Information Security:
Veterans Affairs Needs to Resolve Long-Standing Weaknesses
GAO-10-727T: Published: May 19, 2010. Publicly Released: May 19, 2010.
Additional Materials:
- Highlights Page:
- Full Report:
- Accessible Text:
Contact:
(202) 512-6244
contact@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
Since 1997, GAO has identified information security as a governmentwide high-risk issue. This has been particularly true at the Department of Veterans Affairs (VA), where the department has been challenged in protecting the availability, confidentiality, and integrity of its information and systems. Since the 1990s, GAO has highlighted the challenges the department has faced, including the need to safeguard personal information. GAO was asked to testify on VA's progress in implementing information security and the department's compliance with the Federal Information Security Management Act of 2002 (FISMA), a comprehensive framework for securing federal information resources. In preparing this testimony, GAO analyzed prior GAO, Office of Management and Budget, VA Office of Inspector General, and VA reports related to the department's information security program.
VA has made limited progress in resolving long-standing deficiencies in securing its information and systems. In September 2007 and also March 2010, GAO reported that VA had begun or had continued work on several initiatives to strengthen information security practices, but that shortcomings in the implementation of those initiatives could limit their effectiveness. VA has also consistently had weaknesses in major information security control areas. VA was deficient in each of five major categories of information security controls as defined in the GAO Federal Information System Controls Audit Manual. Further, in VA's fiscal year 2009 performance and accountability report, the independent auditor stated that, while VA continued to make progress, IT security and control weaknesses remained pervasive and continued to place VA's program and financial data at risk. The independent auditor also noted that VA's controls over its financial systems constituted a material weakness (a significant deficiency that can result in an undetected material misstatement of the department's financial statements.) Since 2006, VA's progress in fully implementing the information security program required under FISMA has been mixed. For example, from 2006 to 2009, the department reported a dramatic increase in the percentage of systems for which a contingency plan was tested. However, during the same period, the department reported a decrease in the percentage of employees who had received security awareness training. Until VA fully and effectively implements a comprehensive information security program and mitigates known security vulnerabilities, its computer systems and sensitive information (including personal information of veterans and their beneficiaries) will remain exposed to an unnecessary and increased risk of unauthorized use, disclosure, tampering, theft, and destruction.
Jun 21, 2018
Veterans Health Administration:
Steps Taken to Improve Physician Staffing, Recruitment, and Retention, but Challenges RemainGAO-18-623T: Published: Jun 21, 2018. Publicly Released: Jun 21, 2018.
Jun 4, 2018
-
Veterans Choice Program:
Improvements Needed to Address Access-Related Challenges as VA Plans Consolidation of its Community Care ProgramsGAO-18-281: Published: Jun 4, 2018. Publicly Released: Jun 4, 2018.
May 7, 2018
-
Veterans Affairs Research:
Actions Needed to Help Better Identify Agency InventionsGAO-18-325: Published: Apr 25, 2018. Publicly Released: May 7, 2018.
Apr 19, 2018
-
Transitioning Veterans:
Coast Guard Needs to Improve Data Quality and Monitoring of Its Transition Assistance ProgramGAO-18-135: Published: Apr 19, 2018. Publicly Released: Apr 19, 2018.
Apr 12, 2018
-
VA Health Care:
Actions Needed to Improve Oversight of Community-Based Outpatient ClinicsGAO-18-375: Published: Apr 12, 2018. Publicly Released: Apr 12, 2018. -
VA Health Care:
Improved Guidance and Oversight Needed for the Patient Advocacy ProgramGAO-18-356: Published: Apr 12, 2018. Publicly Released: Apr 12, 2018. -
Veterans Health Administration:
Opportunities Exist for Improving Veterans' Access to Health Care Services in the Pacific IslandsGAO-18-288: Published: Apr 12, 2018. Publicly Released: Apr 12, 2018.
Mar 22, 2018
-
VA Disability Benefits:
Improved Planning Practices Would Better Ensure Successful Appeals ReformGAO-18-352: Published: Mar 22, 2018. Publicly Released: Mar 22, 2018.
Jan 30, 2018
-
VA Disability Benefits:
Opportunities Exist to Better Ensure Successful Appeals ReformGAO-18-349T: Published: Jan 30, 2018. Publicly Released: Jan 30, 2018.
Jan 18, 2018
-
VA Health IT Modernization:
Historical Perspective on Prior Contracts and Update on Plans for New InitiativeGAO-18-208: Published: Jan 18, 2018. Publicly Released: Jan 18, 2018.
Looking for more? Browse all our products here
Explore our Key Issues on Veterans
- Continuity of Health Care from DOD to VA
- Employment in a Changing Economy
- Homelessness
- Illicit Drug Use
- Improving and Modernizing Federal Disability Programs - High Risk Issue
- Managing Risks and Improving VA Health Care - High Risk Issue
- Patient Safety Risks for Veterans and Servicemembers
- Postsecondary Education Access and Affordability
- Supports and Services for Transitioning Veterans
- VA and DOD Health Care Collaboration
Explore our other Key Issues here
