U.S. flag

An official website of the United States government Here’s how you know

The .gov means it’s official.

Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.

The site is secure.

The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Document
Document

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess the overall effectiveness of the Department of Housing and Urban Development’s information security program, assess their compliance with Federal guidance, and respond to OMB reporting questions for the fiscal year 2019 annual assessment.

The OIG has determined that the contents of this report would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.  Please contact the Office of Evaluation at [email protected] to request a copy of this report.

Recommendations

Chief Information Officer

  •   2019-OE-0002-01
    Sensitive

    Closed on September 16, 2021

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •   2019-OE-0002-02
    Sensitive

    Closed on December 31, 2020

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •   2019-OE-0002-04
    Sensitive

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •   2019-OE-0002-05
    Sensitive

    Closed on February 02, 2022

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •   2019-OE-0002-07
    Sensitive

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •   2019-OE-0002-08
    Sensitive

    Closed on November 18, 2021

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •   2019-OE-0002-09
    Sensitive

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •   2019-OE-0002-10
    Sensitive

    Closed on September 16, 2021

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •   2019-OE-0002-11
    Sensitive

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •   2019-OE-0002-12
    Sensitive

    Closed on October 01, 2021

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •   2019-OE-0002-13
    Sensitive

    Closed on November 18, 2021

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •   2019-OE-0002-14
    Sensitive

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •   2019-OE-0002-15
    Sensitive

    Closed on March 10, 2022

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •   2019-OE-0002-16
    Sensitive
    Priority

    Fully implement the capability for the HUD [Security Operation Center] to monitor all inbound and outbound traffic and all HUD network devices.


    Status

    As of April 2024, the Office of the Chief Information Officer was updating its procedure implementing the ingestion and monitoring of all inbound and outbound traffic. Additionally, OIG is assessing HUD’s progress in closing this recommendation as part of the ongoing FY 2024 FISMA evaluation. The Office of the Chief Information Officer has previously stated that this recommendation will take time to implement and has not provided a target date for completion.


    Analysis

    To fully address this recommendation, HUD OCIO must provide the finalized procedure to ingest and monitor all inbound and outbound traffic on the network and provide evidence it has been implemented.

    Implementation of this recommendation will provide a key capability to protect the network and HUD's assets and data will be achieved.

  •   2019-OE-0002-17
    Sensitive

    Closed on March 23, 2021

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •   2019-OE-0002-18
    Sensitive

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •   2019-OE-0002-19
    Sensitive

    Closed on July 01, 2021

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •   2019-OE-0002-20
    Sensitive

    Closed on February 10, 2022

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •   2019-OE-0002-21
    Sensitive

    Closed on January 19, 2021

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •   2019-OE-0002-22
    Sensitive

    Closed on January 19, 2021

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •   2019-OE-0002-23
    Sensitive

    Closed on December 09, 2021

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •   2019-OE-0002-24
    Sensitive

    Closed on August 18, 2022

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •   2019-OE-0002-25
    Sensitive

    Closed on February 10, 2022

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •   2019-OE-0002-26
    Sensitive

    Closed on October 04, 2022

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

Chief Financial Officer

  •   2019-OE-0002-03
    Sensitive

    Closed on January 17, 2023

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

  •   2019-OE-0002-06
    Sensitive

    Closed on January 10, 2023

    The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.