Information Security: Veterans Affairs Needs to Resolve Long-Standing Weaknesses

GAO-10-727T Published: May 19, 2010. Publicly Released: May 19, 2010.

Highlights

Since 1997, GAO has identified information security as a governmentwide high-risk issue. This has been particularly true at the Department of Veterans Affairs (VA), where the department has been challenged in protecting the availability, confidentiality, and integrity of its information and systems. Since the 1990s, GAO has highlighted the challenges the department has faced, including the need to safeguard personal information. GAO was asked to testify on VA's progress in implementing information security and the department's compliance with the Federal Information Security Management Act of 2002 (FISMA), a comprehensive framework for securing federal information resources. In preparing this testimony, GAO analyzed prior GAO, Office of Management and Budget, VA Office of Inspector General, and VA reports related to the department's information security program.

Full Report

Highlights

Full Report (13 pages)

Accessible Text

GAO Contacts

Gregory C. Wilshusen

Director

Information Technology and Cybersecurity

wilshuseng@gao.gov

Media Inquiries

Sarah Kaczmarek

Managing Director

Office of Public Affairs

media@gao.gov

Public Inquiries

Public Affairs

PublicAffairs@gao.gov

Topics

Information Security

Computer securityConfidential communicationsCyber securityData integrityData lossEmployeesInformation disclosureInformation securityInformation systemsInformation technologyInternal controlsReporting requirementsRisk factorsRisk managementStandardsSystem vulnerabilitiesComplianceProgram implementation