VA Information Systems: The Austin Automation Center Has

United States Government Publishing Office publisher pbl distributor dst United States Government Accountability Office Accounting and Information Management Division author aut Government Organization text government publication eng GAOREPORTS Legislative Agency Publications gao legislative 2010-08-12 U.S. Government Printing Office 1999-06-08 monographic deposited born digital 22 p. GA 1.13:AIMD-99-161 https://www.govinfo.gov/app/details/GAOREPORTS-AIMD-99-161 P0b002ee1803994ae f:aimd9916 DGPO 2010-08-12 2011-03-24 GAOREPORTS-AIMD-99-161 machine generated eng fdlp REPORT GAOREPORTS-AIMD-99-161 AIMD-99-161 Computer security Information systems Confidential communication Information resources management Financial management systems Internal controls Veterans benefits Letter Report AIMD D99161 VA Information Systems: The Austin Automation Center Has Pursuant to a legislative requirement, GAO assessed the effectiveness of information system general controls at the Department of Veterans Affairs' (VA) Austin Automation Center (AAC).<p/>GAO noted that: (1) AAC had made substantial progress in correcting specific computer security weaknesses that GAO identified in its previous evaluation of information system controls; (2) AAC had established a solid foundation for its computer security planning and management program by creating a centralized computer security group, developing a comprehensive security policy, and promoting security awareness; (3) however, AAC had not yet established a framework for continually assessing risks and routinely monitoring and evaluating the effectiveness of information system controls; (4) GAO also identified additional computer security weaknesses that increased the risk of inadvertent or deliberate misuse, fraudulent use, improper disclosure, and destruction of financial and sensitive veteran medical and benefit information on AAC systems; (5) an effective computer security planning and management program would have allowed AAC to identify and correct the types of additional weaknesses that GAO identified; (6) in addition, AAC continues to run the risk that unauthorized access may not be detected because it had not established a program to identify and investigate unusual or suspicious patterns of successful access to sensitive data and resources; (7) these weaknesses could also affect other agencies that depend on AAC information technology services; (8) AAC was very responsive to addressing new security exposures identified and corrected several weaknesses before GAO's fieldwork was completed; (9) the Acting Assistant Secretary for Information Technology said VA would implement all of GAO's recommendations by September 30, 1999; and (10) addressing the remaining issues will help ensure that an effective computer security environment is achieved and maintained. https://www.govinfo.gov/content/pkg/GAOREPORTS-AIMD-99-161/html/GAOREPORTS-AIMD-99-161.htm https://www.govinfo.gov/content/pkg/GAOREPORTS-AIMD-99-161/pdf/GAOREPORTS-AIMD-99-161.pdf GAO/AIMD-99-161 https://www.govinfo.gov/app/details/GAOREPORTS-AIMD-99-161 Letter Report GAO/AIMD-99-161; VA Information Systems: The Austin Automation Center Has; Computer security Information systems Confidential communication Information resources management Financial management systems Internal controls Veterans benefits