Department of Veterans Affairs Information Security Protection Act - Requires the Assistant Secretary of Veterans Affairs for Information and Technology to submit to the congressional veterans committees (under current law, only to the Secretary of Veterans Affairs) quarterly reports on Department of Veterans Affairs (VA) compliance with federally-required information security improvements. Directs the Assistant Secretary to submit to such committees: (1) quarterly, a plan of action to address critical known VA information security vulnerabilities; and (2) annually, a plan for identifying and replacing VA operating systems that are out-of-date or unsupported. Requires the Assistant Secretary to ensure that any software or Internet applications used on VA operating systems are secure from vulnerabilities that could affect the confidentiality of sensitive personal information on veterans. Directs the Secretary to report, quarterly, to such committees on any incidents of failure to comply with established information security policies, any actions taken in response to such incidents, and certain related information. Requires the Secretary to submit a strategic plan for improving VA information security and to update such plan at least every two years.
Requires VA contractors with access to sensitive personal information to provide protective measures to safeguard from possible information security threats any information provided by the VA that will be resident on, or transiting through, information systems controlled by that contractor.
]]>