We have completed our fiscal year (FY) 2023 Federal Information Security Modernization Act of 2014 (FISMA) penetration test and vulnerability assessment.  The objective of this evaluation was to test and verify the technical implementation of a limited set of security controls on judgmentally selected U.S. Department of Housing and Urban Development (HUD) information systems and applications.HUD demonstrated successes in securely...

We found 13 properties with consecutive REAC scores below 60 that were missing the required flags in HUD’s Active Partners Performance System (APPS) for unacceptable physical condition.  This condition occurred because HUD did not have a quality control program to ensure that the account executives manually entered the flags into APPS and there was no automated process for flagging a property once it received the second...

We audited the Housing Authority of Plainfield, NJ’s administration of its public housing programs.  We selected the Authority based on a risk analysis of public housing agencies in New Jersey that considered the size of the agency, the amount of operating and capital funds received, and previous work conducted by the Office of Inspector General.  The objective of the audit was to determine whether the Authority administered...

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation...

The Federal Information Security Modernization Act of 2014 (FISMA) requires all federal agencies to conduct independent security technical verification testing on a sampling of information systems annually.  In conjunction with our fiscal year 2021 FISMA evaluation (2021-OE-0001), we conducted a targeted security testing assessment of sample systems that resulted in a Topic Brief.  The objective of this application...

We audited the Buffalo Municipal Housing Authority’s management of its Commodore Perry Homes development.  We selected the Authority based on congressional interest.  Half of the development’s buildings were demolished more than 20 years ago, and the majority of the remaining buildings and units have been vacant for years without redevelopment activity.  The objective of the audit was to determine whether the Authority...