U.S. flag

An official website of the United States government Here’s how you know

The .gov means it’s official.

Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.

The site is secure.

The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Hotline

Report Fraud, Waste and Abuse
March 24, 2011
2011-DP-0006
ig11d0006.pdf

We audited the U.S. Department of Housing and Urban Development’s (HUD) controls over selected configuration management (CM) activities. This audit was based on work performed during our fiscal year 2009 and 2010 reviews of information system security controls in support of the annual financial statement audits. During those audits, we identified weaknesses in security controls over selected CM activities. HUD had processes and procedures for managing the configurations of systems in HUD’s computing environment. However, those procedures were not always followed. Specifically, (1) CM documentation for the eTravel and Integrated Disbursement and Information System (IDIS) Online systems was outdated, and (2) HUD did not consistently follow its own Configuration Change Management Board (CCMB) review and approval process.

We recommended that both the Office of the Chief Financial Officer and the Assistant Secretary for Community Planning and Development update their CM plans and ensure that contractor support staff reviews application CM documentation at least annually and updates the documentation when changes occur. We also recommended that the Office of the Chief Information Officer ensure that all products running on the HUD information technology infrastructure are CCMB approved and that products selected for pilot testing are CCMB approved before conducting the tests.