Chief Information Officer Open Recommendations: Department of Veterans Affairs

What GAO Found

In January 2026, GAO identified 38 open recommendations under the purview of the Department of Veterans Affairs (VA) Chief Information Officer (CIO), from previously issued work. Each of these recommendations relates to a GAO High-Risk area: (1) Ensuring the Cybersecurity of the Nation or (2) Improving IT Acquisitions and Management. In addition, GAO has designated four of the 38 as priority recommendations.

For example, GAO previously recommended that VA fully implement all event logging requirements on the systems used to detect, investigate, and remediate cyber threats as directed by the Office of Management and Budget. Further, GAO recommended that VA develop guidance regarding standardizing cloud service-level agreements.

GAO also previously recommended that the department ensure that it compares its inventories of active software licenses to purchased licenses to identify opportunities to reduce costs and improve investment decisions. The CIO's continued attention to these recommendations will help ensure the secure and effective use of IT at the department.

Why GAO Did This Study

CIO open recommendations are outstanding GAO recommendations that warrant the attention of agency CIOs because their implementation could significantly improve government IT operations by securing IT systems, identifying cost savings, improving major government programs, eliminating mismanagement of IT programs and processes, or ensuring that IT programs comply with laws, among others.

For more information, contact Nick Marinos at marinosn@gao.gov.