The Government Accountability Office has found that the Department of Veterans Affairs still faces multiple cybersecurity challenges in the course of modernization.
VA must implement security controls to protect sensitive information, identify cybersecurity workforce needs, manage information technology supply chain risks and address known vulnerabilities, GAO said Thursday.
The department exhibited a lack of performance in financial reporting security reporting during fiscal year 2018, with deficiencies in access control, configuration management, contingency planning and other areas.
VA met six of 10 administration-imposed cybersecurity goals and holds one of 18 agency information security programs that inspector generals identify as ineffective.
A total of 46 GAO-issued recommendations still remain unaddressed by VA.