Information Security: VA and Other Federal Agencies Need to Address Significant Challenges

" in fiscal year 2018, inspectors general (IGs) used a five-level maturity model to rate agency information security policies, procedures, and practices related to the five core security functions— identify , protect , detect , respond , and recover —established by the National Institute of Standards and Technology's cybersecurity framework. VA's ratings were generally consistent with the ratings of other major agencies (see figure) and its information security program was one of 18 agency programs that IGs deemed ineffective."

If you look at the highlights tab of the report page, you will see the VA is poor at detecting security intrusions, and just so-so compared to other Federal agencies in the security standards. Reminds me of them using me as a perimeter guard in boot camp. What do I know about security? They need the best software and management to find out what break-ins happen to their system.
You can also download more detailed reports.