Home / Civilian / External Audit Examines VA Cybersecurity Practices

External Audit Examines VA Cybersecurity Practices

DoD Image

A recent audit found cybersecurity shortcomings at the Department of Veterans Affairs, Fierce Government reports.

Ernst & Young and Clifting Gunderson audited the VA as part of annual oversight required by the Federal Information Security Management Act.

Auditors found that the VA’s central reporting tool had more than 15,000 outstanding plans of action and milestones in fiscal year 2011.

Issues with virtual identity management, access control and audit log monitoring are still looming problems for the VA, according to Fierce Government IT.

The report cited ineffective enforcement of information security policy as the problem.

Auditors recommended that the VA chief information officer develop and implement an agency-wide wide risk management structure and strategy.

The VA also needs an agency-wide incident response timeline and should integrate information security costs into capital planning processes, auditors recommended.

Check Also

New VA Law Set to Streamline Claims, Appeals Process for Veterans

The Department of Veterans Affairs implemented legislation to streamline the agency’s claims and appeals process for former U.S. service members. VA said Tuesday that the Veterans Appeals Improvement and Modernization Act of 2017 will reduce its inventory of legacy appeals. 

Leave a Reply

Your email address will not be published. Required fields are marked *