Home / Civilian / External Audit Examines VA Cybersecurity Practices

External Audit Examines VA Cybersecurity Practices

DoD Image

A recent audit found cybersecurity shortcomings at the Department of Veterans Affairs, Fierce Government reports.

Ernst & Young and Clifting Gunderson audited the VA as part of annual oversight required by the Federal Information Security Management Act.

Auditors found that the VA’s central reporting tool had more than 15,000 outstanding plans of action and milestones in fiscal year 2011.

Issues with virtual identity management, access control and audit log monitoring are still looming problems for the VA, according to Fierce Government IT.

The report cited ineffective enforcement of information security policy as the problem.

Auditors recommended that the VA chief information officer develop and implement an agency-wide wide risk management structure and strategy.

The VA also needs an agency-wide incident response timeline and should integrate information security costs into capital planning processes, auditors recommended.

Check Also

Four Universities to Manage Nuclear Research Centers Under DOE NNSA Partnerships

The Department of Energy's National Nuclear Security Administration has selected four universities to operate new centers of excellence under a shared allotment of $40.5M. These new centers will work to foster collaboration between the NNSA and academia under the Stewardship Science Academic Alliances program, the DOE said Monday.

Leave a Reply

Your email address will not be published. Required fields are marked *