WASHINGTON DC— Today, the U.S. Department of Housing and Urban Development’s (HUD) Office of Inspector General (OIG) issued its annual independent evaluation of the effectiveness of HUD’s information security (InfoSec) program and practices under the Federal Information Security Modernization Act of 2014 (FISMA).
FISMA requires all Inspectors General (IG) to annually assess the effectiveness of their Federal agency’s InfoSec programs. The Office of Management and Budget (OMB) publishes metrics annually for the IG community to use during these assessments that are combined as a part of a governmentwide maturity model.
HUD’s FY 2024 overall FISMA maturity was assessed at level 3, the “consistently implemented” maturity level. This maturity level was an increase from where HUD was assessed in FY 2023, which was level 2, “defined.” OMB guidance states that an agency InfoSec program is effective at a maturity level 4, which is the “managed and measurable” maturity level. HUD made significant improvements in metrics, maturing in 22 of the 37 that were evaluated and, for the first time, achieved maturity level 4, managed and measurable, in 14 metrics.
The report highlights the initiatives to improve HUD’s InfoSec program and improvements needed with
associated recommendations to assist in addressing those weaknesses. HUD continued to show limitations in establishing its supply chain risk management (SCRM) program and managing and resourcing its identity, credential, and access management (ICAM) program. The report also discusses the need for HUD to develop, modernize, and enhance its legacy systems; strategically utilize its resources, including staff and funding; and deploy technology necessary to implement critical security controls.
The report makes five recommendations to help HUD improve in several InfoSec areas, including its inventory of assets, governance, risk, and compliance, security configuration of its systems, including baseline configurations, and security training improvements.
“HUD has made notable improvements in its information security posture over the past year, notably by closing priority OIG recommendations,” stated Inspector General Rae Oliver Davis. “We commend HUD for progressing in overall maturity and will continue to work with the Department to strengthen its information security program.”
Anyone with knowledge of potential fraud, waste, abuse, misconduct, or mismanagement related to HUD programs should contact the HUD OIG Hotline at 1-800-347-3735 or visit, https://www.hudoig.gov/hotline. For media inquiries, contact us at [email protected].
An official website of the United States government Here’s how you know
The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.
The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.