Overall, in comparison to the prior year's FISMA review, the Department has made improvements. Specifically, the number of findings have decreased from year to year. In addition, the Department and its operating divisions have implemented continuous monitoring tools that have allowed them to gain more insight to the security compliance of their assets. However, despite the progress made to improve its information security program, opportunities to strengthen the overall information security program exist. We continued to identify weaknesses in the following areas: continuous monitoring, configuration management, identity and access management, risk management, incident response, security training, contingency planning, and contractor systems.
Report File
Date Issued
Submitting OIG
Department of Health & Human Services OIG
Other Participating OIGs
Department of Health & Human Services OIG
Agencies Reviewed/Investigated
Department of Health & Human Services
Components
Office of the Secretary
Report Number
A-18-16-30350
Report Description
Report Type
Audit
Agency Wide
Yes
Number of Recommendations
7
Questioned Costs
$0
Funds for Better Use
$0
Additional Details
