All Reports

Date Issued
|
Report Number
23-01138-203

Open Recommendation Image, SquareOpenClosed and Implemented Recommendation Image, CheckmarkClosed-ImplementedNot Implemented Recommendation Image, X character'Closed-Not Implemented
No. 1
Open Recommendation Image, Square
to Information and Technology (OIT)
Improve vulnerability management processes to ensure system changes occur within organization timelines.
No. 2
Open Recommendation Image, Square
to Information and Technology (OIT)
Develop and approve an authorization to operate for the special-purpose systems.
No. 3
Open Recommendation Image, Square
to Information and Technology (OIT)
Include system personnel during the security categorization process to ensure that all necessary information types are considered when determining the security categorization for special-purpose systems.
No. 4
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Review the list of unauthorized software and remediate or remove unneeded software at the facility.
No. 5
Open Recommendation Image, Square
to Information and Technology (OIT)
Implement the appropriate physical security controls to restrict and monitor access to the facility, its server room, communication closets, and generators.
No. 6
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)

Implement and monitor emergency power and uninterruptible power supplies that support information technology resources.

No. 7
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)

Validate that appropriate physical and environmental security measures are implemented and functioning as intended.

Date Issued
|
Report Number
23-01179-204

Open Recommendation Image, SquareOpenClosed and Implemented Recommendation Image, CheckmarkClosed-ImplementedNot Implemented Recommendation Image, X character'Closed-Not Implemented
No. 1
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)

Implement a more effective vulnerability management program to address security deficiencies identified during the inspection.

No. 2
Open Recommendation Image, Square
to Information and Technology (OIT)
Ensure vulnerabilities are remediated within OIT’s established time frames.
No. 3
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Ensure that physical access for the data center and communication rooms are reviewed on a quarterly basis.
No. 4
Open Recommendation Image, Square
to Information and Technology (OIT)
Ensure physical access controls are implemented for communication rooms.
No. 5
Open Recommendation Image, Square
to Information and Technology (OIT)
Ensure a video surveillance system is operational and monitored for the data center.
No. 6
Open Recommendation Image, Square
to Information and Technology (OIT)
Ensure communication rooms with infrastructure equipment have adequate environmental controls.
No. 7
Open Recommendation Image, Square
to Information and Technology (OIT)
Ensure water detection sensors are implemented in the data center.
No. 8
Open Recommendation Image, Square
to Information and Technology (OIT)
Test the emergency power bypass during annual uninterruptible power supply testing and document results.
Date Issued
|
Report Number
23-00089-144

Open Recommendation Image, SquareOpenClosed and Implemented Recommendation Image, CheckmarkClosed-ImplementedNot Implemented Recommendation Image, X character'Closed-Not Implemented
No. 1
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
The assistant secretary for information and technology and chief information officer implement a process to minimize the Information Central Analytics and Metrics Platform data reliability issues.
No. 2
Open Recommendation Image, Square
to Information and Technology (OIT)
The assistant secretary for information and technology and chief information officer improve vulnerability management processes to ensure system changes occur within organization timelines.
No. 3
Open Recommendation Image, Square
to Information and Technology (OIT)
The assistant secretary for information and technology and chief information officer develop and approve an authorization to operate for the special-purpose system.
No. 4
Open Recommendation Image, Square
to Information and Technology (OIT)
The assistant secretary for information and technology and chief information officer include system personnel during the security categorization process to ensure that all necessary information types are considered when determining the security categorization for special-purpose systems.
No. 5
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
The assistant secretary for information and technology and chief information officer implement improved mechanisms to ensure system stewards are creating plans of action and milestones for all controls that have not been implemented or assessed.
No. 6
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
The assistant secretary for information and technology and chief information officer ensure network segmentation controls are applied to all network segments with special-purpose systems.
No. 7
Closed and Implemented Recommendation Image, Checkmark
to Veterans Health Administration (VHA)

The VA medical center director install uninterruptible power supplies to eliminate single points of electrical failure supporting the facility.

No. 8
Open Recommendation Image, Square
to Veterans Health Administration (VHA)
The VA medical center director ensure that hot and cold aisles in computer rooms, and electric and data cables are installed in accordance with VA standards.
No. 9
Open Recommendation Image, Square
to Veterans Health Administration (VHA)
The VA medical center director validate that appropriate physical and environmental security measures are implemented and functioning as intended.
No. 10
Closed and Implemented Recommendation Image, Checkmark
to Veterans Health Administration (VHA)

The VA medical center director implement media sanitization methods in accordance with VA policy requirements.

