Skip to main content
Date Issued
Submitting OIG
Department of Health & Human Services OIG
Agencies Reviewed/Investigated
Department of Health & Human Services
Report Number
A-18-22-09009
Report Type
Audit
Agency Wide
Yes
Number of Recommendations
3
Questioned Costs
$0
Funds for Better Use
$0
Report updated under NDAA 5274
No

Open Recommendations

This report has 3 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
24-A-18-097.01 No $0 $0

We recommend that the Illinois Department of Healthcare and Family Services remediate the four security control findings identified by OIG.

24-A-18-097.02 No $0 $0

We recommend that the Illinois Department of Healthcare and Family Services develop and implement flaw remediation policies and procedures for effectively identifying vulnerabilities, prioritizing them based on potential impact and exploitability, and remediating them within a defined timeframe as required by NIST SP 800-53, SI-2, Flaw Remediation, or other standards governing security of Federal systems and information.

24-A-18-097.03 No $0 $0

We recommend that the Illinois Department of Healthcare and Family Services enhance its testing procedures to include performing more robust technical testing of web-facing systems and emulation of an adversary's tactics and techniques on a defined reoccurring basis, in order to better assess the effectiveness of NIST SP 800-53 controls.

Department of Health & Human Services OIG

United States