It might not be authenticated. For some NASA probes, they just figured that any attacker would need control of a global network of high-gain radio antennas, and there aren't very many of those. Physical security at DSN tracking sites is sufficient in most cases.

I wonder if this threat vector will change as more countries become space bound. Curious to see the JPL Security Coding Guidelines, whenever that is written.

AES-256 on both uplink and downlink sides. It's fast enough and the NSA thinks it's good enough. Put a timestamp inside the cleartext to prevent replay attacks and re-key the encryption module every so often to prevent cryptoanalysis from breaking your current key.