The Office of National Drug Control Policy (ONDCP) leads and coordinates the Nation’s drug policy to improve the health and lives of the American people, including the development and implementation of the National Drug Control Strategy (the Strategy).  ONDCP evaluates the effectiveness of national drug control policy efforts, the Strategy’s goals and objectives, and each National Drug Control Program Agency’s program-level...

The U.S. Department of Housing and Urban Development’s (HUD) development of requirements documents is a collaboration across HUD program offices.  The Office of the Chief Procurement Officer (OCPO) is responsible for obtaining all goods and services required by HUD efficiently and in the most cost-effective manner possible, while program offices are responsible for preparing the requirements documents and submitting an actionable...

We have completed our fiscal year (FY) 2023 Federal Information Security Modernization Act of 2014 (FISMA) penetration test and vulnerability assessment.  The objective of this evaluation was to test and verify the technical implementation of a limited set of security controls on judgmentally selected U.S. Department of Housing and Urban Development (HUD) information systems and applications.HUD demonstrated successes in securely...

We audited the U.S. Department of Housing and Urban Development’s (HUD) Office of the Chief Procurement Officer’s use of its quality assurance surveillance plan (QASP) for its Atlanta Homeownership Center field service management (FSM) housing contracts.  We initiated the audit to support HUD’s priority on increasing efficiency in procurement.  An assessment of HUD’s use of its QASP, as part of its 3.10 FSM 5-year contract...

We completed a corrective action verification (CAV) of recommendations from prior Office of Inspector General (OIG) audit reports on the U.S. Department of Housing and Urban Development’s (HUD) government purchase cards and government travel cards, both issued January 31, 2020. During our CAV, we followed up on all 10 recommendations from OIG audit report 2020-KC-0001 and all 13 recommendations from OIG audit report 2020-KC-0002. Our...

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation...

The Federal Information Security Modernization Act of 2014 (FISMA) requires all federal agencies to conduct independent security technical verification testing on a sampling of information systems annually.  In conjunction with our fiscal year 2021 FISMA evaluation (2021-OE-0001), we conducted a targeted security testing assessment of sample systems that resulted in a Topic Brief.  The objective of this application...

We reviewed the U.S. Department of Housing and Urban Development’s (HUD) ability to effectively complete information technology (IT) acquisitions.  HUD’s IT systems and its modernization plans depend heavily on contractors, yet HUD has historically faced significant challenges with implementing effective acquisition processes. Therefore, HUD’s acquisition capacity represents a key potential risk within HUD’s IT environment. We...