U.S. flag

An official website of the United States government Here’s how you know

The .gov means it’s official.

Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.

The site is secure.

The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Key Details
(mouse over or click items for details)
  Open
  Closed
Funds Put to Better Use
Funds Put to Better Use

Recommendations that funds be put to better use estimate funds that could be used more efficiently. For example, recommendations that funds be put to better use could result in reductions in spending, deobligation of funds, or avoidance of unnecessary spending.

Questioned Costs
Questioned Costs

Recommendations with questioned costs identify costs: (A) resulting from an alleged violation of a law, regulation, contract, grant, or other document or agreement governing the use of Federal funds; (B) that are not supported by adequate documentation (also known as an unsupported cost); or (C) that appear unnecessary or unreasonable.

Sensitive
Sensitive

Sensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure.

Priority
Priority

We believe these open recommendations, if implemented, will have the greatest impact on helping HUD achieve its mission to create strong, sustainable, inclusive communities and quality affordable homes for all.

Export Search
Date Issued

Chief Information Officer

  •   2023-OE-0001-15

    HUD OCIO, in coordination with other appropriate HUD offices, should define and communicate policies and procedures for use of MFA at HUD facilities (IG FISMA metrics 30 and 31).

  •   2023-OE-0001-16

    HUD OCIO should implement procedures to ensure that digital identity risk assessments have been performed and documented in accordance with HUD’s defined procedures and Federal guidelines (IG FISMA metrics 30 and 31).

  •   2023-OE-0001-17

    HUD OCIO should define a plan to meet the logging requirements at all event logging maturity levels (basic, intermediate, advanced) in accordance with OMB M-21-31. This plan should include logging sufficient to allow for reviewing privileged user activities (IG FISMA metrics 32 and 54).

  •   2023-OE-0001-18

    HUD OCIO should develop and implement monitoring and enforcement procedures to ensure that non-GFE devices (for example, BYOD), such as those owned by contractors or HUD employees, are either: (a) prohibited from connecting to the HUD network; or (b) properly authorized and configured before connection to the HUD network (IG FISMA metrics 2, 21, and 33).

  •   2023-OE-0001-19

    HUD OCIO should develop and implement procedures and contract terms to enforce forfeiture of non-GFE devices (for example, BYOD), to allow for analysis when security incidents occur (IG FISMA metrics 33 and 55).

  •   2023-OE-0001-20

    HUD’s Office of Administration, in coordination with OCIO, should update and communicate its PII minimization plan. The plan should include detailed procedures to regularly review and remove unnecessary PII collections in accordance with OMB Circular A-130 (IG FISMA metric 35).

  •   2023-OE-0001-02

    HUD OCIO should report at least 80 percent of its government-furnished equipment through the DHS CDM program (IG FISMA metric 2).

  •   2023-OE-0001-21

    HUD OCIO should develop and implement processes to monitor and analyze qualitative and quantitative performance measures for the effectiveness of its ISCM program (IG FISMA metric 47).

  •   2023-OE-0001-22

    HUD OCIO should define a process and assign responsibility to evaluate the effectiveness of its incident response technologies and adjust configurations and toolsets to improve the incident response program (IG FISMA metric 58).

  •   2023-OE-0001-23

    HUD OCIO should update its enterprisewide business impact prioritization analysis procedures to include system dependencies and the characterization of system components (IG FISMA metric 61).

  •   2023-OE-0001-03

    HUD OCIO should implement a process to consistently update and maintain its inventory of software assets and ensure that the inventory is consistent with the automated discovery scans used to perform vulnerability, configurations, and continuous diagnostics and mitigation scans and use this inventory to consistently remove unauthorized software assets from the HUD network (IG FISMA metrics 2, 20, and 21).

  •   2023-OE-0001-04

    HUD OCIO should update its software inventory policies and procedures to account for critical software as defined by EO 14028 (IG FISMA metrics 3 and 21).

  •   2023-OE-0001-05

    HUD OCIO should implement policies and procedures to maintain inventories of critical software and software licenses, critical software platforms, and all software installed on critical software platforms (both critical software and noncritical software) and use the inventory of critical software platforms and all software installed on them to ensure that only supported versions of software are used on those critical software platforms (IG FISMA metrics 3 and 21).

  •   2023-OE-0001-06

    HUD OCIO should in coordination with the Chief Risk Officer (CRO), document cybersecurity risk management roles and responsibilities in a consolidated list and; define procedures to hold personnel accountable to their assigned roles in the consolidated list (IG FISMA metric 7)

  •   2023-OE-0001-07

    HUD OCIO should consistently implement personnel accountability procedures to ensure that assigned cybersecurity risk management roles are being performed in an effective manner (IG FISMA metric 7).

  •   2023-OE-0001-08

    HUD’s Office of the Chief Financial Officer (OCFO), in coordination with other appropriate program offices, should define and implement a risk-based process to assess and document IT risk management personnel resourcing needs and that those personnel are allocated effectively to support HUD’s risk management program (IG FISMA metric 7).

  •   2023-OE-0001-09

    HUD OCFO, in coordination with other appropriate program offices, should define and implement a process to document and allocate non-personnel risk management resources in a risk-based manner, to include but not limited to funding, processes, and technology (IG FISMA metric 7).

Deputy Secretary

  •   2024-IG-0001-001-A

    We recommend that the Deputy Secretary Develop and execute a detailed plan and timeline for both testing and reporting estimates of improper payments in the PIH-TBRA and PBRA programs in compliance with Federal law and OMB guidance.

Policy Development & Research

  •   2023-OE-0001a-04
    Sensitive

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

Chief Information Officer

  •   2023-OE-0001a-01
    Sensitive

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.