Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · U.S. Code · Title 38 - VETERANS’ BENEFITS · CHAPTER 57— RECORDS AND INVESTIGATIONS · SUBCHAPTER III— INFORMATION SECURITY · § 5722

§ 5722. Policy

447 words·~2 min read·/usc/title-38/section-5722

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

(a)In General.— The security of Department information and information systems is vital to the success of the mission of the Department. To that end, the Secretary shall establish and maintain a comprehensive Department-wide information security program to provide for the development and maintenance of cost-effective security controls needed to protect Department information, in any media or format, and Department information systems.
(b)Elements.— The Secretary shall ensure that the Department information security program includes the following elements:
(1)Periodic assessments of the risk and magnitude of harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the Department.
(2)Policies and procedures that—
(A)are based on risk assessments;
(B)cost-effectively reduce security risks to an acceptable level; and
(C)ensure that information security is addressed throughout the life cycle of each Department information system.
(3)Selection and effective implementation of minimum, mandatory technical, operational, and management security controls, or other compensating countermeasures, to protect the confidentiality, integrity, and availability of each Department system and its information.
(4)Subordinate plans for providing adequate security for networks, facilities, systems, or groups of information systems, as appropriate.
(5)Annual security awareness training for all Department employees, contractors, and all other users of VA sensitive data and Department information systems that identifies the information security risks associated with the activities of such employees, contractors, and users and the responsibilities of such employees, contractors, and users to comply with Department policies and procedures designed to reduce such risks.
(6)Periodic testing and evaluation of the effectiveness of security controls based on risk, including triennial certification testing of all management, operational, and technical controls, and annual testing of a subset of those controls for each Department system.
(7)A process for planning, developing, implementing, evaluating, and documenting remedial actions to address deficiencies in information security policies, procedures, and practices.
(8)Procedures for detecting, immediately reporting, and responding to security incidents, including mitigating risks before substantial damage is done as well as notifying and consulting with the US-Computer Emergency Readiness Team of the Department of Homeland Security, law enforcement agencies, the Inspector General of the Department, and other offices as appropriate.
(9)Plans and procedures to ensure continuity of operations for Department systems.
(c)Compliance With Certain Requirements.— The Secretary shall comply with the provisions of subchapter III of chapter 35 of title 44 and other related information security requirements promulgated by the National Institute of Standards and Technology and the Office of Management and Budget that define Department information system mandates.
(Added Pub. L. 109–461, title IX, § 902(a), Dec. 22, 2006, 120 Stat. 3450.)
Connections2 cite this
2 references not yet in our index
  • Pub. L. 109–461, title IX, § 902(a)
  • 120 Stat. 3450
Citation graph
cites case law
§ 5722
Policy
Fed. Reg.×2
Pub. L.Pub. L. 109–461, title IX, § 902(a)
Stat.120 Stat. 3450
Cites 2Cited by 2 across 1 source
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.