In response to a tip received via hotline, the Department of Vertans Affairs (VA) Office of Inspector General investigated an allegation “that certain contractors, without proper security clearances, gained unauthorized access to VA systems and networks.”
The IG investigation:
substantiated the allegation that contractors did not comply with VA information security policies when accessing mission critical systems and networks. Specifically, contractor personnel: (1) improperly shared user accounts when accessing VA networks and Veterans Health Information System and Technology Architecture (VistA) systems; (2) did not readily initiate action to terminate user accounts for separated employees; and (3) did not obtain appropriate security clearances or complete security awareness training prior to gaining access to VA systems and networks.
Moreover, the IG found that “contractor systems contained a number of information security control deficiencies that could allow malicious users to gain unauthorized access to VA information systems.”
The IG audit report also noted that, for the most part, “security control deficiencies during our evaluation of contractor systems at corporate offices and VA medical facilities. . . were consistent with access control and configuration management security weaknesses identified in our Federal Information Security Management Act assessment of VA for 2010.”
Attached below is the OIG report.
Leave a Reply