The U.S Department of Veterans Affairs (VA) is developing a strategic, logical and tactical level VA Enterprise Security Architecture to enable the deployment of new, secure technologies and ensure the confidentiality, integrity, availability and privacy of VA and Veteran data.
- Enterprise security ConOps and framework
- Enterprise security threat modelling framework
- DevSecOps enterprise security framework
- Security guidance for next-gen secure software
The VA Office of Information and Technology, Office of Cybersecurity (OI&T-OIS) is tasked with implementing an enterprise security architecture (ESA) program to define policy and standards and assist in the implementation of those standards to allow the agency to securely adopt new technology and modernize the IT infrastructure. Aptive played a vital role in defining some of the foundational practices, such as the ESA Concept of Operations (ConOps) and framework, which will have lasting impacts on how VA ESA operates and achieves its mission. Aptive also contributed to the strategy for developing Enterprise Security Standards for DevSecOps adoption, paving the way for a new generation of applications and services built and maintained using agile processes, increasing the responsiveness of these teams to respond to emerging security threats as well as better serve the needs of VA and Veterans.
Aptive’s commitment to mission success was critical in the effort, as ESA has broad reaching implementations for stakeholders throughout the VA enterprise including development teams, operations teams and security teams. This required our team to engage with stakeholders across VA, understanding stakeholder needs and challenges and working that into our overall ESA strategy while at the same time building cross-functional relationships to reposition enterprise security as a value-add partner and not a technical debt.
Results and Benefits
The ESA ConOps and framework as well as the DevSecOps security architecture will have a lasting impact on the VA organization as they are defining the cybersecurity working model for the next generation of IT services and systems. These activities are critical for providing the cybersecurity foundation needed to ensure the success of VA’s ongoing IT modernization initiatives which enable VA to fulfill its mission to our Veterans now and in the future.