The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess the overall effectiveness of the Department of Housing and Urban Development’s information security (InfoSec) program, assess their compliance with Federal guidance, and respond to OMB reporting questions for the fiscal year 2024 annual assessment. HUD continued to take positive steps to improve its IT security posture. HUD improved its InfoSec program to maturity level 3, consistently implemented. However, at this level HUD’s InfoSec program is not considered effective. HUD’s InfoSec program scored a 3.08 for the core metrics and a 3.30 for the FY 2024 supplemental metrics, both of which were at maturity level 3, consistently implemented. HUD increased in maturity for 22 metrics and maintained the same maturity for the remaining 15 metrics. Notably, not only did HUD achieve maturity level 4, managed and measurable, for the first time and it did so in 14 metrics.