Skip to main content
HR 4370 113th Congress House Armed Forces and National Security Advanced technology and technological innovations Computer security and identity theft Computers and information technology Department of Veterans Affairs Federal officials Government information and archives Health information and medical records Internet and video services Internet, web applications, social media Right of privacy Veterans' medical care

Veterans Information Security Improvement Act

Introduced: April 2, 2014 See on congress.gov
Sign in to write a letter Sign in to watch
 Everywhere this bill has been 3 steps
Introduced
In committee
Reported out
Passed House
Passed Senate
To President
Became law
Apr 4, 2014
Referred to the Subcommittee on Oversight and Investigations.
Apr 2, 2014
Referred to the House Committee on Veterans' Affairs.
Apr 2, 2014
Introduced in House
 Plain-English summary Congressional Research Service

Veterans Information Security Improvement Act - Directs the Secretary of Veterans Affairs to: (1) carry out certain information security activities, (2) ensure that officials and staff of the Department of Veterans Affairs (VA) possess specified qualifications in such areas, and (3) coordinate the staffing of related information technology and security offices.

Requires the Secretary to ensure that: (1) the Assistant Secretary for Information and Technology, the head of the Office of Information Security (OIS), and relevant field staff possess certain levels of information technology education, certifications, and experience; (2) Office of Information and Technology (OIT) staff are assigned to the OIS; and (3) subordinate OIT offices maintain appropriate information security functions.

Directs the Secretary to ensure that subordinate OIT offices maintain functions to: (1) integrate the VA's security architecture into the VA's overall enterprise architecture strategy, (2) restrict the development of new data warehouses and data marts holding sensitive personal information of veterans, and (3) reduce the number of data marts holding such personal information.

Defines: (1) "data mart" as a subset of a data warehouse that contains information for a specific entity of an organization rather than the entire organization, and (2) "data warehouse" as a collection of data designed to support management decision making that contains a wide variety of data presenting a coherent picture of business conditions for an entire organization at a single point in time and whose development includes systems to extract data from operating systems plus installation of a warehouse database system that provides managers flexible access to the data.

Requires the Secretary to safeguard VA network infrastructure, computers, and servers.

Directs the Secretary to protect the confidentiality of sensitive personal information of veterans by: (1) providing upgrades or phaseouts of outdated or unsupported operating systems to protect against harmful viruses and malicious software, and (2) securing VA web applications and the Veterans Health Information Systems and Technology Architecture (commonly referred to as the "Vista system," which allows for an integrated inpatient and outpatient electronic health record for patients and provides administrative tools to VA employees).

Directs the Secretary to submit certifications to Congress regarding the VA's compliance with information security requirements, including actions required by the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB).

Requires the Secretary to submit monthly reports to Congress regarding security vulnerabilities discovered after performing regular scans of VA computers and servers.

What's happening now April 4, 2014

Referred to the Subcommittee on Oversight and Investigations.

 Committees of jurisdiction 2
 Cosponsors 6
All 6 Republican 6