When it comes to its annual cybersecurity exam, the Department of Veterans Affairs has a less than stellar history.
VA’s inspector general still considers cybersecurity — despite efforts from an array of prior chief information officers — as a material weakness, according to the most recent Federal Information Security Management Act (FISMA) audit.
This is a common challenge for agencies across government, and VA was one of 18 organizations to earn this distinction in 2018.
Even so, VA holds a unique distinction among other agencies, the Government Accountability Office said.
“When it comes to looking at the length of time that it has consistently reported a material weakness in the security controls over its financial systems for financial reporting purposes, it’s been going on 17 years in a row,” Greg Wilshusen, director of IT and cybersecurity at GAO, told the House Veterans Affairs Technology Modernization Subcommittee at a hearing Thursday on VA cybersecurity challenges. “Few agencies meet that longevity of that particular weakness.”
VA’s inspector general made 28 recommendations to improve IT security controls in its most…