Fiscal Year 2021 Federal Information Security Modernization Act (FISMA) Evaluation Security Technical Testing Topic Brief

The Federal Information Security Modernization Act of 2014 (FISMA) requires all federal agencies to conduct independent security technical verification testing on a sampling of information systems annually. In conjunction with our fiscal year 2021 FISMA evaluation (2021-OE-0001), we conducted a targeted security testing assessment of sample systems that resulted in a Topic Brief. The objective of this application vulnerability testing was to determine whether the U.S. Department of Housing and Urban Development (HUD) sample systems contained potential security weaknesses. We identified potential vulnerabilities among the tested HUD applications and categorized them into low, medium, and high risk. HUD should prioritize those risks for review and remediation. No formal recommendations were documented in the report. The OIG has determined that the contents of this report would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.