Date Issued
|
Report Number
22-04104-112

Open Recommendation Image, SquareOpenClosed and Implemented Recommendation Image, CheckmarkClosed-ImplementedNot Implemented Recommendation Image, X character'Closed-Not Implemented
No. 1
Open Recommendation Image, Square
to Information and Technology (OIT)
Implement a more effective vulnerability management program to address security deficiencies identified during the inspection.
No. 2
Open Recommendation Image, Square
to Information and Technology (OIT)
Ensure vulnerabilities are remediated within established time frames.
No. 3
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Implement more effective configuration control processes to ensure network devices maintain vendor support.
No. 4
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Ensure the unmanaged database completes the transition to the VA Enterprise Cloud where it can be managed and have security baselines applied.
No. 5
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)

Implement an improved inventory process to ensure that all connected devices used to support VA programs and operations are documented in the Enterprise Mission Assurance Support Service.

No. 6
Open Recommendation Image, Square
to Information and Technology (OIT)
Ensure network infrastructure equipment is properly installed.
No. 7
Open Recommendation Image, Square
to Veterans Health Administration (VHA)
Ensure physical access controls are implemented for communication rooms.
No. 8
Open Recommendation Image, Square
to Veterans Health Administration (VHA)
Ensure a video surveillance system is operational and monitored for the data center.
No. 9
Closed and Implemented Recommendation Image, Checkmark
to Veterans Health Administration (VHA)
Ensure communication rooms with infrastructure equipment have adequate environmental controls.
No. 10
Open Recommendation Image, Square
to Veterans Health Administration (VHA)
Ensure communication rooms with infrastructure equipment have fire-detection and suppression systems.
No. 11
Open Recommendation Image, Square
to Veterans Health Administration (VHA)
Ensure water detection sensors are implemented in the data center.
Date Issued
|
Report Number
22-02961-71
|
Topics:  Information Technology and Security

Open Recommendation Image, SquareOpenClosed and Implemented Recommendation Image, CheckmarkClosed-ImplementedNot Implemented Recommendation Image, X character'Closed-Not Implemented
No. 1
Open Recommendation Image, Square
to Information and Technology (OIT)
The assistant secretary for information and technology and chief information officer implement a more effective vulnerability management program to identify all critical security deficiencies on the network and to remediate vulnerabilities within policy timelines.
No. 2
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
The assistant secretary for information and technology and chief information officer implement a more effective inventory process to identify network devices.
No. 3
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)

The assistant secretary for information and technology and chief information officer implement processes to prevent the use of prohibited software on agency devices.

No. 4
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
The assistant secretary for information and technology and chief information officer test the emergency power bypass during annual uninterruptible power supply testing and document results.
No. 5
Open Recommendation Image, Square
to Information and Technology (OIT)
The assistant secretary for information and technology and chief information officer ensure network segmentation controls are applied to all network segments with medical devices and special-purpose systems.
No. 6
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
The assistant secretary for information and technology and chief information officer ensure access authorization memorandums are present in all communication rooms.
No. 7
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
The assistant secretary for information and technology and chief information officer ensure that physical access for the data center and communication rooms are reviewed on a quarterly basis.
No. 8
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
The assistant secretary for information and technology and chief information officer ensure visitor access records are available and reviewed on a quarterly basis.
No. 9
Open Recommendation Image, Square
to Veterans Health Administration (VHA)
The St. Cloud VA Medical Center director ensure video surveillance systems are operational and monitored for the data center.
No. 10
Open Recommendation Image, Square
to Veterans Health Administration (VHA)
The St. Cloud VA Medical Center director ensure communication rooms with infrastructure equipment have adequate environmental controls.
Date Issued
|
Report Number
22-02960-70
|
Topics:  Information Technology and Security

Open Recommendation Image, SquareOpenClosed and Implemented Recommendation Image, CheckmarkClosed-ImplementedNot Implemented Recommendation Image, X character'Closed-Not Implemented
No. 1
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Verify and make necessary corrections to the systems’ component inventory in the VA’s Enterprise Mission Assurance Support Service.
No. 2
Open Recommendation Image, Square
to Information and Technology (OIT)
Improve vulnerability management processes to ensure system changes occur within organization timelines.
No. 3
Open Recommendation Image, Square
to Information and Technology (OIT)
Develop and approve an authorization to operate for the special-purpose system.
No. 4
Open Recommendation Image, Square
to Information and Technology (OIT)
Validate that appropriate physical and environmental security measures are implemented and functioning as intended.
Date Issued
|
Report Number
22-01854-13
|
Topics:  Information Technology and Security

