The Office of National Drug Control Policy (ONDCP) leads and coordinates the Nation’s drug policy to improve the health and lives of the American people, including the development and implementation of the National Drug Control Strategy (the Strategy).  ONDCP evaluates the effectiveness of national drug control policy efforts, the Strategy’s goals and objectives, and each National Drug Control Program Agency’s program-level…

We have completed our fiscal year (FY) 2023 Federal Information Security Modernization Act of 2014 (FISMA) penetration test and vulnerability assessment.  The objective of this evaluation was to test and verify the technical implementation of a limited set of security controls on judgmentally selected U.S. Department of Housing and Urban Development (HUD) information systems and applications.HUD demonstrated successes in securely…

We audited the U.S. Department of Housing and Urban Development’s (HUD) Real Estate Assessment Center’s inspection process.  The audit objectives were to determine whether the Center (1) ensured that public housing properties were inspected within required timeframes before the coronavirus disease 2019 (COVID-19) pandemic; (2) could improve its Big Inspection Plan for inspecting high-priority non-National Standards for the…

The Office of Evaluation began preliminary research related to the Program Management Improvement Accountability Act (PMIAA) of 2016.  The objective was to determine how HUD has implemented and complied with the requirements of PMIAA.  After completing informational interviews with HUD officials and reviewing related documentation, we have determined that a full evaluation is premature at this time because HUD is still…

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation…

The Federal Information Security Modernization Act of 2014 (FISMA) requires all federal agencies to conduct independent security technical verification testing on a sampling of information systems annually.  In conjunction with our fiscal year 2021 FISMA evaluation (2021-OE-0001), we conducted a targeted security testing assessment of sample systems that resulted in a Topic Brief.  The objective of this application…