The Department of Veterans Affairs’ office of information and technology has asked VA’s inspector general to close 18 out of 33 recommendations since it has implemented measures to update its information security efforts, Federal News Radio reported Friday.
The office’s statement is in response to the IG’s Federal Information Security Management Act audit report for fiscal 2016, which found that VA failed to address cybersecurity weaknesses for 18 consecutive years.
OI&T said VA updated information systems that require authority to operate by the end of calendar year 2016 and that the department’s enterprise cybersecurity strategy team has begun to implement the authorizations approach in compliance with the Office of Management and Budget’s updated Circular A-130.
VA said ECST also has made changes to its password management efforts, such as the implementation of single sign-on measures and use of smart identity cards.
The department also expects to fully field an event management and security incident tool and ensure that patches and security vulnerabilities are addressed by June 30.
VA also expects to address eight recommendations by Sept. 30 and the remaining five by the end of December.
“As VA provides documentation to support the corrective actions taken on any recommendation, we will review it and make the determination on whether we can close that recommendation,” Linda Halliday, VA’s deputy inspector general, told the station in an email.