Federal Reports

The OIG evaluated the U.S. Department of Housing and Urban Development (HUD) Office of Housing’s (Housing) progress in applying zero trust security principles to protect personally identifiable information (PII) within the Federal Housing Administration (FHA) Catalyst system.

HUD was in the beginning stages of implementing zero trust requirements for the data and identity pillars. HUD Office of Housing systems, including FHA Catalyst, are largely dependent on enterprise initiatives and technical solutions to effectively implement many zero trust controls. Housing conducted data inventories but was unable to automate the process and had not yet included FHA Catalyst in its inventories.  HUD lacked enterprise data management processes, standards and technical solutions, which impacted Housing’s ability to manage data. Housing had not applied dynamic access controls within FHA Catalyst to limit access based on user actions and resource needs, and the system did not support continuous reauthentication of users based on their sessions.  FHA Catalyst further lacked the capability for automated user activity logging, which is necessary to detect anomalies and help identify potential attacks.  We issued 3 recommendations to improve Housing’s management of PII in a zero trust environment.

Open configuration options

Open configuration options

Recommendations

Housing

•   2023-OE-0007a-01

   

  Housing should include zero trust requirements as part of the Housing Strategic Roadmap for Housing Modernization.

   

•   2023-OE-0007a-02

   

  Housing should refine access controls within the FHA Catalyst modules that are dynamic, are tailored to user actions, and require continuous reauthentication to ensure that users have access only to information needed.

   

•   2023-OE-0007a-03

   

  Housing should coordinate with HUD’s SOC to a. Ensure that FHA Catalyst user behavior monitoring logs are regularly captured and adequately reviewed for discrepancies in user activities. b. Establish program office responsibility for the log review process.  

This is a summary of GPO OIG Report number 25-01 .The full report was provided to GPO leadership and congressional committees of jurisdiction. However, the report contains sensitive information about GPO’s Security Program and potential vulnerabilities prohibiting public release.

The Office of the Inspector General (OIG) found that the Defense Nuclear Facilities Safety Board’s (DNFSB’s) nondisclosure agreements (NDAs) complied with 5 United States Code Section 2302(b)(13) by including anti-gag clauses in the NDAs that were issued between April 2019 and April 2024.However, the OIG also reviewed the DNFSB’s internal control environment over the broader period of 2012 through 2024 and identified three internal control findings. The OIG found that between 2012 and 2019, the DNFSB issued incomplete, ineffective, and inconsistent NDAs; the issuance of NDAs was not systematic and lacked transparency; and, the DNFSB did not communicate whistleblower protections in a timely manner.The OIG makes four recommendations related to the DNFSB’s use and management of NDAs.

This report was issued in conjunction with the Office of Inspector General for the Railroad Retirement Board's Semiannual Report to the Congress. It was incorporated by reference in the corresponding Semiannual Report which is available at the link below.

The report summarizes the FTC OIG’s activities and accomplishments during the second half of the FY 2024 reporting period.

Today, the U.S. Consumer Product Safety Commission Office of Inspector General released their semiannual report for the reporting period ending September 30, 2024. The report is part of the semiannual requirement to communicate OIG oversight activities of the CPSC to Congress and the American people.