Skip to main content
Report File
Date Issued
Submitting OIG
Department of Veterans Affairs OIG
Other Participating OIGs
Department of Veterans Affairs OIG
Agencies Reviewed/Investigated
Department of Veterans Affairs
Components
Office of Information and Technology
Report Number
21-03305-139
Report Description

The VA Office of Inspector General (OIG) conducts information technology (IT) inspections to assess whether VA facilities are meeting federal security requirements. They are typically conducted at selected facilities that have not been assessed in the sample for the annual audit required by the Federal Information Security Modernization Act of 2014 (FISMA) or at facilities that previously performed poorly. The OIG selected the Dallas Consolidated Mail Outpatient Pharmacy (CMOP) because it had not been previously visited as part of the annual FISMA audit.The OIG inspections are focused on four security control areas that apply to local facilities and have been selected based on their level of risk: configuration management controls, contingency planning controls, security management controls, and access controls. The OIG found deficiencies in configuration management and access controls at the Dallas CMOP, but none in contingency planning or security management controls.Without effective configuration management, users do not have adequate assurance that the system and network will perform as intended and to the extent needed to support the CMOP’s missions. The access control deficiencies create risks of unauthorized access to critical network resources, inability to respond effectively to incidents, loss of personally identifiable information, or loss of life.The OIG made 10 recommendations to the Dallas CMOP director aimed at fixing the control deficiencies. The assistant secretary for information and technology provided comments for the Dallas CMOP. The assistant secretary concurred with nine recommendations and did not concur with one recommendation. The OIG disagrees with the nonconcurrence.

Report Type
Inspection / Evaluation
Location

Dallas, TX
United States

Number of Recommendations
0
Questioned Costs
$0
Funds for Better Use
$0

Open Recommendations

This report has 1 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
05 Yes $0 $0

Remove or disable group accounts to comply with established requirements and criteria.

Department of Veterans Affairs OIG

United States