Feb 19, 2025 · This policy describes what systems and types of research are covered under this policy, how to report the vulnerability, how long VA asks security researchers to wait before publicly …

4 days ago · The VHA Policy Office maintains the content. For any questions, please email the Policy Team: [email protected]. Most documents are available in PDF format. Download Viewer …

Policy and procedures will be established to ensure that requirements for the protection of Controlled Unclassified Information (CUI) processed, stored, or transmitted on external systems are …

Oct 8, 2025 · ICAD conducts personal security vulnerability assessments and target threat assessments to identify foreign or domestic threats against the VA’s Secretary and Deputy Secretary. ICAD …

VA.gov ChooseVA DiscoverVA DigitalVA VA Outreach Events VA Forms VA Publications About VA VA mobile apps Accessibility at VA No FEAR Act data Whistleblower Protection Office of the Inspector …

The vendor shall notify VA within 24 hours of the discovery or disclosure of successful exploits of the vulnerability which can compromise the security of the Systems (including the confidentiality or …

UPDATE TO VA DIRECTIVE 6500 VA CYBERSECURITY PROGRAM PURPOSE: This notice revises the policy in Department of Veterans Affairs (VA) Directive 6500 to address new security …

The contractor/subcontractor shall immediately notify the COTR and simult Officer for the contract of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive system(s) …

Cybersecurity risk management involves properly assessing the risk and making an informed decision on how to address the threat or vulnerability. The Department cannot aford to blindly accept the risk …

Protect VA sensitive information from unauthorized disclosure, use, modification, or destruction, and will use encryption products approved and provided by VA to protect sensitive data.