Hello, Guest.!
VA Submits Plan to Automate Risk Management Measures by 2026
//

VA Submits Plan to Automate Risk Management Measures by 2026

2 mins read

The Department of Veterans Affairs has submitted to the General Services Administration a plan to translate its text-based documentation into Open Security Assessment Language format.

The Federal Risk and Authorization Management Program-compliant OSCAL format system security plan is designed to meet the White House directive for all federal agencies to automate their risk management measures by July 2026, the VA said Wednesday. With the early submission, the VA gained a headstart in the preparation to adopt OSCAL.

‘Great Milestone’ for Security Automation

Michaela Iorga, the OSCAL program director at the National Institute of Standards and Technology, described the VA’s action as a “great milestone” for the federal government’s security automation program, noting that the agency should be lauded for streamlining its risk management process.

“The outcome of the hard work and dedication of the VA team is marking the beginning of a new era in cybersecurity for the federal government,” Iorga said.

OSCAL Benefits and VA’s System Expansion Plans

OSCAL is a standardization framework that supports full automation, enabling agencies to complete the risk management process in just one day. The system allows enterprises to simplify the management of security controls, assessments and authorization for information systems. It also supports integration with security tools for continuous monitoring of a system’s risk posture.

To further take advantage of OSCAL, VA plans to implement the system across the enterprise. The agency will collaborate with internal developers to mature its existing risk and compliance tools, conduct pilots to better understand other federal agencies’ OSCAL deployments and work with FedRAMP to recommend improvements.