“The Department of Veterans Affairs (VA) Office of Inspector General (OIG) is calling on the agency to address its slow progress in improving its cybersecurity posture, but the VA said a lack of funding causes the agency to lose high-quality IT personnel.”
“At a House Committee on Veterans’ Affairs Subcommittee on Technology Modernization hearing on June 7, Michael Bowman, director of the IT and security audits division at the VA OIG’s Office of Audits and Evaluations, explained that the VA’s fiscal year (FY) 2021 Federal Information Security Modernization Act (FISMA) audit showed ‘limited progress.'”
“The FY2021 audit included 26 of the same recommendations from the FY2020 audit, and 23 of those have been included in every FISMA report dating back to 2018, according to Bowman.”
“’Our annual FISMA audit and other IG reports demonstrate VA has considerable work in order to achieve better IT security outcomes,’ Bowman said during the hearing. ‘The number of persistent problems, such as weak access controls and deficient configuration management controls, underscores VA’s incremental progress towards improving its security program.'”
“However, Bowman did note that VA’s remaining FISMA recommendations are ‘more institutional findings and recommendations,’ which he said, ‘are more difficult to resolve in a year’s time or maybe even five years’ time.’ VA has remediated the newer findings quickly, Bowman said, and the institutional ones will ‘probably remain on the books for several years to come…'”
Source: VA Shows Limited Cyber Progress, Calls for Higher Pay to Retain Cyber Employees – By Grace Dille, June 7, 2022. MeriTalk.