U.S. flag

An official website of the United States government Here’s how you know

The .gov means it’s official.

Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.

The site is secure.

The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Document
Document

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess the overall effectiveness of the Department of Housing and Urban Development’s information security program, assess their compliance with Federal guidance, and respond to OMB reporting questions for the fiscal year 2019 annual assessment.

The OIG has determined that the contents of this report would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.  Please contact the Office of Evaluation at [email protected] to request a copy of this report.

Recommendation Status Date Issued Summary
2019-OE-0002-01 Closed June 24, 2020 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2019-OE-0002-02 Closed June 24, 2020 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2019-OE-0002-03 Closed June 24, 2020 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2019-OE-0002-04 Open June 24, 2020 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2019-OE-0002-05 Closed June 24, 2020 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2019-OE-0002-06 Closed June 24, 2020 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2019-OE-0002-07 Open June 24, 2020

Update software configuration management procedures to require program offices to report on resources, such as people and technology, for information system configuration management activities in a risk-based manner. This recommendation updates FY 2018 recommendation number 5a due to a change in criteria (derived from OIG FISMA metric 14).

2019-OE-0002-08 Closed June 24, 2020 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2019-OE-0002-09 Open June 24, 2020 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2019-OE-0002-10 Closed June 24, 2020 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2019-OE-0002-11 Open June 24, 2020 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2019-OE-0002-12 Closed June 24, 2020 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2019-OE-0002-13 Closed June 24, 2020 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2019-OE-0002-14 Open June 24, 2020 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2019-OE-0002-15 Closed June 24, 2020 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2019-OE-0002-16 Open June 24, 2020

Fully implement the capability for the HUD [Security Operation Center] to monitor all inbound and outbound traffic and all HUD network devices.


Status

As of October 2023, the Office of the Chief Information Officer stated that this is one of their recommendations that they do not believe they can achieve at this time. OIG reviews this recommendation annually as part of our Federal Information Security Modernization Act evaluations.


Analysis

To fully address this recommendation, HUD must provide evidence that it has finished developing and implementing procedures for the capability to monitor all inbound and outbound traffic and implement a central monitoring capability. HUD OIG will assess this recommendation during the FY 2024 FISMA evaluation (fieldwork from March – May 2024).

Implementation of this recommendation will result in an enterprise-wide monitoring capability to detect and respond to potential malicious activity on all HUD network devices.

2019-OE-0002-17 Closed June 24, 2020 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2019-OE-0002-18 Open June 24, 2020 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2019-OE-0002-19 Closed June 24, 2020 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2019-OE-0002-20 Closed June 24, 2020 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2019-OE-0002-21 Closed June 24, 2020 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2019-OE-0002-22 Closed June 24, 2020 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2019-OE-0002-23 Closed June 24, 2020 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2019-OE-0002-24 Closed June 24, 2020 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2019-OE-0002-25 Closed June 24, 2020 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2019-OE-0002-26 Closed June 24, 2020 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.