Summary: Tests done by GAO at one of NASA's 10 field centers found that mission-critical information systems were vulnerable to unauthorized access. GAO successfully penetrated several of these systems, including one responsible for calculating detailed positioning data for earth orbiting spacecraft and another that processes and distributes scientific data received from these spacecraft. At that point, GAO could have disrupted NASA's ongoing command and control operations and stolen, modified, or destroyed system software and data. A major factor enabling GAO to penetrate these systems is poor management of information technology security throughout NASA. The agency is aware of these deficiencies. GAO recommends that NASA implement an effective agencywide security program that includes improvements in five areas: assessing risks and evaluating needs, implementing policies and control, monitoring compliance with policy and effectiveness of controls, providing computer security training, and coordinating responses to security incidents.