Home / Civilian / VA IG: Dept’s IT Office Must Implement Mobile Configuration Mgmt, App Blacklisting Procedures

VA IG: Dept’s IT Office Must Implement Mobile Configuration Mgmt, App Blacklisting Procedures

The Department of Veterans Affairs Inspector General has found that while the agency’s Office of Information Technology enforced proper mobile security measures, there were certain issues in the fortification of its network infrastructure.

The IG report, released on Tuesday, states that OIT didn’t address vulnerabilities in configuration management and failed to implement blacklisting procedures for mobile applications that could lead to malicious attacks and loss of data to unsafe cloud environments.

According to the audit team’s findings, OIT doesn’t implement configuration management tools to handle automated updates for mobile devices and applications. The Government Accountability Office’s Federal Information System Controls Audit Manual states that such controls “provide reasonable assurance that changes to information system resources are authorized and systems are configured and operated securely and as intended.”

The OIT director of mobile technology and endpoint security engineering noted that the office didn’t implement blacklisting due to the amount of workload associated with the vetting process.

OIT handles over 50,000 VA devices through a centralized, enterprise-wide Mobile Device Management system.

Check Also

Air Force Directorate Accelerates Award of Phase II SBIR Contracts

The U.S. Air Force's digital directorate utilized a method that allowed the service branch to speed up the award of seven contracts worth $6.75M through the second phase of the Small Business Administration's Small Business Innovative Research vehicle.