The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-DP-0001 | December 17, 2020
Fiscal Year 2019 Review of Information Systems Controls in Support of the Financial Statements Audit
Chief Information Officer
- Status2021-DP-0001-002-COpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
- Status2021-DP-0001-002-DOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2021-DP-0001-002-EOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2021-DP-0001-002-FOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2021-DP-0001-003-AOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2021-DP-0001-003-BOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2021-DP-0001-004-AOpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2020-OE-0001 | November 30, 2020
HUD Fiscal Year 2020 Federal Information Security Modernization Act of 2014 (FISMA) Evaluation Report
Office of Administration
- Status2020-OE-0001-17OpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
Chief Information Officer
- Status2020-OE-0001-01OpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
PriorityPriorityWe believe these open recommendations, if implemented, will have the greatest impact on helping HUD achieve its mission to create strong, sustainable, inclusive communities and quality affordable homes for all.
Implement a software asset management capability for software and operating systems to ensure that software executes only from the authorized software inventory and all unauthorized software is blocked from executing on HUD's network.
Status
In April 2024, the Office of the Chief Information Officer reported that it was in the process of implementing a software management tool that would allow it to control which software is authorized to access the network. This is the first step to creating rules for allowing only authorized software to be used through HUD's endpoint security software. The final implementation of this new tool is expected by Quarter 2 of FY 2025.
Analysis
To fully address this recommendation, HUD must provide evidence that it has an automated whitelist and it is implemented as per the NIST Special Publication 800-167 or accept the risk and document mitigating measures via a Risk-Based Decision memorandum.
Implementation of this recommendation will result in HUD having the capability to ensure only authorized software is used on HUD’s network based on its software asset listing.
- Status2020-OE-0001-02OpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2020-OE-0001-03OpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2020-OE-0001-04OpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2020-OE-0001-05OpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2020-OE-0001-06OpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2020-OE-0001-07OpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2020-OE-0001-08OpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2020-OE-0001-09OpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2020-OE-0001-10OpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2020-OE-0001-11OpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
- Status2020-OE-0001-12OpenClosedSensitiveSensitive
Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.