HUD OIG is conducting the Fiscal Year (FY) 2025 evaluation of the HUD's information security (InfoSec) program and practices, as required by the Federal Information Security Modernization Act of 2014 (FISMA). The objectives are to (1) perform an independent evaluation of the effectiveness of HUD’s InfoSec program and practices as required by FISMA; (2) test the effectiveness of HUD’s InfoSec policies, procedures, and practices through the analysis of a selection of HUD’s information technology (IT) systems, which are labelled as “sample systems.”; (3) assess the maturity level of HUD’s InfoSec program and practices using the results of sample system testing against the Inspector General FISMA Reporting Metrics; and (4) prepare responses for each applicable Office of Management and Budget (OMB)/Department of Homeland Security (DHS) CyberScope FISMA questions with the support and conclusions documented in each response.