The Government Accountability Office (GAO) has recommended that the Department of Veterans Affairs (VA) implement security controls, manage information technology supply chain risks and establish elements of its cybersecurity risk management program as it pursues IT modernization efforts.
GAO said in the report published Wednesday VA has faced challenges when it comes to implementing three IT modernization programs: Veterans Health Information Systems and Technology Architecture (VistA); a system for the Family Caregiver Program; and the Veterans Benefits Management System.
VA has made strides when it comes to achieving data center consolidation goals and improving software licensing but has taken limited actions to enhance chief information officer’s authorities and improve risk management of IT investments in compliance with the Federal Information Technology Acquisition Reform Act (FITARA).
“Until the department implements the act’s provisions, Congress’ ability to effectively monitor VA’s progress and hold it fully accountable for reducing duplication and achieving cost savings will be hindered,” GAO said.