Open Recommendation Image, SquareOpenClosed and Implemented Recommendation Image, CheckmarkClosed-ImplementedNot Implemented Recommendation Image, X character'Closed-Not Implemented
No. 1
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Implement a more effective vulnerability management program to address security deficiencies identified during the inspection.
No. 2
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Ensure vulnerabilities are remediated within established time frames.
No. 3
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Ensure all databases at the Tuscaloosa VA Medical Center are part of the periodic database scan process.
No. 4
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Implement improved mechanisms to ensure system stewards are updating plans of actions and milestones for all known risks and weaknesses, including those identified during security control assessments.
No. 5
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Ensure network segmentation controls are applied to all network segments with medical devices and special-purpose systems.
No. 6
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Implement capabilities for generating database audit logs and forwarding audit events for review, analysis, and reporting.
No. 7
Open Recommendation Image, Square
to Veterans Health Administration (VHA)
Ensure communication rooms with infrastructure equipment have adequate environmental controls.
No. 8
Closed and Implemented Recommendation Image, Checkmark
to Veterans Health Administration (VHA)
Install uninterruptible power supplies in the communication rooms supporting infrastructure equipment.
Date Issued
|
Report Number
22-01836-12
|
Topics:  Information Technology and Security

Open Recommendation Image, SquareOpenClosed and Implemented Recommendation Image, CheckmarkClosed-ImplementedNot Implemented Recommendation Image, X character'Closed-Not Implemented
No. 1
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Implement a vulnerability management program that ensures system changes within established deadlines.
No. 2
Open Recommendation Image, Square
to Information and Technology (OIT)
Develop and approve a system security plan and an authorization to operate for the special-purpose system.
No. 3
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Include language for contractors to follow federal and VA information technology security requirements in contracts that have an information technology component.
No. 4
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)

Verify that access control lists have been applied to network segments that contain medical systems.

No. 5
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Develop and implement a process to retain database logs for a period consistent with VA’s record retention policy.
No. 6
Closed and Implemented Recommendation Image, Checkmark
to Veterans Health Administration (VHA)
Develop and implement controls to remove an individual’s access rights to computer rooms when access is no longer necessary.
No. 7
Closed and Implemented Recommendation Image, Checkmark
to Veterans Health Administration (VHA)
Implement a process to regularly review applicable reports to ensure that only authorized individuals have computer room access and update the system access authorization memo to include only those individuals necessary to perform job functions.
No. 8
Open Recommendation Image, Square
to Veterans Health Administration (VHA)
Validate that appropriate physical and environmental security measures are implemented and functioning as intended.
No. 9
Closed and Implemented Recommendation Image, Checkmark
to Veterans Health Administration (VHA)
Inventory and verify that records containing personally identifiable information and personal health information are adequately secured.
Date Issued
|
Report Number
22-00973-215
|
Topics:  Information Technology and Security

Open Recommendation Image, SquareOpenClosed and Implemented Recommendation Image, CheckmarkClosed-ImplementedNot Implemented Recommendation Image, X character'Closed-Not Implemented
No. 1
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Implement a more effective process to maintain consistent inventory information for all network segments.
No. 2
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Implement a vulnerability management program that ensures system changes occur within organization timelines.
No. 3
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Implement effective system life-cycle processes to ensure network devices meet standards mandated by the VA Office of Information and Technology Configuration Control Board.
No. 4
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Develop and implement a process to retain database logs for a period consistent with VA’s record retention policy.
No. 5
Open Recommendation Image, Square
to Information and Technology (OIT)
Validate that appropriate physical and environmental security measures are implemented and functioning as intended.
Date Issued
|
Report Number
22-00971-217
|
Topics:  Information Technology and Security

Open Recommendation Image, SquareOpenClosed and Implemented Recommendation Image, CheckmarkClosed-ImplementedNot Implemented Recommendation Image, X character'Closed-Not Implemented
No. 1
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Implement a more effective process to maintain consistent inventory information for all network segments.
No. 2
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Improve the vulnerability and flaw remediation program to accurately identify vulnerabilities and enforce flaw remediation.
No. 3
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Implement effective configuration control processes that ensure network devices maintain vendor support.
No. 4
Open Recommendation Image, Square
to Information and Technology (OIT)
Perform security control assessments of the video surveillance system and obtain an authorization to operate in accordance with set policy.
No. 5
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Ensure installation of distributed network infrastructure equipment that meets VA installation standards, to include proper equipment mounting and clearance.
No. 6
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Ensure routine maintenance is conducted on uninterruptible power supplies.
No. 7
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Implement database authentication processes that comply with VA security requirements.
No. 8
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Implement a physical access control system for the data center and core switch room that is supportable and can meet VA logging requirements.
Date Issued
|
Report Number
21-02453-99
|
Topics:  Information Technology and Security

