Veterans Information Security Improvement Act

2014-04-02

Introduced in House

Veterans Information Security Improvement Act - Directs the Secretary of Veterans Affairs to: (1) carry out certain information security activities, (2) ensure that officials and staff of the Department of Veterans Affairs (VA) possess specified qualifications in such areas, and (3) coordinate the staffing of related information technology and security offices.

Requires the Secretary to ensure that: (1) the Assistant Secretary for Information and Technology, the head of the Office of Information Security (OIS), and relevant field staff possess certain levels of information technology education, certifications, and experience; (2) Office of Information and Technology (OIT) staff are assigned to the OIS; and (3) subordinate OIT offices maintain appropriate information security functions.

Directs the Secretary to ensure that subordinate OIT offices maintain functions to: (1) integrate the VA's security architecture into the VA's overall enterprise architecture strategy, (2) restrict the development of new data warehouses and data marts holding sensitive personal information of veterans, and (3) reduce the number of data marts holding such personal information.

Defines: (1) "data mart" as a subset of a data warehouse that contains information for a specific entity of an organization rather than the entire organization, and (2) "data warehouse" as a collection of data designed to support management decision making that contains a wide variety of data presenting a coherent picture of business conditions for an entire organization at a single point in time and whose development includes systems to extract data from operating systems plus installation of a warehouse database system that provides managers flexible access to the data.

Requires the Secretary to safeguard VA network infrastructure, computers, and servers.

Directs the Secretary to protect the confidentiality of sensitive personal information of veterans by: (1) providing upgrades or phaseouts of outdated or unsupported operating systems to protect against harmful viruses and malicious software, and (2) securing VA web applications and the Veterans Health Information Systems and Technology Architecture (commonly referred to as the "Vista system," which allows for an integrated inpatient and outpatient electronic health record for patients and provides administrative tools to VA employees).

Directs the Secretary to submit certifications to Congress regarding the VA's compliance with information security requirements, including actions required by the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB).

Requires the Secretary to submit monthly reports to Congress regarding security vulnerabilities discovered after performing regular scans of VA computers and servers.

]]>

text/xml EN Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain. Congressional Research Service, Library of Congress This file contains bill summaries for federal legislation. A bill summary describes the most significant provisions of a piece of legislation and details the effects the legislative text may have on current law and federal programs. Bill summaries are authored by the Congressional Research Service (CRS) of the Library of Congress. As stated in Public Law 91-510 (2 USC 166 (d)(6)), one of the duties of CRS is "to prepare summaries and digests of bills and resolutions of a public general nature introduced in the Senate or House of Representatives". For more information, refer to the User Guide that accompanies this file.