Mobile devices are creating new cybersecurity risks for agencies across government, but the Veterans Affairs Department is doing a good job protecting the thousands of devices in its ecosystem, according to an internal watchdog.
Today, the department is responsible for managing more than 50,000 mobile devices, many of which contain sensitive personal information on veterans. As such, the consequences of an intrusion could be devastating. But a recent VA Inspector General audit found the agency had largely succeeded in closing security gaps within its mobile network.
The Office of Information Technology’s “security practices for mobile devices generally mitigated security control weaknesses associated with mobile devices used in VA’s network infrastructure,” auditors said in a report published Tuesday.
The audit comes as good news for the department, which has historically struggled to manage its technology systems.
According to the IG, the agency’s security practices met the federal requirements for four of the five categories the Government Accountability Office uses to assess IT security: security management, access controls, segregation of duties and contingency planning. They found the department still had room for improvement in the fifth category, configuration management.
By relying on a single vendor—Apple—to provide all the department’s devices, officials avoided many of the vulnerabilities that come with managing a more diverse mobile ecosystem, auditors said. The agency also relies on a single mobile device management platform, which lets them easily control the security protocols and access credentials on each of those devices, they said ..
Support the originator by clicking the read the rest link below.
