Sunday, December 22, 2024

VA RFI: Enterprise Governance, Risk and Compliance

Notice ID 36C10B24Q0024

The Department of Veterans (VA) Office of Information & Technology Office of Information Security, Information Security Risk Management has a requirement for an Enterprise Governance, Risk, and Compliance (GRC) tool to support the VA in managing security policies, controls, risks, assessments, and weaknesses through a single platform. The goal is to improve capability over the current GRC solution resulting in:

  • Greater visibility into assets
  • Seamless integration of vulnerability, compliance, and asset management
  • Increased automation of routine human assessment and authorization tasks to include but not limited to real time Compliance and Risk monitoring; automated generation of system documentation to include but not limited to System Security Plan (SSP), Contingency Plan (CP) Testing and Reporting, etc.; automated creation and updating of Plans of Action and Milestones (POA&Ms), etc. Ultimately, these improvements will reduce the timeline to obtain an authority to operate (ATO), reduce risk to the VA enterprise, and enhance security of systems and assets (i.e., end points).

Read more here.

[related-post]

LEAVE A REPLY

Please enter your comment!
Please enter your name here

FedHealthIT Xtra – Find Out More!

Recent News

Don’t Miss A Thing

Subscribe to our mailing list

* indicates required