2012 US Code
Title 38 - Veterans Benefits
Part IV - GENERAL ADMINISTRATIVE PROVISIONS (§§ 5100 - 6308)
Chapter 57 - RECORDS AND INVESTIGATIONS (§§ 5701 - 5728)
Subchapter III - INFORMATION SECURITY (§§ 5721 - 5728)
Section 5722 - Policy
Publication Title | United States Code, 2012 Edition, Title 38 - VETERANS BENEFITS |
Category | Bills and Statutes |
Collection | United States Code |
SuDoc Class Number | Y 1.2/5: |
Contained Within | Title 38 - VETERANS BENEFITS PART IV - GENERAL ADMINISTRATIVE PROVISIONS CHAPTER 57 - RECORDS AND INVESTIGATIONS SUBCHAPTER III - INFORMATION SECURITY Sec. 5722 - Policy |
Contains | section 5722 |
Date | 2012 |
Laws in Effect as of Date | January 15, 2013 |
Positive Law | Yes |
Disposition | standard |
Source Credit | Added Pub. L. 109-461, title IX, §902(a), Dec. 22, 2006, 120 Stat. 3450. |
Statutes at Large Reference | 120 Stat. 3450 |
Public Law Reference | Public Law 109-461 |
Download PDF
(a)
(b)
(1) Periodic assessments of the risk and magnitude of harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the Department.
(2) Policies and procedures that—
(A) are based on risk assessments;
(B) cost-effectively reduce security risks to an acceptable level; and
(C) ensure that information security is addressed throughout the life cycle of each Department information system.
(3) Selection and effective implementation of minimum, mandatory technical, operational, and management security controls, or other compensating countermeasures, to protect the confidentiality, integrity, and availability of each Department system and its information.
(4) Subordinate plans for providing adequate security for networks, facilities, systems, or groups of information systems, as appropriate.
(5) Annual security awareness training for all Department employees, contractors, and all other users of VA sensitive data and Department information systems that identifies the information security risks associated with the activities of such employees, contractors, and users and the responsibilities of such employees, contractors, and users to comply with Department policies and procedures designed to reduce such risks.
(6) Periodic testing and evaluation of the effectiveness of security controls based on risk, including triennial certification testing of all management, operational, and technical controls, and annual testing of a subset of those controls for each Department system.
(7) A process for planning, developing, implementing, evaluating, and documenting remedial actions to address deficiencies in information security policies, procedures, and practices.
(8) Procedures for detecting, immediately reporting, and responding to security incidents, including mitigating risks before substantial damage is done as well as notifying and consulting with the US-Computer Emergency Readiness Team of the Department of Homeland Security, law enforcement agencies, the Inspector General of the Department, and other offices as appropriate.
(9) Plans and procedures to ensure continuity of operations for Department systems.
(c)
(Added Pub. L. 109–461, title IX, §902(a), Dec. 22, 2006, 120 Stat. 3450.)
Disclaimer: These codes may not be the most recent version. The United States Government Printing Office may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the US site. Please check official sources.