Cyber Authorization Memo Generation
Description
VA cybersecurity staff are challenged with managing and staying updated with an extensive array of documentation related to policies, processes, directives, and frameworks (which are essential for maintaining compliance and ensuring the security and privacy of VA information systems). The VA Risk Management Framework (RMF) program continues to rely on human decision-making for risk-based decisions. This human-centric approach requires extensive involvement from various roles and generation/consumption of large amounts of artifacts and staffing resources.
Detailed example
Compliance checklist results with policy references and recommendations. Automated authorization documentation.
AI / analytics pattern
Classical/Predictive Machine Learning: Models trained on data to make predictions or classifications based on identified patterns or relationships.
Automation level / stage
a) Pre-deployment – The use case is in a development or acquisition status.
Expected benefit
This tool will significantly reduce the time required for memo generation, saving hours of work for each memo signed. By implementing AI in these use cases, EHRM aims to streamline processes, improve efficiency, and reduce the workload on both cyber personnel and administrative staff.
Controls / human review
ATO: Not reported; PIA: Not published