Review of the Department of Health and Human Services’ Compliance with the Federal Information Security Modernization Act of 2014 for Fiscal Year 2020

Date Issued

Tuesday, April 6, 2021

Submitting OIG

Department of Health & Human Services OIG

Other Participating OIGs

Department of Health & Human Services OIG

Agencies Reviewed/Investigated

Department of Health & Human Services

Components

Office of the Secretary

Report Number

A-18-20-11200

Report Description

The Federal Information Security Modernization Act of 2014 (FISMA) requires Inspectors General toperform an annual independent evaluation of their agency’s information security programs and practices to determine the effectiveness of those programs and practices. HHS OIG engaged Ernst &Young LLP (EY) to conduct this audit.

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

17

Questioned Costs

$0

Funds for Better Use

$0