Home / Civilian / External Audit Examines VA Cybersecurity Practices

External Audit Examines VA Cybersecurity Practices

DoD Image

A recent audit found cybersecurity shortcomings at the Department of Veterans Affairs, Fierce Government reports.

Ernst & Young and Clifting Gunderson audited the VA as part of annual oversight required by the Federal Information Security Management Act.

Auditors found that the VA’s central reporting tool had more than 15,000 outstanding plans of action and milestones in fiscal year 2011.

Issues with virtual identity management, access control and audit log monitoring are still looming problems for the VA, according to Fierce Government IT.

The report cited ineffective enforcement of information security policy as the problem.

Auditors recommended that the VA chief information officer develop and implement an agency-wide wide risk management structure and strategy.

The VA also needs an agency-wide incident response timeline and should integrate information security costs into capital planning processes, auditors recommended.

Check Also

Heather Wilson: Air Force to Restructure Space and Missile Systems Center

The U.S. Air Force plans to reorganize the Space and Missile Systems Center¬†by fall 2018 …

Leave a Reply

Your email address will not be published. Required fields are marked *