Skip to main content
Date Issued
Submitting OIG
Department of Health & Human Services OIG
Agencies Reviewed/Investigated
Department of Health & Human Services
Report Number
A-18-22-07002
Report Type
Audit
Agency Wide
Yes
Number of Recommendations
3
Questioned Costs
$0
Funds for Better Use
$0
Report updated under NDAA 5274
No

Open Recommendations

This report has 3 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
25-A-18-023.01 No $0 $0

We recommend that the Department of Health and Human Services Office of the Chief Information Officer enforce existing information security continuous monitoring (ISCM) requirements for detecting, preventing, and reporting the installation of unauthorized software across OpDivs referenced in HHS Policy for Information Security and Privacy Protection (IS2P) and enforce the new ISCM policy once approved.

25-A-18-023.02 No $0 $0

We recommend that the Department of Health and Human Services Office of the Chief Information Officer enforce HHS's continuous monitoring policy for detecting, preventing, and reporting unauthorized or suspicious network activity across OpDivs.

25-A-18-023.03 No $0 $0

We recommend that the Department of Health and Human Services Office of the Chief Information Officer update the HHS IS2P to require OpDivs to implement NIST 800-53, Revision 5, CA-8 (2) Red Team Exercises at least every 2 years and RA-10 Threat Hunting yearly for high and moderate Federal Information Processing Standards Publication 199 impact systems.

Department of Health & Human Services OIG

United States