The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess the overall effectiveness of the Department of Housing and Urban Development’s information security program, assess their compliance with Federal guidance, and respond to OMB reporting questions for the fiscal year 2020 annual assessment.The OIG has determined that the contents of this report would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. Please contact the Office of Evaluation at evaluations@hudoig.gov to request a copy of this report.
Open Recommendations
| Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
|---|---|---|---|---|---|
| 2020-OE-0001-01 | No | $0 | $0 | ||
| Implement a software asset management capability for software and operating systems to ensure that software executes only from the authorized software inventory and all unauthorized software is blocked from executing on HUD's network. Status | |||||
| 2020-OE-0001-02 | No | $0 | $0 | ||
| The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. | |||||
| 2020-OE-0001-03 | No | $0 | $0 | ||
| The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. | |||||
| 2020-OE-0001-07 | No | $0 | $0 | ||
| The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. | |||||
| 2020-OE-0001-09 | No | $0 | $0 | ||
| The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. | |||||
| 2020-OE-0001-13 | No | $0 | $0 | ||
| The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. | |||||
| 2020-OE-0001-15 | No | $0 | $0 | ||
| Implement multifactor authentication mechanisms for all nonprivileged users who access information systems that process, store, or transmit PII. Status The Office of the Chief Information Officer reported that it has implemented a new software security solution to implement multifactor authentication, starting with a pilot on 15 FHA systems. In October 2024, HUD received additional funds through the Technology Modernization Fund for this project enterprisewide. Analysis | |||||
| 2020-OE-0001-16 | No | $0 | $0 | ||
| Implement multifactor authentication mechanisms for all privileged users who access information systems that process, store, or transmit PII. Status The Office of the Chief Information Officer reported that it has implemented a new software security solution to implement multifactor authentication, starting with a pilot on 15 FHA systems. In October 2024, HUD received additional funds through the Technology Modernization Fund for this project enterprisewide. Analysis | |||||
| 2020-OE-0001-23 | No | $0 | $0 | ||
| The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. | |||||
