FHA Catalyst Personally Identifiable Information Risk Management in a Zero Trust Environment (2023-OE-0007a) Interim Evaluation Report
The OIG evaluated the U.S. Department of Housing and Urban Development (HUD) Office of Housing’s (Housing) progress in applying zero trust security principles to protect personally identifiable information (PII) within the Federal Housing Administration (FHA) Catalyst system.HUD was in the beginning stages of implementing zero trust requirements for the data and identity pillars. HUD Office of Housing systems, including FHA Catalyst, are…
October 31, 2024
Report
#2023-OE-0007a
HUD FY 2024 Federal Information Security Modernization Act (FISMA) Evaluation Report
The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess the…
October 29, 2024
Report
#2024-OE-0002
HUD FY 2023 Federal Information Security Modernization Act (FISMA) Evaluation Report
The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess the…
January 29, 2024
Report
#2023-OE-0001
HUD’s Robotic Process Automation Program Was Not Efficient or Effective
We conducted this evaluation to assess the maturity of HUD’s Robotic process automation (RPA) activities and determine whether HUD had implemented related controls to address technology and program management risks. RPA is a software technology used to emulate human actions on a computer. RPA software programs, referred to as “bots,” can complete repetitive tasks quickly and consistently, freeing up employees to work on other,…
February 17, 2023
Report
#2021-OE-0007
Assessment of HUD’s IT Infrastructure To Support Extensive Telework
We audited the U.S. Department of Housing and Urban Development’s (HUD) information technology (IT) infrastructure to support mandatory telework. During mandatory telework, more employees simultaneously needed remote access to HUD’s network and agency resources for an extended period, which presented unique risks and security requirements. While HUD is no longer operating under mandatory telework, understanding the challenges it faced is key to…
January 24, 2023
Report
#2023-FO-0008
HUD FY 2022 Federal Information Security Modernization Act (FISMA) Evaluation Report
The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess…
September 30, 2022
Report
#2022-OE-0001
Fiscal Year 2021 Federal Information Security Modernization Act (FISMA) Evaluation Report
The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess…
February 17, 2022
Report
#2021-OE-0001
Fiscal Year 2021 Federal Information Security Modernization Act (FISMA) Evaluation Security Technical Testing Topic Brief
The Federal Information Security Modernization Act of 2014 (FISMA) requires all federal agencies to conduct independent security technical verification testing on a sampling of information systems annually. In conjunction with our fiscal year 2021 FISMA evaluation (2021-OE-0001), we conducted a targeted security testing assessment of sample systems that resulted in a Topic Brief. The objective of this application vulnerability…
February 15, 2022
Topic brief
#2021-OE-0001a
HUD’s Processes for Managing IT Acquisitions
We reviewed the U.S. Department of Housing and Urban Development’s (HUD) ability to effectively complete information technology (IT) acquisitions. HUD’s IT systems and its modernization plans depend heavily on contractors, yet HUD has historically faced significant challenges with implementing effective acquisition processes. Therefore, HUD’s acquisition capacity represents a key potential risk within HUD’s IT environment. We found that a…
November 17, 2021
Report
#2020-OE-0004
2021 Persistent IT Challenges and Issues Facing HUD
The brief provides an update to the original 2018 topic brief, and highlights key challenges faced by HUD in managing and improving its IT program. The brief is not based on new work, but is a summary of 83 reports and 788 recommendations from past HUD OIG and GAO reports. It discusses the present IT environment at HUD, previously identified and new IT-related challenges, and HUD’s efforts and progress in addressing these challenges.…
August 09, 2021
Topic brief
#2021-OE-0004
HUD IT Modernization Roadmap Evaluation Report
We reviewed the U.S. Department of Housing and Urban Development’s (HUD) information technology (IT) modernization roadmap. A significant number of HUD’s mission-essential applications have not been modernized, which presents multiple sources of risk. These applications are hosted on legacy information systems and mainframe platforms, which are operationally inefficient, increasingly difficult to secure, and costly to maintain.…
June 29, 2021
Report
#2021-OE-0003
HUD Fiscal Year 2019 Federal Information Security Modernization Act of 2014 (FISMA) Evaluation Report
The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess…
June 25, 2020
Report
#2019-OE-0002
Telework Impact on HUD’s Operations Due to the COVID-19 Pandemic
This memorandum report summarizes survey and interview results on the impact mandatory telework is having on U.S. Housing and Urban Development’s (HUD) operations. The HUD Office of Inspector General (OIG) conducted surveys and interviews to evaluate HUD’s use of agency-wide telework in response to the novel coronavirus disease of 2019 (COVID-19) pandemic. The study was designed to provide insights into the types of obstacles that impeded HUD…
June 01, 2020
Report
#2020-OE-0006
Fiscal Year 2018 Review of Information Systems Controls in Support of the Financial Statements Audit
We audited information system controls over the U.S. Department of Housing and Urban Development’s (HUD) computing environment. This review was conducted as part of our audit of HUD’s financial statements for fiscal year 2018 under the Chief Financial Officers Act of 1990. Our objective was to assess general controls over HUD’s computing environment for compliance with HUD information technology policies and Federal information…
March 26, 2019
Report
#2019-DP-0004
HUD Fiscal Year 2018 Federal Information Security Modernization Act of 2014 (FISMA) Evaluation Report
The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess…
October 31, 2018
Report
#2018-OE-0003
Fiscal Year 2017 Review of Information Systems Controls in Support of the Financial Statements Audit
We audited information system controls over the U.S. Department of Housing and Urban Development’s (HUD) computing environment. This review was conducted as part of our audit of HUD’s financial statements for fiscal year 2017 under the Chief Financial Officer’s Act of 1990. Our objective was to assess general controls over HUD’s computing environment for compliance with HUD information technology policies and Federal information…
March 07, 2018
Report
#2018-DP-0003
Topic Brief: Persistent IT Challenges and Issues facing HUD
This briefing paper highlights challenges the Department of Housing and Urban Development (HUD) faces in managing and improving its Information Technology (IT) program. This document analyzed past HUD OIG and GAO IT related reports and recommendations to highlight key management challenges in HUD’s IT program. We are highlighting these challenges so HUD leadership is aware of and can be better prepared to address them.
The OIG has…
January 07, 2018
Report
#2017-OE-0010
HUD Fiscal Year 2017 Federal Information Security Modernization Act Of 2014 (FISMA) Evaluation Report
The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess…
October 30, 2017
Report
#2017-OE-0007
HUD Web Application Security Evaluation Report
Enforce the requirement for all HUD web applications and services to be approved and authorized by OCIO. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
Corrective Action Taken
In January 2023, HUD's Office of the Chief Information Officer developed and released a Web Applications Directive to all HUD program…
July 05, 2017
Report
#2016-OE-0002
Federal Information Security Modernization Act (FISMA) Fiscal Year 2016 Evaluation Report
The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess…
November 09, 2016
Report
#2016-OE-0006