Skip to main content
Date Issued
Submitting OIG
Department of Housing and Urban Development OIG
Agencies Reviewed/Investigated
Department of Housing and Urban Development
Report Number
2024-OE-0002a
Report Description

The U.S. Department of Housing and Urban Development (HUD) Office of Inspector General (OIG) conducted penetration testing concurrently with our fiscal year 2024 Federal Information Security Modernization Act of 2014 (FISMA) evaluation. The objective of the penetration testing evaluation was to test the technical implementation of a limited set of security controls for a selection of HUD information systems and applications: the Office of Housing’s Federal Housing Administration Catalyst system, the Office of the Chief Financial Officer’s Line of Credit Control System (LOCCS), the Office of Community Planning and Development’s Disaster Recovery Grant Reporting (DRGR) system, and the Office of Public and Indian Housing’s National Standards for the Physical Inspection of Real Estate (NSPIRE) system.

Our assessment identified nine significant weaknesses related to data protection and website security, underscoring the need to strengthen technical security controls. To address these findings, we provide 13 new recommendations, which will be formally tracked by our office, and 7 opportunities for improvement. These recommendations are designed to enhance HUD’s IT security posture by preventing unauthorized data access, ensuring the integrity and confidentiality of sensitive information, and protecting against web-based threats.

OIG has determined that this report contains sensitive information and is therefore not appropriate for public disclosure.

Report Type
Inspection / Evaluation
Agency Wide
Yes
Questioned Costs
$0
Funds for Better Use
$0
Report updated under NDAA 5274
No

Department of Housing and Urban Development OIG

United States