U.S. flag

An official website of the United States government Here’s how you know

The .gov means it’s official.

Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.

The site is secure.

The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Closed Date:
Diciembre 31, 2020

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

Publication Report

2019-OE-0002 | Junio 25, 2020

HUD Fiscal Year 2019 Federal Information Security Modernization Act of 2014 (FISMA) Evaluation Report

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget... más

Related Recommendations

Chief Information Officer

  •  
    Status
      Open
      Closed
    2019-OE-0002-01
    Closed on Septiembre 16, 2021
    Sensitive
    Sensitive

    Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.

    Summary

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •  
    Status
      Open
      Closed
    2019-OE-0002-04
    Closed on Julio 19, 2024
    Sensitive
    Sensitive

    Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.

    Summary

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •  
    Status
      Open
      Closed
    2019-OE-0002-05
    Closed on Febrero 02, 2022
    Sensitive
    Sensitive

    Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.

    Summary

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •  
    Status
      Open
      Closed
    2019-OE-0002-07
    Sensitive
    Sensitive

    Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.

    Summary

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •  
    Status
      Open
      Closed
    2019-OE-0002-08
    Closed on Noviembre 18, 2021
    Sensitive
    Sensitive

    Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.

    Summary

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •  
    Status
      Open
      Closed
    2019-OE-0002-09
    Sensitive
    Sensitive

    Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.

    Summary

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •  
    Status
      Open
      Closed
    2019-OE-0002-10
    Closed on Septiembre 16, 2021
    Sensitive
    Sensitive

    Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.

    Summary

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •  
    Status
      Open
      Closed
    2019-OE-0002-11
    Sensitive
    Sensitive

    Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.

    Summary

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •  
    Status
      Open
      Closed
    2019-OE-0002-12
    Closed on Octubre 01, 2021
    Sensitive
    Sensitive

    Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.

    Summary

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •  
    Status
      Open
      Closed
    2019-OE-0002-13
    Closed on Noviembre 18, 2021
    Sensitive
    Sensitive

    Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.

    Summary

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •  
    Status
      Open
      Closed
    2019-OE-0002-14
    Closed on Agosto 26, 2024
    Sensitive
    Sensitive

    Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.

    Summary

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •  
    Status
      Open
      Closed
    2019-OE-0002-15
    Closed on Marzo 10, 2022
    Sensitive
    Sensitive

    Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.

    Summary

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •  
    Status
      Open
      Closed
    2019-OE-0002-16
    Closed on Agosto 26, 2024
    Sensitive
    Sensitive

    Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.

    Prioridad
    Priority

    We believe these open recommendations, if implemented, will have the greatest impact on helping HUD achieve its mission to create strong, sustainable, inclusive communities and quality affordable homes for all.

    Summary

    HUD Office of the Chief Information Officer (OCIO) should finish developing the procedures for the HUD Security Operations Center (SOC) to monitor all inbound and outbound traffic and all HUD network devices.


    Corrective Action Taken

    HUD OCIO updated its Cybersecurity Incident Response Plan and developed more detection and protection mechanisms to monitor network traffic in its IT environment. These mechanisms include anti-malware agents, data loss prevention, endpoint detection and response, firewalls, and intrusion detection and prevention systems. HUD’s SOC also developed standard operating procedures and playbooks for abnormal traffic alerts triggered by the above tools that are posted internally for SOC personnel to utilize. Addressing this recommendation resulted in improvement of HUD’s networking monitoring process by enhancing visibility into network traffic. It also increased HUD’s incident response program capabilities by ensuring that HUD has a plan to monitor traffic and better detect and respond to security incidents. As part of our regular Federal Information Security Act of 2014 (FISMA) assessments, HUD OIG will continue to assess HUD’s incident response effectiveness and threat detection to ensure HUD addresses new and evolving threats.

  •  
    Status
      Open
      Closed
    2019-OE-0002-17
    Closed on Marzo 23, 2021
    Sensitive
    Sensitive

    Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.

    Summary

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •  
    Status
      Open
      Closed
    2019-OE-0002-18
    Closed on Julio 19, 2024
    Sensitive
    Sensitive

    Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.

    Summary

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •  
    Status
      Open
      Closed
    2019-OE-0002-19
    Closed on Julio 01, 2021
    Sensitive
    Sensitive

    Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.

    Summary

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •  
    Status
      Open
      Closed
    2019-OE-0002-20
    Closed on Febrero 10, 2022
    Sensitive
    Sensitive

    Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.

    Summary

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •  
    Status
      Open
      Closed
    2019-OE-0002-21
    Closed on Enero 19, 2021
    Sensitive
    Sensitive

    Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.

    Summary

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •  
    Status
      Open
      Closed
    2019-OE-0002-22
    Closed on Enero 19, 2021
    Sensitive
    Sensitive

    Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.

    Summary

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •  
    Status
      Open
      Closed
    2019-OE-0002-23
    Closed on Diciembre 09, 2021
    Sensitive
    Sensitive

    Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.

    Summary

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •  
    Status
      Open
      Closed
    2019-OE-0002-24
    Closed on Agosto 18, 2022
    Sensitive
    Sensitive

    Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.

    Summary

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •  
    Status
      Open
      Closed
    2019-OE-0002-25
    Closed on Febrero 10, 2022
    Sensitive
    Sensitive

    Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.

    Summary

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •  
    Status
      Open
      Closed
    2019-OE-0002-26
    Closed on Octubre 04, 2022
    Sensitive
    Sensitive

    Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.

    Summary

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

Chief Financial Officer

  •  
    Status
      Open
      Closed
    2019-OE-0002-03
    Closed on Enero 17, 2023
    Sensitive
    Sensitive

    Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.

    Summary

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •  
    Status
      Open
      Closed
    2019-OE-0002-06
    Closed on Enero 10, 2023
    Sensitive
    Sensitive

    Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.

    Summary

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.