U.S. flag

An official website of the United States government Here’s how you know

The .gov means it’s official.

Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.

The site is secure.

The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Hotline

Report Fraud, Waste and Abuse
December 11, 2024
2024-OE-0002a

The U.S. Department of Housing and Urban Development (HUD) Office of Inspector General (OIG) conducted penetration testing concurrently with our fiscal year 2024 Federal Information Security Modernization Act of 2014 (FISMA) evaluation. The objective of the penetration testing evaluation was to test the technical implementation of a limited set of security controls for a selection of HUD information systems and applications: the Office of Housing’s Federal Housing Administration Catalyst system, the Office of the Chief Financial Officer’s Line of Credit Control System (LOCCS), the Office of Community Planning and Development’s Disaster Recovery Grant Reporting (DRGR) system, and the Office of Public and Indian Housing’s National Standards for the Physical Inspection of Real Estate (NSPIRE) system.

Our assessment identified nine significant weaknesses related to data protection and website security, underscoring the need to strengthen technical security controls.  To address these findings, we provide 13 new recommendations, which will be formally tracked by our office, and 7 opportunities for improvement.  These recommendations are designed to enhance HUD’s IT security posture by preventing unauthorized data access, ensuring the integrity and confidentiality of sensitive information, and protecting against web-based threats.

OIG has determined that this report contains sensitive information and is therefore not appropriate for public disclosure.