Congress 114 - HR 1017 - Veterans Information Security Improvement Act

Sponsor

Cosponsors

Topics

Advanced technology and technological innovations Armed Forces and National Security Computer security and identity theft Computers and information technology Department of Veterans Affairs Federal officials Government information and archives Health information and medical records Internet and video services Internet, web applications, social media Right of privacy Veterans' medical care

Full Text

View Full Bill Text

Votes

Summary

Veterans Information Security Improvement Act

Directs the Secretary of Veterans Affairs to: (1) carry out certain information security activities, (2) ensure that officials and staff of the Department of Veterans Affairs (VA) possess specified qualifications in such areas, and (3) coordinate the staffing of related information technology and security offices.

Requires the Secretary to ensure that: (1) the Assistant Secretary for Information and Technology, the head of the Office of Information Security (OIS), and relevant field staff possess certain levels of information technology education, certifications, and experience; (2) Office of Information and Technology (OIT) staff are assigned to the OIS; and (3) subordinate OIT offices maintain appropriate information security functions.

Directs the Secretary to ensure that subordinate OIT offices maintain functions to: (1) integrate the VA's security architecture into the VA's overall enterprise architecture strategy, (2) restrict the development of new data warehouses and data marts holding sensitive personal information of veterans, (3) reduce the number of data marts holding such personal information, and (4) deploy an incident response capability.

Defines:

"data mart" as a subset of a data warehouse that contains information for a specific entity of an organization rather than the entire organization, and
"data warehouse" as a collection of data designed to support management decision making that contains a wide variety of data presenting a coherent picture of business conditions for an entire organization at a single point in time and whose development includes systems to extract data from operating systems plus installation of a warehouse database system that provides managers with flexible data access.

Requires the Secretary to safeguard VA network infrastructure, computers, and servers.

Directs the Secretary to protect the confidentiality of sensitive personal information of veterans by:

providing upgrades or phaseouts of outdated or unsupported operating systems to protect against harmful viruses and malicious software; and
securing VA web applications and the Veterans Health Information Systems and Technology Architecture (commonly referred to as the "Vista system," which allows for an integrated inpatient and outpatient electronic health record for patients and provides administrative tools to VA employees).

Directs the Secretary to submit certifications to Congress regarding the VA's compliance with information security requirements, including actions required by the National Institute of Standards and Technology and the Office of Management and Budget.

Requires the Secretary to submit monthly reports to Congress regarding security vulnerabilities discovered after performing regular scans of VA computers and servers.

Actions

Apr 21, 2015

Forwarded by Subcommittee to Full Committee in the Nature of a Substitute (Amended) by Voice Vote .
Apr 21, 2015

Subcommittee Consideration and Mark-up Session Held.
Mar 19, 2015

Subcommittee Hearings Held.
Mar 13, 2015

Referred to the Subcommittee on Oversight and Investigations.
Feb 20, 2015

Referred to the House Committee on Veterans' Affairs.
Feb 20, 2015

Introduced in House

Amendments

Related Bills