Skip to main content

HHS should commit to creating and implementing a Cybersecurity Maturity Migration Strategy to advance the cybersecurity program from its current maturity state to an effective state across HHS. This strategy should include the following: - Perform a risk assessment and identify the optimal maturity level that achieves cost-effective security based on your missions and risks faced, risk appetite, and risk tolerance level. - Identify gaps between the current state at each OPDIV and the criteria required to reach the optimal level across HHS’ enterprise-wide cybersecurity program and develop security controls to implement effective security. - Ensure the requirements for all metrics is Consistently Implemented or higher are achieved. - Articulate roles and shared responsibilities needed to meet the requirements for effective maturity, including whether requirements are to be implemented through centralized, federated, or hybrid controls.

Questioned Costs
$0
Funds for Better Use
$0
Recommendation Status
Open
Source UUID
20-A-18-084-268663
Report
Review of the Department of Health and Human Services' Compliance with the Federal Information Security Modernization Act of 2014 for Fiscal Year 2019
Recommendation Number
268663
Significant Recommendation
No
Migration Source
http://oversight-d7.lndo.site/node/279601
http://oversight-d7.lndo.site/node/279601/edit
https://www.oversight.gov/node/279601
https://www.oversight.gov/node/279601/edit