An official website of the United States government
Here's how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Brought to you by the Council of the Inspectors General on Integrity and Efficiency
Federal Reports
Report Date
Agency Reviewed / Investigated
Report Title
Type
Location
Department of Housing and Urban Development
Independent Attestation Review: U.S. Department of Housing and Urban Development, Office of Special Needs, Continuum of Care Homeless Assistance Grants Program, Regarding Drug Control Accounting for Fiscal Year 2018
We conducted an attestation review of the U.S. Department of Housing and Urban Development (HUD), Office of Special Needs Assistance Continuum of Care, regarding drug control accounting and associated management assertions for fiscal year 2018. As required by Federal statute 21 U.S.C. 1704(d), we reviewed HUD’s Report on Drug Control Accounting, including its written assertions. Our responsibility is to express a conclusion on the subject matter or assertion based on our review. We performed review procedures on HUD’s assertions and the accompanying fiscal year 2018 Accounting of Drug Control Funding and Performance Summary reports. Based upon our review, we are not aware of any material modifications that should be made to HUD’s assertions or the accompanying fiscal year 2018 Accounting of Drug Control Funding and Performance Summary in order for them to be in accordance with Office of National Drug Control Policy requirements.
We have determined that the Corporation for National and Community Service’s (CNCS’s) information security program is NOT EFFECTIVE. CNCS has in place the basic information technology policies, procedures and system security documentation needed for effective cybersecurity. To progress beyond the current maturity level, the Corporation must consistently implement and monitor security controls. We continued to find severe vulnerabilities on the network. CNCS has still not fully implemented baseline security configuration settings specific to the existing information technology environment. Further, CNCS has not implemented multifactor authentication for information system users and administrators. These gaps limit the protection of CNCS systems and data, and may expose sensitive information, including Personally Identifiable Information (PII), to unauthorized access and use.The independent IG report offers 25 recommendations to assist CNCS in strengthening its information security program and reach an Effective rating. CNCS should undertake a strategic analysis of the government-wide metrics and the weaknesses identified in this evaluation, to develop a multi-year approach designed to realize steady, measurable improvements in information security in each of the component areas. Implementing such a plan will require CNCS to allocate sufficient resources, including staffing, and to be accountable for interim milestones in order to reach an overall Effective rating.
We conducted a series of OIG audits at four HHS Operating Divisions (OPDIVs) using network and web application penetration testing to determine how well HHS systems were protected when subject to cyberattacks.
