The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess the overall effectiveness of the Department of Housing and Urban Development’s information security (InfoSec) program, assess their compliance with Federal guidance, and respond to OMB reporting questions for the fiscal year 2024 annual assessment. HUD continued to take positive steps to improve its IT security posture. HUD improved its InfoSec program to maturity level 3, consistently implemented. However, at this level HUD’s InfoSec program is not considered effective. HUD’s InfoSec program scored a 3.08 for the core metrics and a 3.30 for the FY 2024 supplemental metrics, both of which were at maturity level 3, consistently implemented. HUD increased in maturity for 22 metrics and maintained the same maturity for the remaining 15 metrics. Notably, not only did HUD achieve maturity level 4, managed and measurable, for the first time and it did so in 14 metrics.
| Report Date | Agency Reviewed / Investigated | Report Title | Type | Location | |
|---|---|---|---|---|---|
| Department of Housing and Urban Development | HUD FY 2024 Federal Information Security Modernization Act (FISMA) Evaluation Report | Inspection / Evaluation |
|
View Report | |
| General Services Administration | Implementation Review of Corrective Action Plan: PBS Needs to Strengthen Its Training and Warranting Programs for Contracting Officers, Report Number A210053/P/2/R23002, December 30, 2022 | Other | Agency-Wide | View Report | |
| U.S. Agency for International Development | Audit of Incurred Costs for ICF Macro, Inc., for Fiscal Year Ended December 31, 2020 | Other |
|
View Report | |
| U.S. Agency for International Development | Audit of Incurred Costs for Chemonics International, Inc for Fiscal Year Ended December 31, 2021 | Other |
|
View Report | |
| U.S. Agency for International Development | Single Audit of International Medical Corps' Financial Statements for the year ended June 30, 2022 | Other |
|
View Report | |
| U.S. Agency for International Development | Single Audit of Pan American Development Foundation for the Year Ended September 30, 2022 | Other |
|
View Report | |
| Department of Health & Human Services | ASPR Established Adequate Controls for Maintaining Physical Security and Inventory Records at Stockpile Site B | Audit | Agency-Wide | View Report | |
| U.S. Agency for International Development | Financial Audit of the GENESIS Project in Honduras Managed by the National Foundation for the Development of Honduras, Cooperative Agreement AID-522-A-15-00002, January 1, 2021, to December 31, 2022 | Other |
|
View Report | |
| U.S. Agency for International Development | Closeout Financial Audit of the Media Strengthening Program Managed by Fundacin por la Libertad de Expresin y Democracia en Nicaragua, Cooperative Agreement AID-524-A-14-00001, January 1, 2023, to April 1, 2024 | Other |
|
View Report | |
| U.S. Agency for International Development | Financial Audit of the Bitter Cassava for Sweet Milk Program in Colombia, Managed by Cooperativa Colanta, Cooperative Agreement 72051419CA00006, January 1 to December 31, 2023 | Other |
|
View Report | |
