Submitting OIG:
Report Description:
The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess the overall effectiveness of the Department of Housing and Urban Development’s information security (InfoSec) program, assess their compliance with Federal guidance, and respond to OMB reporting questions for the fiscal year 2023 annual assessment. HUD’s InfoSec program averaged a score of 2.60 for the 20 core metrics and a 2.86 for the FY 2023 supplemental metrics, both of which are at the “defined” maturity level and are considered not effective. Although HUD improved overall, four of the five metrics in which HUD dropped in maturity were core metrics. HUD made commendable progress on increasing maturity on 10 metrics and should continue to focus on prioritizing maturity in the 20 core metrics and key cyber executive orders and requirements. These efforts will require a shared responsibility of proper resourcing, planning, and support from all levels of leadership across the Department. We issued 23 recommendations to improve HUD’s InfoSec program.
Date Issued:
Monday, January 29, 2024
Agency Reviewed / Investigated:
Submitting OIG-Specific Report Number:
2023-OE-0001
Component, if applicable:
Chief Information Officer
Location(s):
Agency-Wide
Type of Report:
Inspection / Evaluation
Questioned Costs:
$0
Funds for Better Use:
$0
Number of Recommendations:
23
Report updated under NDAA 5274:
No
View Document:
Attachment | Size |
---|---|
2023-OE-0001508.pdf | 27.39 MB |
Additional Details Link: