Identity management
vulnerabilities
VA Had Lapses in ICAM Oversight, Inspector General Report Says
A new report revealed that the Department of Veterans Affairs had key lapses in its identity, credential and access management systems and processes due to several factors.
According to the VA Office of the Inspector General, the agency did not work enough with the offices tasked with ICAM oversight. OIG also said that without an adequate government structure, VA will be at risk of limiting information sharing capabilities and leaving information vulnerable for improper use.
The organization also failed to update its directives and guidance regarding ICAM following key changes to ICAM processes. Both human resources and IT offices also refused to take responsibility for ongoing ICAM efforts, FCW reported Tuesday.
Another matter that OIG found was that the VA did not meet three out of four governance requirements outlined by the Office of Management and Budget. These requirements relate to the assignment of ICAM-related responsibilities, the execution of updated digital identity risk management requirements and the implementation of a comprehensive ICAM policy for fiscal years 2020 and 2021.
VA agreed with the OIG report and submitted corrective action plans, which include designating roles and responsibilities for offices. The oversight body said it will continue monitoring the agency’s progress.
Category: Cybersecurity