staff, as well as the assistance of all those who contributed to this report's preparation.
This report has been distributed to Congress, the Office of Management and Budget, and others and will be posted on our website, http://www.fhfaoig.gov.
Brian W. Baker, Deputy Inspector General, Office of Compliance
* * *
TABLE OF CONTENTS
EXECUTIVE SUMMARY ... 2
ABBREVIATIONS ... 5
BACKGROUND ... 6
Women and Minorities in FHFA's Workforce ... 6
OIG's 2015 Evaluation Identified a Statistically Significant Difference in Awards Made to Certain Senior Employees ... 6
FHFA's Corrective Actions ... 6
FINDINGS ... 7
FHFA Regularly Analyzed Agency Workforce Data and Assessed Trends in Hiring,
Awards, and Promotions ... 7
FHFA Partnered with OPM to Analyze Data and Assess Trends ... 7
OMWI Analyzed and Reported Hiring and Promotions Data Only ... 8
OEOF Analyzed and Reported Hiring, Awards, and Promotions Data ... 8
CONCLUSIONS ... 9
OBJECTIVE, SCOPE, AND METHODOLOGY ... 10
ADDITIONAL INFORMATION AND COPIES ... 11
* * *
FINDINGS
We initiated this compliance review to assess whether FHFA continued to regularly analyze workforce data and assess trends in hiring, performance awards, and promotions during the review period, which was April 1, 2020, through April 1, 2023. To make our assessments, we reviewed FHFA documentation and interviewed FHFA officials from the three Agency offices that share responsibility for the analysis of workforce data and assessment of trends in hiring, performance awards, and promotions: (1) the Office of Human Resources Management; (2) the Office of Minority and Women Inclusion (OMWI); and (3) the Office of Equal Opportunity and Fairness (OEOF). We found that during the review period, FHFA regularly analyzed Agency workforce data and assessed trends in hiring, awards, and promotions.
* * *
CONCLUSIONS
During our review period, FHFA regularly performed analysis of workforce data and assessed trends in hiring, awards, and promotions. Much of the Agency's analysis regarding hiring and promotions was and continues to be reported in the OMWI Annual Report to Congress. While information pertaining to awards, as detailed above, is not included in OMWI's published reports, we found that the Agency has analyzed award data and has included it in its MD-715 reports submitted directly to the EEOC. Additionally, based on recommendations from analysis they performed with OPM, FHFA is implementing initiatives intended to impact hiring, awards, and promotions.
* * *
The report is posted at: https://www.fhfaoig.gov/sites/default/files/COM-2024-004.pdf
Federal Independent Agencies