A note posted on the VA's Web site last week said that McClain plans to return to the private sector. His departure follows the resignation late last month of Pedro Cadenas, who had been the VA's chief information security officer.
VA Secretary R. James Nicholson said in a statement that McClain "has been an integral part of [the] VA's senior leadership team."
Members of the Senate Committee on Veterans' Affairs also commended McClain for his contributions to the agency at last Thursday's hearing on the massive data breach at the VA.
But McClain has faced considerable criticism at other congressional hearings over what some have seen as his role in limiting the authority of the VA's CIO and CISO via a pair of internal memoranda written in August 2003 and April 2004.
In the first memo, McClain expressed the opinion that responsibility for IT security under the Federal Information Security Management Act (FISMA) rested not with the VA's central CIO but with executives in its health care, benefits and cemetery divisions.
Similarly, McClain stated in the second memo that the CIO had no authority at all under FISMA to enforce policies across the agency even though he had responsibility for ensuring information security.
Bruce Brody, who was the VA's CISO from 2001 to 2004, said in an interview this month that the memos were written after he asked McClain for opinions on security responsibilities at the agency. Brody contended that McClain's legal interpretations "fragmented security at the VA into little stovepipes and fiefdoms."
The agency's information security office was left with "no authority," Brody said. He noted that when the W32.Blaster worm struck in 2003, he had the power to patch only about 1,000 of the VA's 250,000 systems.
The VA's decentralized structure has been widely blamed as a contributing factor in its recent security breach, and Nicholson last month said he had issued a memo that more clearly delegated responsibility and authority for enforcing security policies and directives to the agency's CIO.