Information Security: VA Needs to Address Identified Vulnerabilities, Report to the Chairman, Committee on Veterans' Affairs, House of Representatives [open pdf - 1MB]
From the Highlights: "In carrying out its mission to ensure the health, welfare, and dignity of the nation's veterans, VA relies extensively on information technology systems that collect, process, and store veterans' sensitive information. Without adequate safeguards, these systems and information are vulnerable to a wide array of cyber-based threats. Moreover, VA has faced long-standing challenges in adequately securing its systems and information, and reports of recent incidents have highlighted the serious impact of inadequate information security on the confidentiality, integrity, and availability of veterans' personal information. GAO was asked to review VA's efforts to address information security vulnerabilities. The objective for this work was to determine the extent to which selected, previously identified vulnerabilities continued to exist on VA computer systems. To do this, GAO reviewed VA actions taken to address previously identified vulnerabilities, including a significant network intrusion, vulnerabilities in two key web-based applications, and security weaknesses on devices connected to VA's network. GAO also reviewed the results of VA security testing; interviewed relevant officials and staff; and reviewed policies, procedures, and other documentation."
Government Accountability Office: http://www.gao.gov/