Department of Veteran Affairs 2021 – Federal Register Recent Federal Regulation Documents

VA is amending the current system of record (SOR) (173VA005OP2) the Department of Veterans Affairs (VA) Mobile Application Environment (MAE) by renaming it VA Enterprise Cloud Mobile Application Platform (VAEC-MAP). The VA MAE has been replaced by VAEC-MAP. VA changed Information Technology providers from Terremark to Amazon Web Services (AWS). In addition, the system location has changed. We are restating the routine uses in full and revising the language to make routine uses align with recent Office of Management and Budget (OMB) guidelines and making minor editorial changes to more clearly articulate uses and to align with standardized VA routine use language. VA is republishing the system notice in its entirety. VAEC- MAP is a cloud hosted system that provides the infrastructure and hosting platform for Mobile Shared Services (i.e., common services used for Mobile applications) and web components of applications used on Mobile devices. Mobile applications connect to VA enterprise services using the VAEC MAP Mobile Shared Services. Mobile applications such as Video Visits Service (VVS), Veteran Affairs Online Scheduling (VAOS), Patient Viewer (PV), and Veteran Affairs Video Connect (VVC) leverage this platform, pipeline, and hosting environment to provide a coordinated scheduling and notification capability to Staff and Veterans among other resources. VAEC-MAP uses the VAEC AWS cloud environment to provide an automated platform and pipeline for the development and hosting of production VA mobile applications. VAEC Common shared services, such as BigFix, Nessus, Splunk, and AD, are leveraged to provide security control implementation and system security visibility to the VA teams responsible for ensuring the security of VA systems. Administrative users of the VAEC-MAP environment must authenticate to the VA (Citrix Access Gateway or RESCUE) via Personal Identification Verification before using access keys and Identity and Access Management multi-factor authentication to gain access into the environment. System Administrators access the VA network using VA managed Government Furnished Equipment through Virtual Private Network connections to the VA Local Area Network and are authenticated using an Active Directory system managed by VA Network Security Operations Center. Encrypted communications protocols and ports are employed to protect information flowing across the VA network. All system access is managed via Role Based Access Control deployed separately within the environment and adheres to the Least Privilege Principal for all user accounts regardless of role. VAEC-MAP user account management adheres to VA policy or exceeds VA Policy where applicable.