Enterprise Security


The VA Cybersecurity Operations Center (CSOC) Vulnerability Scanning Team (VST) performs monthly vulnerability scans for the entire VA enterprise as well as vulnerability and compliance scanning of facilities in advance of Office of Inspector General visits. In the event that an ad-hoc or supplemental scan is required to assess a more specific network environment (for example, a facility within a larger campus, all targets related to a GSS or major application, etc.) a supplemental scan request is required in order to coordinate the scan with VST.

Web Application Security Assessments (WASAs) are an in-depth penetration test for common vulnerabilities, such as SQL Injection, Authorization Bypass and Cross-Site Scripting (XSS) within web applications. Depending on the size of the application, WASAs can take an estimated five business days to complete the initial assessment. WASAs cannot be started until the CSOC EAS team receives a completed questionnaire, with working test accounts and a full directory listing.

Note: Please ensure that all URLs and test accounts work before submitting the questionnaire.

Supplemental Scan Request.pdf

(The scan request is available to JIRA account holders only.)