About the Client
The Department of Veterans Affairs (VA) is a government organization responsible for providing healthcare and benefits to veterans and their families. The Joint Cyber Operation Integration Center (JCOIC) is a part of VA and is responsible for the cybersecurity of VA's IT systems and data. The VA Joint Cyber Operation Integration Center was in need of comprehensive cybersecurity services to ensure the security and protection of the High Value Medical Assets (HVMA) and the successful implementation of the VA Electronic Health Records Modernization (EHRM). The project required a team of experts in a wide range of fields, including the seven-step Risk Management Framework, information assurance, network management, situational awareness and incident response, secure web hosting, backup, security services, and Security Operations Center (SOC) services.
Solution and Outcomes
Varada Consulting provided a wide range of cybersecurity services to the VA Joint Cyber Operation Integration Center, including securing and protecting the High Value Medical Assets (HVMA) and performing Enterprise Risk Assessments (ERA). The project involved a comprehensive approach to cybersecurity, utilizing the National Institute of Standards and Technology (NIST) Risk Management Framework, Cybersecurity Assessment, Zero Trust Architecture, Network Scanning, Vulnerability Scanning, Log Collection and Analysis, Certificate Management, Project Management Body of Knowledge, and Agile Scrum. Our team successfully allowed VA to provide connectivity for HVMA supporting the VA Electronic Health Records Modernization (EHRM) well in advance of site Go Live events.
Tools and Compliance
Methodologies used to perform the work included NIST Risk Management Framework, Cybersecurity Assessment, Zero Trust Architecture, Network Scanning, and Vulnerability Scanning. Tools used included MS Project, MS SharePoint, MS Office Suite, MS Teams, Visio, Power BI, Jira, Wireshark, Webex, and Slack. Compliance was demonstrated with the Risk Management Framework for VA Information Systems and the Food and Drug Administration 510K for medical devices. The project schedules were built on Congressionally mandated milestones and followed the Agile Scrum methodology.