Information Security: Sustained Management Commitment and Oversight Are Vital to Resolving Long-standing Weaknesses at the Department of Veterans Affairs
The U.S. Government Accountability Office (GAO) is an independent agency that works for Congress. The GAO watches over Congress, and investigates how the federal government spends taxpayers dollars. The Comptroller General of the United States is the leader of the GAO, and is appointed to a 15-year term by the U.S. President. The GAO wants to support Congress, while at the same time doing right by the citizens of the United States. They audit, investigate, perform analyses, issue legal decisions and report anything that the government is doing. This is one of their reports.
Weaknesses in info. security (IS) are a widespread problem that can have serious consequences -- such as intrusions by malicious users, compromised networks, and the theft of intellectual property and personally identifiable info. -- and has identified IS as a governmentwide high-risk issue since 1997. Concerned by reports of significant vulnerabilities in fed. computer systems, Congress passed the Fed. IS Mgmt. Act of 2002 (FISMA), which authorized and strengthened IS program, evaluation, and reporting requirements for fed. agencies. This report evaluates: (1) the adequacy and effectiveness of agencies' IS policies and practices; and (2) fed. agencies' implementation of FISMA requirements. Includes recommendations. Illustrations.
The Department of Veterans Affairs (VA) has encountered numerous challenges in managing its information technology (IT) and securing its information systems. In October 2005, the department initiated a realignment of its IT program to provide greater authority and accountability over its resources. The May 2006 security incident highlighted the need for additional actions to secure personal information maintained in the department's systems. In this testimony, GAO discusses its recent reporting on VA's realignment effort as well as actions to improve security over its information systems. To prepare this testimony, GAO reviewed its past work on the realignment and on information security, and it updated and supplemented its analysis with interviews of VA officials.
The fed. gov¿t. is the world's largest and most complex entity, with about $3 trillion in outlays in FY 2008. Reports on high-risk areas bring focus to areas needing attention due to their greater vulnerabilities to fraud, waste, abuse, and mismanagement. These reports also identify areas needing transformation to address major economy, efficiency, or effectiveness challenges. This 2009 update presents the status of high-risk areas listed in 2007 and identifies new high-risk areas. Solutions to high-risk problems offer the potential to save billions of dollars, dramatically improve service to the public, strengthen confidence and trust in the performance and accountability of the U.S. gov¿t., and ensure the ability of gov¿t. to deliver on its promises. Illus.