Va Cyber Security Research Paper

1280 words 6 pages
Department of Veterans Affairs Security Profile 1. Preface
This security profile of the Department of Veterans Affairs (VA) is based on two documents of public record. The first is the published VA Handbook 6500 (VAH 6500) which defined policy and procedures for systems within the purview of the VA (Department of Veterans Affairs, 2007). The second document is the Federal Information Security Management Act Assessment for FY 20011 commissioned by the VA Office of Inspector General (OIG) and performed by Ernst & Young in accordance with Federal Information Security Management Act (FISMA) guidelines (VA Office of Inspector General, 2012, p. i). 2. Identification of Controls
This security profile presents one control function
…show more content…

The OIG 2011 FISAM Assessment findings indicate a centrally managed training database be used to ensure personnel receive the proper training needed for their job function (VA Office of Inspector General, 2012, p. 15). 5. Technical Controls
The technical control area focuses on minimizing and/or preventing access to a system(s) by unauthorized individuals via technical measures. The measures are designed to ensure the confidentiality, integrity and availability of a system(s) (VA Office of Inspector General, 2012, p. 54). 6.7. VAH6500 Section 6.c.(3) Remote Access Control
VAH6500 relies on nineteen policy requirements to enforce technical control. VA policy states that no sensitive information may be transmitted via internet or intranet without proper security mechanisms that meet NIST FIPS 140-2 criteria (Department of Veterans Affairs, 2007, p. 61). Each department within the Agency is responsible for monitoring remote access and privilege functions. Access can be revoked by a supervisor or superior at any time. The remaining requirements cover contractor access, PKI certificate distribution and termination of accounts. System protection is the responsibility of the ISO for each area of access. 6.8. Implementation Assessment
VAH6500 does not utilize NIST SP 800-46 Guide to Enterprise Telework and Remote Access Security. The OIG 2011 FISAM Assessment also indicates some remote access systems do not