The OIG Office of Evaluation is initiating an evaluation of the U.S. Department of Housing and Urban Development’s (HUD) Public and Indian Housing (PIH) Information Technology (IT) Modernization program. The objectives are to assess the IT Modernization process for Enterprise Voucher Management System (EVMS) and Housing Information Portal (HIP) systems that support key PIH programs.

To assess the operational effectiveness of security controls for selected HUD IT systems or functions.

The OIG evaluated the U.S. Department of Housing and Urban Development’s (HUD) progress in applying zero trust security principles to protect personally identifiable information (PII).  HUD maintained a significant number of records that contain PII with limited zero trust controls in place to secure these data.  In FY 2022, HUD established a zero trust implementation plan to help the agency address the five zero trust...

HUD OIG is conducting the Fiscal Year (FY) 2025 evaluation of the HUD's information security (InfoSec) program and practices, as required by the Federal Information Security Modernization Act of 2014 (FISMA). The objectives are to (1) perform an independent evaluation of the effectiveness of HUD’s InfoSec program and practices as required by FISMA; (2) test the effectiveness of HUD’s InfoSec policies, procedures, and practices through...

The OIG evaluated the U.S. Department of Housing and Urban Development (HUD) Office of Housing’s (Housing) progress in applying zero trust security principles to protect personally identifiable information (PII) within the Federal Housing Administration (FHA) Catalyst system.HUD was in the beginning stages of implementing zero trust requirements for the data and identity pillars. HUD Office of Housing systems, including FHA Catalyst,...

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to...

 The Geospatial Data of 2018 (the Act) governs the collection, production, acquisition, maintenance, distribution, use, and preservation of geospatial data of covered agencies, including the U.S. Department of Housing and Urban Development (HUD).  We audited the U.S. Department of Housing and Urban Development’s (HUD) efforts to meet the geospatial data requirements stated in the Act.  The Act requires the Inspector...

We audited HUD and its grantees’ monitoring of subrecipients and contractors in HUD’s Emergency Solutions Grants Coronavirus Aid, Relief, and Economic Security Act (ESG-CV) program to assess subrecipient monitoring in the program.  ESG and ESG-CV grantees often rely on subrecipients and contractors to carry out ESG-CV-funded activities on behalf of the grantees, and are required to monitor subrecipients to ensure that the...

HUD OIG is auditing a New York-based grantee's Coronavirus, Aid, Relief, and Economic Security (CARES) Act, Emergency Solutions Grants (ESG-CV) program. The CARES Act provided nearly $4 billion in special ESG funds to grantees to prevent, prepare for, and respond to the coronavirus pandemic and supports activities, such as, rapid re-housing, homelessness prevention programs, and emergency shelters for people experiencing homelessness....

We audited the City and County of Honolulu’s Department of Budget and Fiscal Services’ and Department of Community Services’ (City) fraud risk management practices for its Emergency Solutions Grants Coronavirus Aid, Relief, and Economic Security Act (ESG CARES Act) program with the objective of assessing the maturity of the City’s fraud risk management framework that encompasses control activities to prevent, detect, and respond to...

We audited the California Department of Housing and Community Development (HCD) with the objective of evaluating HCD’s fraud risk management practices for its Emergency Solutions Grants Coronavirus Aid, Relief, and Economic Security Act (ESG CARES Act) program and assessing the maturity of its efforts to prevent, detect, and respond to fraud.  Fraudulent activity in the ESG CARES Act program can lead to significant financial...

HUD OIG is auditing a Hawaii-based grantee's Coronavirus, Aid, Relief, and Economic Security (CARES) Act, Emergency Solutions Grants (ESG-CV) program. The CARES Act provided nearly $4 billion in special ESG funds to grantees to prevent, prepare for, and respond to the coronavirus pandemic and supports activities, such as, rapid re-housing, homelessness prevention programs, and emergency shelters for people experiencing homelessness....

HUD OIG is auditing a California-based grantee's Coronavirus, Aid, Relief, and Economic Security (CARES) Act, Emergency Solutions Grants (ESG-CV) program. The CARES Act provided nearly $4 billion in special ESG funds to grantees to prevent, prepare for, and respond to the coronavirus pandemic and supports activities, such as, rapid re-housing, homelessness prevention programs, and emergency shelters for people experiencing homelessness...

We are auditing HUD’s implementation and tracking of the President’s National Drug Control Strategy (Strategy) as directed by the White House’s Office of National Drug Control Policy. For FY2023, HUD has administered more than $3.2 billion in Recovery Housing Program (RHP) and Continuum of Care (CoC) Program funding as part of the agency’s efforts in reducing the number of overdose deaths in the United States. With respect to the...

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to...

HUD OIG is performing this evaluation to assess HUD’s capability to meet privacy and data protection requirements and provide appropriate stakeholders with an understanding of any related potential risks to HUD’s data and the operational mission. The evaluation will also provide HUD an independent assessment of the level of maturity it has reached in developing the data and identify pillars of CISA's zero-trust architecture. The...

HUD OIG is conducting the Fiscal Year (FY) 2024 evaluation of the HUD's information security program and practices, as required by the Federal Information Security Modernization Act of 2014 (FISMA). The objectives are to (1) assess the maturity level of HUD’s InfoSec program and practices based on the annual IG FISMA reporting metrics. The assessment will include 20 core IG metrics that are evaluated annually and group 2 of the...

HUD OIG is auditing a Hawaii-based grantee's Coronavirus, Aid, Relief, and Economic Security (CARES) Act, Emergency Solutions Grants (ESG-CV) program. The CARES Act provided nearly $4 billion in special ESG funds to grantees to prevent, prepare for, and respond to the coronavirus pandemic and supports activities, such as, rapid re-housing, homelessness prevention programs, and emergency shelters for people experiencing homelessness....

HUD OIG is auditing HUD's Continuum of Care (CoC) program, which is a grant program designed to promote community wide commitment to the goal of ending homelessness. A CoC is a regional or local planning body that coordinates housing and services funding for homeless families and individuals and HUD provided $2.6 billion in CoC funding for the 2021 grant competition year. Our objective is to determine how HUD and CoCs collect and use...

HUD OIG is auditing a New York-based grantee's Coronavirus, Aid, Relief, and Economic Security (CARES) Act, Emergency Solutions Grants (ESG-CV) program. The CARES Act provided nearly $4 billion in special ESG funds to grantees to prevent, prepare for, and respond to the coronavirus pandemic and supports activities, such as, rapid re-housing, homelessness prevention programs, and emergency shelters for people experiencing homelessness...