U.S. flag

An official website of the United States government Here’s how you know

The .gov means it’s official.

Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.

The site is secure.

The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Hotline

Crime, Fraud, Waste, and Abuse
December 18, 2025
  • Chief Information Officer
2026-OE-0001
VIEW FULL REPORT

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess the overall effectiveness of the Department of Housing and Urban Development’s information security (InfoSec) program, assess their compliance with Federal guidance, and respond to OMB reporting questions for the fiscal year 2025 annual assessment.  In FY 2025, we assessed HUD at maturity level 3, consistently implemented, for its overall InfoSec program.  HUD has made incremental progress across its InfoSec program and should continue to take steps to improve the security of its IT systems and assets, which will lead to an increase in its FISMA maturity level.  We assessed HUD’s maturity across 25 metrics.  HUD scored 3.13 in the 20 core metrics that we have assessed every year since FY 2022, and it scored 2.67 in the 5 supplemental metrics that were first assessed in FY 2025.