Skip to main content

VHA Meets FISMA Requirements

The Veterans Health Administration (VHA) needed a modern Enterprise Asset Management system

The Veterans Health Administration (VHA) was beginning National Deployment of a modern Enterprise Asset Management system that contained 1.2 million assets worth over $4 billion at more than 150 VA Medical Centers. VHA turned to their independent trusted advisor, InfusionPoints, and our Assessment & Authorization (A&A) methodology to meet Federal Information Security Management Act (FISMA) and VA HANDBOOK 6500 requirements. Our processes and people obtained a Full Authority to Operate (ATO) for VHA. They faced real challenges in meeting FISMA requirements

  • Number of sites using Production system was scheduled to quickly expand
  • Business impact and System Categorization was unclear
  • Documentation burden overwhelmed Agile technical team

Systematically applied our proven methodology

InfusionPoints drove the accreditation effort by implementing proven processes from the following phases of out A&A methodology.

  • Planning and Initiation procedures centered on kick-off conferences, scope definition, creation of Management Plan and Project Schedule, and establishment of the Security Assessment Plan with Rules of Engagement
  • Assessing procedures focused on the Entrance Brief and execution of the actual Security Assessment of technical
  • Analyzing procedures honed on the Security Assessment Report where artifacts are reviewed, scans analyzed, threats scored, risks categorized, evidence recorded, compensating controls selected, and recommendations made
  • Reporting procedures hinged on the Exit Brief where Assessment efforts, Lessons Learned, successes, challenges, and risk mitigations are presented to stakeholders.

Methodology aligned with standards and regulations and molded by our expertise

Our A&A approach was developed based upon standards, such as NIST SP 800-30, 800-37, 800-53, 800-171, FIPS 140-2, ISO 9001:2008, and ISO 27001. Our tactics has been shaped through their use and refinement with our customers. Our clients have included the Department of Defense, Department of Treasury, commercial firms, and non-profit organizations. This approach represents an effective, efficient, achievable framework that will allow VHA and other clients meet and maintain their FISMA or other information security compliance requirements.


“InfusionPoints, in my opinion, deserves the highest praise for all aspects of what I would deem a federal contractor to be. They have brought immeasurable value to my program and projects. Quality personnel, quality work products, and most importantly: quality thinking, analysis and problem solving. I cannot recommend them to other agencies and efforts strongly enough.” VHA Mgmt. Analyst


“InfusionPoints’ team jumped right in and provided a high level of comfort to our team…They are an extension of our own internal team.”

– IT Director


VHA Case Study Download