Notice ID 36C10B24Q0024
The Department of Veterans (VA) Office of Information & Technology Office of Information Security, Information Security Risk Management has a requirement for an Enterprise Governance, Risk, and Compliance (GRC) tool to support the VA in managing security policies, controls, risks, assessments, and weaknesses through a single platform. The goal is to improve capability over the current GRC solution resulting in:
- Greater visibility into assets
- Seamless integration of vulnerability, compliance, and asset management
- Increased automation of routine human assessment and authorization tasks to include but not limited to real time Compliance and Risk monitoring; automated generation of system documentation to include but not limited to System Security Plan (SSP), Contingency Plan (CP) Testing and Reporting, etc.; automated creation and updating of Plans of Action and Milestones (POA&Ms), etc. Ultimately, these improvements will reduce the timeline to obtain an authority to operate (ATO), reduce risk to the VA enterprise, and enhance security of systems and assets (i.e., end points).