Open Recommendation Image, SquareOpenClosed and Implemented Recommendation Image, CheckmarkClosed-ImplementedNot Implemented Recommendation Image, X character'Closed-Not Implemented
No. 1
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Implement more effective inventory management tools for all network segments.
No. 2
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Implement a more effective vulnerability and flaw remediation program that can accurately identify vulnerabilities and enforce flaw remediation.
No. 3
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Develop and implement methods to ensure delivery, receipt, and understanding of assigned roles and responsibilities for Consolidated Mail Outpatient Pharmacy activities to ensure full implementation of approved policy.
No. 4
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Develop and implement a disaster recovery plan and capability that will restore operations in the event of a disruption to critical operations.
No. 5
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Task the facility manager to change the default username and password for the security camera system.
No. 6
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Request the Office of Information and Technology to configure audit logging on the misconfigured devices in accordance with established baselines, policy, and procedures.
Date Issued
|
Report Number
21-03305-139
|
Topics:  Information Technology and Security

Open Recommendation Image, SquareOpenClosed and Implemented Recommendation Image, CheckmarkClosed-ImplementedNot Implemented Recommendation Image, X character'Closed-Not Implemented
No. 1
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Implement an effective inventory management system for all network segments.
No. 2
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Implement an effective vulnerability and flaw remediation program that can accurately identify vulnerabilities and enforce flaw remediation
No. 3
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Develop and implement methods to ensure delivery, receipt, and understanding of assigned roles and responsibilities for local activities to ensure full implementation of approved policy.
No. 4
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Implement effective configuration control processes that ensure network devices maintain standards mandated by the VA Office of Information and Technology Configuration Control Board.
No. 5
Open Recommendation Image, Square
to Information and Technology (OIT)
Remove or disable group accounts to comply with established requirements and criteria.
No. 6
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Ensure employees lock devices when they are unattended.
No. 7
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Implement database authentication processes that comply with National Institute of Standards and Technology standards and VA security requirements.
No. 8
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Implement a process to retain database logs for a period consistent with VA’s record retention policy.
No. 9
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Establish a process for validating and logging the sanitization of hard drives.
No. 10
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
Implement parking barriers that meet VA Physical Security & Resiliency Design Manual requirements.
Date Issued
|
Report Number
21-01221-24
|
Topics:  Information Technology and Security

Open Recommendation Image, SquareOpenClosed and Implemented Recommendation Image, CheckmarkClosed-ImplementedNot Implemented Recommendation Image, X character'Closed-Not Implemented
No. 1
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
The Financial Services Center director implements measures to maintain an accurate system inventory.
No. 2
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
The Financial Services Center director implements a more effective patch and vulnerability management program that can accurately identify vulnerabilities and enforce patch application.
No. 3
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
The Financial Services Center director implements systems and information integrity procedures that detail how policies are applied to local systems, and create a mechanism for informing employees of new or updated policies and procedures.
No. 4
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
The Financial Services Center director, in conjunction with the system owner, develops and implements capabilities for all systems to generate audit logs and collect and forward audit events to the Cybersecurity Operations Center for review, analysis, and reporting.
No. 5
Closed and Implemented Recommendation Image, Checkmark
to Information and Technology (OIT)
The Financial Services Center director continues to upgrade the video surveillance system and ensure new capabilities provide full surveillance and video retention to improve monitoring and incident response.
Date Issued
|
Report Number
20-01485-114
|
Topics:  Information Technology and Security

Open Recommendation Image, SquareOpenClosed and Implemented Recommendation Image, CheckmarkClosed-ImplementedNot Implemented Recommendation Image, X character'Closed-Not Implemented
No. 1
Closed and Implemented Recommendation Image, Checkmark
to Veterans Health Administration (VHA)
The OIG recommended the area manager for the Central Texas Veterans Health Care System implement more effective automated inventory management tools.
No. 2
Closed and Implemented Recommendation Image, Checkmark
to Veterans Health Administration (VHA)
The OIG recommended the area manager for the Central Texas Veterans Health Care System implement a more effective patch and vulnerability management program that can accurately identify vulnerabilities and enforce patch application.
No. 3
Closed and Implemented Recommendation Image, Checkmark
to Veterans Health Administration (VHA)
The OIG recommended the area manager for the Central Texas Veterans Health Care System ensure compliance with the media protection standard operating procedure for all employees who work with media storage and ensure compliance with marking and sanitization provisions.