Identifying, Remediating and Preventing IT Risks
The nation’s largest hospital system, the Department of Veteran Affairs (VA), is implementing its Continuous Readiness in Information Security Program (CRISP), which is designed to reduce information security risks across the VA enterprise infrastructure.
xScion supports CRISP’s goals across the nation to:
- Help the VA identify and mitigate existing security vulnerabilities and weaknesses
- Conduct vulnerability assessments and support VA contingency plans to address potential IT security threats
- Provide operational infrastructure enhancements under the VA’s direction
- Support the VA’s effort to accelerate compliance with data privacy and information security regulations
- Improve communication and coordination between IT teams across the VA
As part of the VA’s CRISP, xScion supports the IT security vulnerability remediations of thousands of virtual and physical systems across the VA enterprise infrastructure.
Enterprise Predictive Scans
xScion helps ensure the VA’s internal databases are compliant and secure, including:
- Daily assessments and patch deployments as needed on systems and COTS applications to ensure the strongest and most up-to-date security posture
- Coordination of security hardening for specialized applications including site approvals and/or vendor communication to eliminate risk of system or application outages
xScion helps the VA facilities and hospital locations within each region prepare for Office of Inspector General (OIG) audits, ensures onsite compliance on all systems and devices within local departments, and expedites mitigation for any areas needing remediation.
- Assists with preparatory efforts for inspection locations to determine all vulnerabilities per site, organizational branch and department within each site
- Documents and performs remediations for all findings within expedited time constraints of the audit
- Develops Plan of Action and Milestones (POAMs) for any unresolvable findings
xScion helps ensure the VA achieves and remains compliant with HIPAA, FISMA, NIST and internal regulations for PII/PHI.
- Assesses internal dashboard daily to identify and remediate Top 100 servers with highest levels of vulnerabilities
- Ensures compliance against prohibited, unapproved and unauthorized software with removals or software updates for any issues identified
- Assists with the elimination of unsupported Windows 2000/2003 systems