An audit conducted by the Office of Inspector General (OIG) of the U.S. Department of Veterans Affairs (VA) has confirmed that only 16% of encryption software licenses purchased between 2006 and 2011 have been installed on the department's computers.
The audit was initiated as a result of an anonymous hotline tip made in October 2011. The complainant alleged that the VA had used the software to encrypt only 40,000 out of some 450,000 laptop and desktop computers.
In August 2006, the secretary of the VA mandated that the Office of Information Technology (OIT) encrypt all laptops by September 2006. OIT said it installed the software on 25,000 to 30,000 laptops by the September deadline but ran into difficulties when attempting to install the software on desktop computers.
A report of the audit published on October 11 determined that OIT had not installed 335,000 encryption software licenses (Systems Made Simple, GuardianEdge) that had been purchased in August 2006 and in April 2011 at a total cost of $4.7 million.
An additional $1.2 million was subsequently spent to extend the maintenance agreements for 300,000 licenses purchased.
The audit determined that OIT had failed to test the encryption software to verify compatibility with all the computers on which the software would be installed, it lacked staff to perform the installations, and there was a lack of project monitoring.
As of August 2012, OIT was assessing whether the encryption software was compatible with the VA's current operating systems. It could not provide assurance that the remaining 335,000 licenses could be used.
Click here to access the report.
