https://oig.nasa.gov/docs/IG-19-022.pdf str. 14
Similarly, we found that NASA did not establish an ISA with the external user whose account was
compromised in the April 2018 incident and instead JPL used a mission-level agreement—an “Operation
Interface Control Document”—that provided the user network access through the remote gateway.
str.10
In April 2018, JPL discovered an account belonging to an external user used to log into JPL’s
mission network had been compromised. Given the architecture of JPL’s network, the attackers
were able to expand their access upon entry and move laterally across the network.