Skip main navigation

Military Health System

Clear Your Browser Cache

This website has recently undergone changes. Users finding unexpected concerns may care to clear their browser's cache to ensure a seamless experience.

Skip subpage navigation

Information Assurance


The Military Health System (MHS) Chief Information Officer (CIO) is committed to upholding the highest standards of Information Assurance (IA) to protect and maintain the confidentiality of patient information, as well as the defense of our information systems. In doing so, we will ensure that our Information Systems (ISs) and Networks are in compliance with the Department of Defense (DOD) IA policies, guidance, and standards, e.g. Federal Information Security Management Act (FISMA), and ensure that the concepts in the DOD Global Information Grid (GIG) are interwoven throughout our efforts.

The MHS IA program includes developing and implementing IA policies, procedures, and programs. The MHS IA program also includes identifying technical standards necessary to acquire, protect, manage, integrate, and secure information technology systems across the MHS environment.


The MHS IA mission ensures the integrity, availability, confidentiality, non-repudiation, and authentication of MHS information technology (IT) Information Systems (ISs). The MHS IA mission supports military readiness and peacetime healthcare, certifies and accredits centrally managed applications, and communicates security related IT issues or items of interest affecting the DOD. The MHS IA mission provides testing and verification, and assures adequate security controls for information technology systems supporting the DOD in the accomplishment of its healthcare mission.


  • Ensures the integrity, availability, confidentiality, non-repudiation, and authentication of MHS ISs and networks supporting military readiness and peacetime healthcare.
  • Develops IA policies and implementation guidance in accordance with Federal and DOD AIS security regulations, as well as creating policies based on the effectiveness of existing MHS IA best practices and policies.
  • Performs certifications and accreditations of centrally managed AISs and networks; communicates security related IA issues or items of interest affecting the MHS; and tests, verifies, and assures that adequate security controls exist within the IT systems supporting the MHS.
  • Provides guidance on IA responsibilities and procedures to MHS AIS users and external partners.
  • Develops MHS IA architecture, ensuring that it is compliant with DOD and other Federal IA policies and guidance.
  • Provides oversight of the implementation of the Information Assurance Vulnerability Alert (IAVA) process within the MHS.


  • Certification and Accreditation support for MHS networks and applications.
  • Analysis and enhancements of the current Information Assurance Program.
  • Development of security policies and standards including website administration, wireless, and patient data sharing and transferring.
  • Development of security architecture.
  • Interpret and provide IA policy to the MHS community as needed.
  • The MHS IA program office hosts quarterly IA Working Group (IAWG) meetings. The IAWG is a forum for discussion and distribution of information concerning IA initiatives.
  • The Information Assurance Vulnerability Management (IAVM) program provides the MHS with both notice of potential vulnerabilities to its systems and networks, and a registration and tracking system to record which Defense Health Agency assets have applied patches.
Last Updated: July 11, 2023
Follow us on Instagram Follow us on LinkedIn Follow us on Facebook Follow us on X Follow us on YouTube Sign up on GovDelivery