The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

Define and communicate policies and procedures to ensure that its products, system components, systems, and services comply with its cybersecurity and SCRM requirements. This recommendation includes:

• Identification and prioritization of externally provided systems (new and legacy), components, and services.
• How HUD maintains awareness of its upstream suppliers.
• The integration of acquisition processes tools, and techniques to use the acquisition process to protect the supply chain.
• Contract tools or procurement methods to confirm that contractors are meeting their obligations (derived from OIG FISMA metric 14).

Status

In May 2024, HUD OIG reviewed the Office of the Chief Information Officer’s progress is closing this recommendation as part of the annual FY 2024 FISMA evaluation. At that time, HUD provided additional evidence in the form of draft SCRM Policy, SCRM Procedures, SCRMES Charter, and a SCRM Technical Roadmap. Additionally, HUD provided agency-specific clauses. At the time, the guidance had not yet been finalized.

Analysis

To fully address this recommendation, HUD must establish that it has defined and communicated policies and procedures to ensure that its products, system components, systems, and services comply with its cybersecurity and SCRM requirements. Implementation of this recommendation will result in HUD continuing to mature in supply chain risk management, establishing and defining the policies and procedures of SCRM requirements as it relates to systems and system components.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

We recommend that HUD’s Deputy Assistant Secretary for Public Housing and Voucher Programs update and consolidate requests for reasonable accommodation policies and procedures to ensure that there is centralized guidance available for the field offices and PHAs.

We recommend that HUD’s Deputy Assistant Secretary for Public Housing and Voucher Programs conduct additional outreach efforts to educate tenants and PHAs on their rights and responsibilities related to requests for reasonable accommodation, including technical assistance, webinars, and external communications to inform PHAs about their responsibilities and how to evaluate requests for reasonable accommodation, and help families understand their rights.

We recommend that HUD’s Deputy Assistant Secretary for Public Housing and Voucher Programs require that PHAs track requests for reasonable accommodation, including the date of the request, the type of request, and the disposition and date of any action taken that should be made available to HUD at its request.

Develop and implement policies and procedures to ensure that subgrantee agreements are executed in a timely manner, effective monitoring is performed, and subgrantees maintain an emphasis on using their CoC funds, thereby preventing similar occurrences of $3.5 million (see appendix D) in CoC funding going unused.

Adequately support the eligibility of payroll costs or repay its CoC grants $824,302 from non-Federal funds.

Adequately support the eligibility of rent costs or repay its CoC grants $55,545 from non-Federal funds.