Fiscal Year 2009 Federal Information Security Management Act Assessment

The Office of Inspector General (OIG) contracted with the independent public accounting firm, Deloitte & Touche LLP to perform an audit of the Department’s information security program in accordance with the FISMA. The results of this annual review of the agency’s information security program are reported to the Office of Management and Budget (OMB). OMB uses this data to assist in its oversight responsibilities and to prepare an annual report to Congress on agency compliance with the Act. The Department continues to face significant challenges in complying with the requirements of FISMA due to the nature and maturity of its information security program. In order to better achieve the FISMA objectives, the Department needs to focus on several key areas, which are attached in the Deloitte & Touche LLP report dated February 24, 2010. This report contains information protected from disclosure under the exemptions of the Freedom of Information Act. The unredacted report is for official use only and is not to be disclosed without the approval of the Department of Veterans Affairs, Office of Inspector General.