Stephen Warren, the Department of Veterans Affairs’ chief information officer, has said the department is making progress on its cyber goals despite the deficiencies highlighted in a recent Inspector General audit, Federal News Radio reported Friday.
Jason Miller writes the IG’s 16th Federal Information Security Management Act report found shortcomings in VA’s configuration management, server security standards, databases and network devices, and remediation processes.
“In spite of the work that we had done, there were areas where the intensity wasn’t where it needed to be,” Warren told the station.
He said VA appointed Dan Galick as the operational security manager to “synthesize across the organization,” oversee information security officers at VA facilities nationwide and lead a team to work with field offices to tackle operational security issues, according to the report.
Warren told Federal News Radio that VA also tapped Accenture Federal Services’ ASM Research to help reduce cyber backlog at various VA facilities under a multi-year $300 million contract.
He added that the VA has also streamlined how chief information officers in each facility view systems and vulnerabilities in order to help them identify and fix problems, the station reports.
The IG recommended in its report that VA remove duplicate software systems and block what the IG labels as uncategorized websites, Miller reports.