The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

In April 2024, HUD OIG met with HUD OCIO to discuss progress and requirements for closure of this recommendation. In addition, OIG reviewed this recommendation as part of the annual FY 2024 FISMA evaluation in April 2024 and learned from HUD OCIO that that there would be a procedure update that would implement the ingestion and monitoring of all inbound and outbound traffic. The OIG requested to be provided with these procedures when finalized and evidence of implementation on May 1, 2024.

Corrective Action Taken

HUD OCIO updated its Cybersecurity Incident Response Plan and developed more detection and protection mechanisms to monitor network traffic in its IT environment. These mechanisms include anti-malware agents, data loss prevention, endpoint detection and response, firewalls, and intrusion detection and prevention systems. HUD’s SOC also developed standard operating procedures and playbooks for abnormal traffic alerts triggered by the above tools that are posted internally for SOC personnel to utilize. Addressing this recommendation resulted in improvement of HUD’s networking monitoring process by enhancing visibility into network traffic. It also increased HUD’s incident response program capabilities by ensuring that HUD has a plan to monitor traffic and better detect and respond to security incidents. As part of our regular Federal Information Security Act of 2014 (FISMA) assessments, HUD OIG will continue to assess HUD’s incident response effectiveness and threat detection to ensure HUD addresses new and evolving threats.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

Take appropriate administrative action, up to and including debarment, against the owner for the violations cited in this report including, amongst others, failure to perform the required inspections to ensure that the units the owner were billing for assistance were decent, safe, and sanitary.

Require the Englewood Apartments’ owner to repay HUD from non-project funds the projected $377,108 in housing assistance payments for tenants who were not eligible for assistance.

Require Englewood Apartments to support that $24,295 in unsupported housing assistance payments was eligible and accurate. Englewood Apartments’ owner should repay any subsidy overpayments to HUD from non-project sources. Further, the owner should reimburse tenants for overcharged rents or enter into a repayment agreement with tenants who were undercharged due to nondisclosure of income.

Require the Englewood Apartments’ owner to implement appropriate controls, including a formalized process, to use when conducting initial certifications and interim and annual recertifications to ensure that tenants are eligible, housing assistance payments are accurate, and tenant files contain all required documentation to comply with HUD’s and its own requirements. In addition, the updated controls should ensure a layer of management oversight to review all certifications before final approval until such time as onsite management is trained and has been proven to follow HUD’s and its own requirements.

Ensure that the owner, management agent, and staff complete training to ensure that they understand their duties, including HUD’s and local tenant eligibility and certification requirements.

Monitor Englewood Apartments to ensure that its staff properly maintains tenant files and completes required certifications in accordance with HUD’s and its own requirements.

Ensure that Englewood Apartments’ owner and its identity-of-interest management agent provide necessary oversight to its onsite staff.