The OIG evaluated the U.S. Department of Housing and Urban Development’s (HUD) progress in applying zero trust security principles to protect personally identifiable information (PII).  HUD maintained a significant number of records that contain PII with limited zero trust controls in place to secure these data.  In FY 2022, HUD established a zero trust implementation plan to help the agency address the five zero trust...

HUD OIG is conducting the Fiscal Year (FY) 2025 evaluation of the HUD's information security (InfoSec) program and practices, as required by the Federal Information Security Modernization Act of 2014 (FISMA). The objectives are to (1) perform an independent evaluation of the effectiveness of HUD’s InfoSec program and practices as required by FISMA; (2) test the effectiveness of HUD’s InfoSec policies, procedures, and practices through...

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to...

We audited HUD and its grantees’ monitoring of subrecipients and contractors in HUD’s Emergency Solutions Grants Coronavirus Aid, Relief, and Economic Security Act (ESG-CV) program to assess subrecipient monitoring in the program.  ESG and ESG-CV grantees often rely on subrecipients and contractors to carry out ESG-CV-funded activities on behalf of the grantees, and are required to monitor subrecipients to ensure that the...

We are auditing HUD’s Moving to Work (MTW) Demonstration program. This review will focus on MTW public housing agencies’ (PHA) flexibilities (programmatic and funding) to meet the MTW’s statutory requirements and achieve statutory objectives for the period of January 1, 2020, through December 31, 2023. The objective of the audit is to assess PHA compliance with the MTW statutory requirements of (1) establishing a reasonable rent policy...

HUD OIG is auditing public housing authorities' controls over source of income discrimination. As of February 2023, 20 states have passed laws prohibiting discrimination against voucher holders by officially designing source of income as a protected class. The audit objective is to assess the extent to which public housing authorities have implemented controls to prevent and combat source of income discrimination. 

HUD OIG is performing this evaluation to assess HUD’s capability to meet privacy and data protection requirements and provide appropriate stakeholders with an understanding of any related potential risks to HUD’s data and the operational mission. The evaluation will also provide HUD an independent assessment of the level of maturity it has reached in developing the data and identify pillars of CISA's zero-trust architecture. The...

HUD OIG is conducting the Fiscal Year (FY) 2024 evaluation of the HUD's information security program and practices, as required by the Federal Information Security Modernization Act of 2014 (FISMA). The objectives are to (1) assess the maturity level of HUD’s InfoSec program and practices based on the annual IG FISMA reporting metrics. The assessment will include 20 core IG metrics that are evaluated annually and group 2 of the...

We audited the U.S. Department of Housing and Urban Development (HUD), Office of Native American Programs’ (ONAP) coronavirus disease of 2019 (COVID-19) recovery programs.  We performed this audit to provide HUD with insight and a nationwide perspective on the challenges that grantees experienced with those programs.  Our audit objectives were to identify 1) the information, guidance, and training HUD provided to the grantees...

We audited the U.S. Department of Housing and Urban Development (HUD), Office of Native American Programs’ (ONAP) Coronavirus Aid, Relief, and Economic Security (CARES) Act and American Rescue Plan (ARP) Act to identify drawdown levels for its block grant programs and assessed information ONAP made publicly available. As of October 4, 2022, grantees had drawn $231.6 million of the $300 million in CARES Act block grant funds and $135.8...

HUD OIG is conducting the Fiscal Year (FY) 2023 evaluation of the HUD's information security program and practices, as required by the Federal Information Security Modernization Act of 2014 (FISMA). The objectives are to (1) assess the maturity level of HUD’s IS programs and practices based on the annual IG FISMA reporting metrics. The assessment will include 20 core IG metrics that are evaluated annually and group 1 of the...

We audited the U.S. Department of Housing and Urban Development’s (HUD) fraud risk management program at the enterprise and program-office levels and assessed its overall maturity.  Our objective was to determine HUD’s progress in implementing a fraud risk management framework at the enterprise and program-office levels that encompasses control activities to prevent, detect, and respond to fraud. The Antifraud Playbook...

We performed a review of the U.S. Department of Housing and Urban Development’s (HUD) monitoring and tracking of Continuum of Care (CoC) grantees that have been slow to spend their grant funds.  Our objectives were to determine whether HUD was effectively tracking and monitoring CoC grant spending and to determine the impact of COVID-19 on CoC grantee spending. HUD generally tracked and monitored its grantees; however, it did not...

We audited the U.S. Department of Housing and Urban Development (HUD), Office of Native American Programs’ sale of defaulted loan notes and real estate-owned (REO) properties on tribal trust and other restricted lands. We performed this audit as a result of congressional interest in the Section 184 program and work performed during prior HUD, Office of Inspector General, audits. The objective of our audit was to determine whether HUD...

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation...

We audited the U.S. Department of Housing and Urban Development’s (HUD) efforts to meet the Geospatial Data Act of 2018 (the Act). Our audit objective was to determine whether HUD met the 13 responsibilities stated in the Act with regard to its collection, production, acquisition, maintenance, distribution, use, and preservation of geospatial data.  The Act also generally requires covered agencies provide access to geospatial...

We audited the U.S. Department of Housing and Urban Development’s (HUD) Community Development Block Grant Coronavirus Aid, Relief, and Economic Security (CARES) Act program. Our audit objective was to determine what challenges grantees faced in using program funds for activities that prepare for, prevent, or respond to the coronavirus and its impact.  We used a survey questionnaire to gather feedback and insight directly from 1,...

We audited the U.S. Department of Housing and Urban Development’s (HUD) oversight of its public housing agencies’ (PHA) reasonable accommodation policies and procedures.  We initiated this audit because we identified an increase in housing discrimination complaints based on a failure to provide a reasonable accommodation, even as the total number of all housing discrimination complaints was decreasing.  Our audit objective...

We audited the U.S. Department of Housing and Urban Development’s (HUD) oversight of Federal Housing Administration (FHA) refunds based on a hotline complaint alleging that HUD was trying to make it difficult for claimants to obtain refunds or discourage them from pursuing the refunds, which are due to eligible homeowners from the unearned portion of the upfront mortgage insurance premium paid.  Our audit found the allegations...

HUD OIG is reviewing GNMA’s financial crisis readiness program. To ensure its mission, GNMA must be prepared for a broad range of crises, including financial crises, that could impact itself or its issuers. Our objective is to determine whether GNMA implemented a financial crisis readiness program that met industry best practices. According to GAO, best management practices refer to the processes, practices, and systems identified in...