The VA Office of Inspector General’s information security inspection program assesses whether VA facilities are meeting federal security requirements related to four control areas the OIG determined to be at highest risk. For this inspection, the OIG selected the Health Eligibility Center (HEC) in Atlanta, Georgia. The OIG found deficiencies in three of the four areas inspected.
Configuration management controls, which identify and manage security features for all hardware and software components of an information system, were deficient in vulnerability remediation, system life-cycle management, and remediation of unauthorized software.
There were no deficiencies in contingency planning controls, which include physical and environmental controls.
In the area of security management, about 3.3 million veterans’ records containing sensitive personal information were not encrypted. VA security policy requires the encryption of sensitive information hosted on computer systems.
Access controls provide reasonable assurance that computer resources are restricted to authorized individuals. At the HEC, the OIG found deficiencies with access controls in the inventory of facility keys as well as in logging administrative actions, log retention, and log reviews.
The OIG made five recommendations aimed at correcting the identified deficiencies.
| Report Date | Agency Reviewed / Investigated | Report Title | Type | Location | |
|---|---|---|---|---|---|
| Department of Veterans Affairs | Inspection of Information Security at the Health Eligibility Center in Atlanta, Georgia | Inspection / Evaluation |
|
View Report | |
| Architect of the Capitol | Student Loan Repayment Program Violations | Investigation | Agency-Wide | View Report | |
| U.S. Agency for International Development | Financial Audit of USAID Resources Managed by Gnration Femme du 3me Millnaire in Cte d'Ivoire Under Cooperative Agreement 72062423CA00002, January 1 to December 31, 2023 | Other | Agency-Wide | View Report | |
| U.S. Agency for International Development | Financial Closeout Audit of USAID Resources Managed by West African Health Organisation in Multiple Countries, Under Cooperative Agreement AID-624-A-15-00001, January 1 to June 30, 2023 | Other | Agency-Wide | View Report | |
| U.S. Agency for International Development | Financial Audit of USAID Resources Managed by St. John's Community Centre in Kenya, Under Multiple Awards, January 1 to December 31, 2023 | Other |
|
View Report | |
| U.S. Agency for International Development | Financial Audit of USAID Resources Managed by The AIDS Support Organization Uganda Limited Under Multiple Awards, January 1 to December 31, 2023 | Other |
|
View Report | |
| U.S. Agency for International Development | Financial Audit of USAID Resources Managed by Family AIDS Caring Trust in Zimbabwe Under Multiple Awards, April 1 to December 31, 2023 | Other |
|
View Report | |
| Inter-American Foundation | Audit of IAF's Financial Statements for Fiscal Years 2024 and 2023 | Audit |
|
View Report | |
| Department of Health & Human Services | Washington State's Oversight Could Better Ensure That Adult Family Homes Comply With Health and Safety and Administrative Requirements | Audit | Agency-Wide | View Report | |
| Department of Transportation | Quality Control Review of the Independent Auditor's Report on the Great Lakes St. Lawrence Seaway Development Corporation's Audited Financial Statements for Fiscal Years 2024 and 2023 | Audit | Agency-Wide | View Report | |
