External Connections Site Survey

This training is design for field site engineers to use in performing external connections site surveys at various Veterans Health Administration (VHA) medical facilities throughout the continental United States.

This initiative supports the 

Continuous Readiness in Information Security Program (CRISP)
Remediation Services Support (RSS)


This online guide will help you to learn how to deal with external connections at VHA medical facilities

Training outline

Training Outline


External Connections Site Survey Presentation

Best Practices for locating external connections at VBA facilities




Untitled content 2

Connection Types

  • Refer to:
    • VA External Connection Topology_Final_041316

Untitled content 3

Site Interview

  • Prior to scheduling a survey we will conduct a Lync interview with the FCIO, ISO and Lan Manager.
    • Who will be on the call?
      • The EC Project Coordinator, EC team members, and the local ASMR resource.
    • From this interview:
      • we will determine if a site visit is necessary.

Untitled content 4


Untitled content 5

Site Survey

Untitled content 6

Data Collection

  • Data Call Worksheet
    • Complete as many fields as possible for each connection.
  • Daily Reporting
    • Send an email to your External connections POC daily. Briefly sum up the day’s events. Include the number of External connections found and the number of closets visited.
  • Additional Data
    • Collect data from all of the equipment using the connection.
      • Equipment Model
      • Name or Host Name
      • Serial Number
      • Location Building/Room
      • Is it VA owned Yes or No

Untitled content 7

Data Collection 2

  • Example of additional data
    • Organization: VA Police NCIC Air-gapped
      • Connection type: 56K Frame Relay
      • Circuit ID: 09DHZX629627
      • Program Manager/Signee: Chief Cockrell, Charles V.
      • Function: This 56K Frame Relay connection is used by the Tampa VA Police to connect to the Florida State Police criminal Database.

Type of Device

Name of Device

Serial Number



Non-VA Equipment (check box if yes)

Dell Optiplex 760



Mneumonic: F29810001

VA Police

Bldg 1 Room 1A-314

Dell Optiplex 760



Mneumonic: F29810008

VA Police

Bldg 42 Room 112

Cisco 1700 /w DSU



VA Police

Bldg 1 Room 1A-114b

Untitled content 8

VHA Site Surveys

  • Check for the Latest Best Practices Document.
    • This is a living document that is constantly being updated from lessons learned in the field.
  • Refer to your External Connections team POC for additional Guidance.
    • VHA surveys are long. Often taking a week to complete.
    • An External connections team member will be the lead on these surveys and request assistance as needed.

Untitled content 9

Finding Connections in VHAs

  • External connections can be found throughout VHA facilities
    • Because we have no equipment for locating connections, we use the following methods.
      • We conduct interviews
        • Who do we Interview?
          • VA department leads/managers
          • Program managers of contracted services
          • Veteran Service Organizations.
      • We perform Visual Inspections

Untitled content 10

VA Deparments

  • Telecom
  • Bio-Med
  • Lab
  • Pharmacy (In and Out-Patient)
  • Logistics
  • Engineering
  • Facilities Maintenance Service (FMS)
  • Medical Media
  • VA Police and Fire Departments

Untitled content 11

Contracted Services

  • Credit Union
  • Voluntary Services
  • US Post Office
  • External Janitorial Services
  • Optical Retailers
  • Veteran Service Organizations
    • State DVS
    • American Legion
    • VFW
    • AmVets

Untitled content 12

VBA Site Survey

  • Air-gapped Connections
    • First look for any “veteran facing” computers such as Vocational Rehabilitation Education, AMVet or Hope for veterans. These will always be air-gapped connections and will require an MOU.
    • Mail Room Equipment could also be on an air-gapped connection.
    • State DVSs and other Veteran Service Organizations could have their own air-gapped connections.
  • Firewall waiver or Business partner gateways
    • This type of connection will often belong to a Veterans Service organization (VSO). VSOs could have access on the facilities’ LAN with a Firewall ACL or site to site VPN that allows them access to their own core systems. Examples of VSO’s Include AMVET, State Veterans Services, The American Legion, VFW, etc. This connection requires an MOU or MOU/ISA as well.

Untitled content 13

Survey Completion

  • Once you have completed your survey:
    • Outbriefing
      • Set up a meeting with the FCIO and your EC team POC
    • Compile your Data.
      • Complete the Data call worksheet and the additional Data tables
      • Send all of your data including scanned handwritten notes to your External connections POC
    • Trip Summary
      • Complete the Trip summary Report and send it to the External Connections Project coordinator

Untitled content 14


  • What would you like to know?