The OIG Office of Evaluation is initiating an evaluation of the U.S. Department of Housing and Urban Development’s (HUD) Public and Indian Housing (PIH) Information Technology (IT) Modernization program. The objectives are to assess the IT Modernization process for Enterprise Voucher Management System (EVMS) and Housing Information Portal (HIP) systems that support key PIH programs.

To assess the operational effectiveness of security controls for selected HUD IT systems or functions.

The OIG evaluated the U.S. Department of Housing and Urban Development’s (HUD) progress in applying zero trust security principles to protect personally identifiable information (PII).  HUD maintained a significant number of records that contain PII with limited zero trust controls in place to secure these data.  In FY 2022, HUD established a zero trust implementation plan to help the agency address the five zero trust...

HUD OIG is conducting the Fiscal Year (FY) 2025 evaluation of the HUD's information security (InfoSec) program and practices, as required by the Federal Information Security Modernization Act of 2014 (FISMA). The objectives are to (1) perform an independent evaluation of the effectiveness of HUD’s InfoSec program and practices as required by FISMA; (2) test the effectiveness of HUD’s InfoSec policies, procedures, and practices through...

The OIG evaluated the U.S. Department of Housing and Urban Development (HUD) Office of Housing’s (Housing) progress in applying zero trust security principles to protect personally identifiable information (PII) within the Federal Housing Administration (FHA) Catalyst system.HUD was in the beginning stages of implementing zero trust requirements for the data and identity pillars. HUD Office of Housing systems, including FHA Catalyst,...

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to...

 The Geospatial Data of 2018 (the Act) governs the collection, production, acquisition, maintenance, distribution, use, and preservation of geospatial data of covered agencies, including the U.S. Department of Housing and Urban Development (HUD).  We audited the U.S. Department of Housing and Urban Development’s (HUD) efforts to meet the geospatial data requirements stated in the Act.  The Act requires the Inspector...

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to...

HUD OIG is performing this evaluation to assess HUD’s capability to meet privacy and data protection requirements and provide appropriate stakeholders with an understanding of any related potential risks to HUD’s data and the operational mission. The evaluation will also provide HUD an independent assessment of the level of maturity it has reached in developing the data and identify pillars of CISA's zero-trust architecture. The...

HUD OIG is conducting the Fiscal Year (FY) 2024 evaluation of the HUD's information security program and practices, as required by the Federal Information Security Modernization Act of 2014 (FISMA). The objectives are to (1) assess the maturity level of HUD’s InfoSec program and practices based on the annual IG FISMA reporting metrics. The assessment will include 20 core IG metrics that are evaluated annually and group 2 of the...

We audited the U.S. Department of Housing and Urban Development (HUD), Office of Native American Programs’ (ONAP) coronavirus disease of 2019 (COVID-19) recovery programs.  We performed this audit to provide HUD with insight and a nationwide perspective on the challenges that grantees experienced with those programs.  Our audit objectives were to identify 1) the information, guidance, and training HUD provided to the...

We conducted this evaluation to assess the maturity of HUD’s Robotic process automation (RPA) activities and determine whether HUD had implemented related controls to address technology and program management risks.  RPA is a software technology used to emulate human actions on a computer.  RPA software programs, referred to as “bots,” can complete repetitive tasks quickly and consistently, freeing up employees to work on...

We audited the U.S. Department of Housing and Urban Development’s (HUD) information technology (IT) infrastructure to support mandatory telework. During mandatory telework, more employees simultaneously needed remote access to HUD’s network and agency resources for an extended period, which presented unique risks and security requirements. While HUD is no longer operating under mandatory telework, understanding the challenges it faced...

We audited the U.S. Department of Housing and Urban Development (HUD), Office of Native American Programs’ (ONAP) Coronavirus Aid, Relief, and Economic Security (CARES) Act and American Rescue Plan (ARP) Act to identify drawdown levels for its block grant programs and assessed information ONAP made publicly available. As of October 4, 2022, grantees had drawn $231.6 million of the $300 million in CARES Act block grant funds and $135....

HUD OIG is conducting the Fiscal Year (FY) 2023 evaluation of the HUD's information security program and practices, as required by the Federal Information Security Modernization Act of 2014 (FISMA). The objectives are to (1) assess the maturity level of HUD’s IS programs and practices based on the annual IG FISMA reporting metrics. The assessment will include 20 core IG metrics that are evaluated annually and group 1 of the...

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation...

We audited the U.S. Department of Housing and Urban Development’s (HUD) efforts to meet the Geospatial Data Act of 2018 (the Act).Our audit objective was to determine whether HUD met the 13 responsibilities stated in the Act with regard to its collection, production, acquisition, maintenance, distribution, use, and preservation of geospatial data.  The Act also generally requires covered agencies provide access to geospatial data...

In coordination with the Pandemic Response Accountability Committee, we conducted an audit to identify potential fraud schemes that could affect HUD’s pandemic funds.  We reviewed the funds appropriated by the Coronavirus Aid, Relief, and Economic Security (CARES) Act and the American Rescue Plan (ARP) Act for the Tenant-Based Rental Assistance (TBRA), Project-Based Rental Assistance (PBRA), HOME Investment Partnerships, and...

We audited the U.S. Department of Housing and Urban Development’s (HUD) Community Development Block Grant Coronavirus Aid, Relief, and Economic Security (CARES) Act program.Our audit objective was to determine what challenges grantees faced in using program funds for activities that prepare for, prevent, or respond to the coronavirus and its impact.  We used a survey questionnaire to gather feedback and insight directly from 1,...

HUD OIG is one of 10 OIGs participating in this PRAC-led COVID 19 Pandemic Impact Project. The OIGs will conduct the review and provide the results to the PRAC for the final consolidated work products.  The objective is to identify the federal pandemic response program funds provided to select geographic areas and the purpose of those funds, and to determine whether the federal program spending aligned with the intended goals and...