Press Release: Audit of Space Force’s Implementation of Software Assurance for the Next Generation Overhead Persistent Infrared Program (Report No. DODIG 2025 001)

Inspector General Robert P. Storch announced today that the Department of Defense Office of Inspector General (DoD OIG) released the "Audit of Space Force's Implementation of Software Assurance for the Next Generation Overhead Persistent Infrared Program."

The audit examined whether the Next Generation Overhead Persistent Infrared (Next Gen OPIR) program management office effectively implemented software assurance activities to identify and mitigate vulnerabilities in system software for the Geosynchronous Earth Orbit satellites. Software assurance is the level of confidence that software functions only as intended and is free of vulnerabilities, either intentionally or unintentionally designed or inserted as part of the software. The DoD OIG selected the Next Gen OPIR program for review based on the program's software development progress through the DoD acquisition lifecycle at the time it was selected, and the level of software-dependent components within the system.

The DoD OIG found that the program management office officials did not ensure that the program protection plan was consistently updated to reflect the contractor's progress in implementing software assurance. Additionally, the DoD OIG found that program management officials had not submitted the program protection plan for Milestone Decision Authority approval since October 2020.

"Software assurance is critical for the DoD to ensure the integrity, security, and reliability of its systems," said IG Storch. "With the increasing complexity of software used in defense operations, vulnerabilities can pose significant risks to mission success and national security. By implementing thorough software assurance practices, the DoD can reduce the likelihood of cyberattacks, system failures, and compromised data, ultimately protecting critical assets, enhancing operational effectiveness, and safeguarding military missions."

The DoD OIG recommended that the Under Secretary of Defense for Research and Engineering revise DoD guidance to include a process for identifying risks associated with software assurance activities and tracking the acceptance of any risk left unmitigated. The DoD OIG also made six recommendations to the Next Gen OPIR program manager, including ensuring regular updates to the Geosynchronous Earth Orbit program protection plan to accurately reflect the program management office and contractor's progress in implementing software assurance activities.

The DoD OIG will continue to monitor the DoD's progress toward fully implementing all recommendations.