Cybersecurity: Independent assessment and VA response generally met requirements

VA depends on critical IT systems to manage benefits and provide health care to veterans and their families. VA’s highly networked and technologically diverse systems create unique cybersecurity complexities. Protecting these systems from cyber threats is imperative.

The Strengthening VA Cybersecurity Act of 2022 includes a provision for GAO to evaluate an independent cybersecurity assessment and VA’s remediation plan in response to the assessment.

GAO has examined the extent to which (1) the independent cybersecurity assessment addressed the act and federal guidance, (2) VA’s remediation plan adhered to the act, (3) the department reported remediating the assessment’s findings, and (4) VA’s efforts to remediate selected findings adhered to federal requirements.

Read more at Government Accountability Office