VA Failed to Protect Critical Computer Systems, Audit Finds


Department servers and networks lack vital security protections.

In another blow to the beleaguered Veterans Affairs Department, the VA inspector general reported today that an audit by an outside accounting firm revealed continuing problems protecting mission critical systems.

The audit, conducted by CliftonLarsonAllen LLP, said that although VA has made progress developing security policies and procedures, it suffers from “significant deficiencies related to access controls, configuration management controls, continuous monitoring controls, and service continuity practices designed to protect mission-critical systems.”

These problems, in part, stem from the fact that VA hasn’t instituted security standards on all its servers and network gadgets, and still needs to remediate 6,000 previously identified risks.

(Image via amaze646/