Fiscal Year 2005 Performance and Accountability Report Published November 15, 2005
Back to Table of Contents
This continues as a governmentwide high-risk area. Additional federal agency and governmentwide efforts are needed to establish effective information security programs that are consistent with the Federal Information Security Management Act of 2002 (FISMA), including allocating sufficient agency resources and monitoring policy and control effectiveness. Federal cyber critical infrastructure protection actions should also include developing policy and guidance, improving analysis and warning capabilities, enhancing trusted relationships, promoting productive information sharing, and identifying R&D requirements. (Note: GAO feedback here is not VA-specific.)
VA's Program Response to GAO6:
In accordance with FISMA, VA has established an agencywide information security program that establishes the following:
Policies, procedures, and guidelines that reduce risk to an acceptable level, ensure that security is addressed throughout the life cycle of each VA information system, and ensure compliance with applicable statutes and executive branch directives.
Security plans for the Department's information systems.
An online, Departmentwide cyber security awareness module, which is updated annually and used as a means to satisfy the requirement for annual security awareness training.
Periodic testing and evaluation of the effectiveness of the Department's information security program and a process for planning, implementing, evaluating, and documenting remedial action to address information security deficiencies through methods such as vulnerability scans, penetration testing, compliance inspections, the annual FISMA survey, and the VA Security Configuration and Management Program.
Procedures for detecting, reporting, and responding to security incidents; plans and procedures to ensure continuity of operations through a national incident response capability; and Departmentwide and local contingency planning initiatives.
|