The Department of Veterans Affairs (VA) is seeking an in-depth cybersecurity audit of its Financial Services Center to analyze its compliance with Federal statutes, how the agency is adapting processes to support compliance, and cybersecurity sustainment across VA.
According to an August 7 request for information (RFI), the audit will cover all financial services IT components. The Financial Services Center provides financial management services to VA and other Federal agencies.
“The contractor shall support assessments of cybersecurity programs to include the impact of those policies and procedures on compliance analytics projects, inclusive of compliance, strategy, sustainment, and vulnerability consulting services,” VA states in the RFI.
The audit will result in a gap analysis on which cybersecurity tools, processes, and controls VA should be using, and recommendations on how VA can improve visibility into cyber incidents. The contractor will also provide vulnerability assessment consulting services to VA on areas including application security testing, DevSecOps, and network architecture review.
VA is accepting responses to the RFI until August 11. The agency plans to award a contract through its Transformation Twenty-One Total Technology Next Generation acquisition program.