Bill > HR7299

This bill, the Strengthening VA Cybersecurity Act of 2022 (SVAC Act of 2022), requires the Secretary of Veterans Affairs to obtain an independent cybersecurity assessment of five high-impact information systems and the Department of Veterans Affairs' (VA) information security program and management system. The assessment must analyze the VA's ability to ensure the confidentiality, integrity, and availability of its information and systems, and protect against various cyber threats, including advanced persistent threats, ransomware, denial of service attacks, insider threats, and threats from foreign actors. The VA must then submit a plan to address the findings of the assessment, including improvements to security controls and the information security program, along with a cost estimate and timeline for implementation. The Comptroller General of the United States is also required to evaluate and review the independent assessment and the VA's response, and provide a briefing with any recommendations to the relevant congressional committees.