OMB Individually Reported

Cyber Authorization Memo Generation

High riskExact public inventory row

Description

VA cybersecurity staff are challenged with managing and staying updated with an extensive array of documentation related to policies, processes, directives, and frameworks (which are essential for maintaining compliance and ensuring the security and privacy of VA information systems). The VA Risk Management Framework (RMF) program continues to rely on human decision-making for risk-based decisions. This human-centric approach requires extensive involvement from various roles and generation/consumption of large amounts of artifacts and staffing resources.

Detailed example

Compliance checklist results with policy references and recommendations. Automated authorization documentation.

AI / analytics pattern

Classical/Predictive Machine Learning: Models trained on data to make predictions or classifications based on identified patterns or relationships.

Automation level / stage

a) Pre-deployment – The use case is in a development or acquisition status.

Expected benefit

This tool will significantly reduce the time required for memo generation, saving hours of work for each memo signed. By implementing AI in these use cases, EHRM aims to streamline processes, improve efficiency, and reduce the workload on both cyber personnel and administrative staff.

Controls / human review

ATO: Not reported; PIA: Not published