HUD OIG is conducting the Fiscal Year (FY) 2023 evaluation of the HUD's information security program and practices, as required by the Federal Information Security Modernization Act of 2014 (FISMA). The objectives are to (1) assess the maturity level of HUD’s IS programs and practices based on the annual IG FISMA reporting metrics. The assessment will include 20 core IG metrics that are evaluated annually and group 1 of the supplemental FISMA metrics that are evaluated on a 2-year cycle in accordance with Office of Management and Budget (OMB) guidance, (2) prepare responses for each IG OMB/Department of Homeland Security CyberScope FISMA metric, including the support and documented conclusions for each response, and (3) conduct a limited network vulnerability assessment and penetration testing of a sample of HUD information systems and applications.