U.S. flag

An official website of the United States government Here’s how you know

The .gov means it’s official.

Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.

The site is secure.

The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

2021-OE-0001-18
Status
Closed
Date Issued
February 15, 2022
Closed Date
September 20, 2022
OIG Component Office
Evaluation
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
Program Office
Chief Information Officer
Questioned Costs
$0.00
Better Funds Use
$0.00
Publication Report Number
2021-OE-0001

Related Recommendations

Recomendation Status Date Issued Summary
2021-OE-0001-01 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-02 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-03 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-04 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-05 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-06 Closed February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-07 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-08 Open February 15, 2022

Define and communicate policies and procedures to ensure that its products, system components, systems, and services comply with its cybersecurity and SCRM requirements. This recommendation includes:

  • Identification and prioritization of externally provided systems (new and legacy), components, and services.
  • How HUD maintains awareness of its upstream suppliers.
  • The integration of acquisition processes tools, and techniques to use the acquisition process to protect the supply chain.
  • Contract tools or procurement methods to confirm that contractors are meeting their obligations (derived from OIG FISMA metric 14).

Status

As of March 6, 2024, HUD OCIO and OCPO were collaborating on policy updates. HUD reported to HUD OIG on February 8, 2024, that the policy requires clearance before being finalized. Once finalized and approved, HUD will provide the evidence to OIG for closure.


Analysis

To fully address this recommendation, HUD must establish that it has defined and communicated policies and procedures to ensure that its products, system components, systems, and services comply with its cybersecurity and SCRM requirements. Implementation of this recommendation will result in HUD continuing to mature in supply chain risk management, establishing and defining the policies and procedures of SCRM requirements as it relates to systems and system components.

2021-OE-0001-09 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-10 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-11 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-12 Closed February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-13 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-14 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-15 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-16 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-17 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-19 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-20 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-21 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-22 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-23 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.