External Audit Examines VA Cybersecurity Practices

DoD Image

A recent audit found cybersecurity shortcomings at the Department of Veterans Affairs, Fierce Government reports.

Ernst & Young and Clifting Gunderson audited the VA as part of annual oversight required by the Federal Information Security Management Act.

Auditors found that the VA’s central reporting tool had more than 15,000 outstanding plans of action and milestones in fiscal year 2011.

Issues with virtual identity management, access control and audit log monitoring are still looming problems for the VA, according to Fierce Government IT.

The report cited ineffective enforcement of information security policy as the problem.

Auditors recommended that the VA chief information officer develop and implement an agency-wide wide risk management structure and strategy.

The VA also needs an agency-wide incident response timeline and should integrate information security costs into capital planning processes, auditors recommended.

Check Also


NNSA Intends to Assess Lawrence Livermore National Laboratory for Continued Operations

The National Nuclear Security Administration (NNSA) within the Department of Energy (DoE) has given its approval of an effort to evaluate Lawrence Livermore National Laboratory's potential for continued operations. The LLNL Site-wide Environmental Impact Statement for Continued Operation will assess the environmental impacts of options on whether to maintain the laboratory's operations without significant changes.

Leave a Reply

Your email address will not be published. Required fields are marked *