FY 2023 FISMA Penetration Test
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
FY 2023 FISMA Penetration Test
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
FY 2023 FISMA Penetration Test
The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
Opportunities Exist To Improve HUD's FHA Resource Center's Routing of Housing Discrimination Inquiries
We recommend that HUD’s Deputy Assistant Secretary for Single Family Housing update policies and procedures regarding discrimination complaints to ensure consistency among customer service representatives in rerouting these complaints to FHEO.
Opportunities Exist To Improve HUD's FHA Resource Center's Routing of Housing Discrimination Inquiries
We recommend that HUD’s Deputy Assistant Secretary for Single Family Housing ensure that the FHA Resource Center updates its training program to ensure that refresher training on housing discrimination is regularly provided to staff (such as monthly, quarterly, semiannually, etc.).
CPD Could Improve the Timing of Delivery of Disaster Recovery Funding
We recommend that the Director of Disaster Recovery collect and record the number of days that it or other entities take to complete each milestone in the grant process.
CPD Could Improve the Timing of Delivery of Disaster Recovery Funding
We recommend that the Director of Disaster Recovery establish timing benchmarks for the milestones at each significant step in the allocation and award process based on actual data accumulated for the various grants.
CPD Could Improve the Timing of Delivery of Disaster Recovery Funding
We recommend that the Director of Disaster Recovery take steps to ensure that the milestone point of allocation is formally defined and documented, to allow for accurate tracking of compliance with requirements.
FY 2023 FISMA
HUD OCIO should implement a process to consistently update and maintain its inventory of hardware assets and ensure that the inventory is consistent with the automated discovery scans used to perform vulnerability, configurations, and continuous diagnostics and mitigation scans and use this inventory to consistently remove unauthorized hardware assets from the HUD network (IG FISMA metrics 2, 20, and 21).
FY 2023 FISMA
HUD OCIO should report at least 80 percent of its government-furnished equipment through the DHS CDM program (IG FISMA metric 2).
FY 2023 FISMA
HUD OCIO should implement a process to consistently update and maintain its inventory of software assets and ensure that the inventory is consistent with the automated discovery scans used to perform vulnerability, configurations, and continuous diagnostics and mitigation scans and use this inventory to consistently remove unauthorized software assets from the HUD network (IG FISMA metrics 2, 20, and 21).
FY 2023 FISMA
HUD OCIO should update its software inventory policies and procedures to account for critical software as defined by EO 14028 (IG FISMA metrics 3 and 21).
FY 2023 FISMA
HUD OCIO should implement policies and procedures to maintain inventories of critical software and software licenses, critical software platforms, and all software installed on critical software platforms (both critical software and noncritical software) and use the inventory of critical software platforms and all software installed on them to ensure that only supported versions of software are used on those critical software platforms (IG…
FY 2023 FISMA
HUD OCIO should in coordination with the Chief Risk Officer (CRO), document cybersecurity risk management roles and responsibilities in a consolidated list and; define procedures to hold personnel accountable to their assigned roles in the consolidated list (IG FISMA metric 7)
FY 2023 FISMA
HUD OCIO should consistently implement personnel accountability procedures to ensure that assigned cybersecurity risk management roles are being performed in an effective manner (IG FISMA metric 7).
FY 2023 FISMA
HUD’s Office of the Chief Financial Officer (OCFO), in coordination with other appropriate program offices, should define and implement a risk-based process to assess and document IT risk management personnel resourcing needs and that those personnel are allocated effectively to support HUD’s risk management program (IG FISMA metric 7).
FY 2023 FISMA
HUD OCFO, in coordination with other appropriate program offices, should define and implement a process to document and allocate non-personnel risk management resources in a risk-based manner, to include but not limited to funding, processes, and technology (IG FISMA metric 7).
FY 2023 FISMA
HUD OCIO should ensure that external systems, such as cloud systems and cloud service providers, have and maintain configuration management plans that are consistent with HUD’s defined configuration management requirements (IG FISMA metric 19).
FY 2023 FISMA
HUD OCIO should define and implement metrics to monitor the effectiveness of ICAM program activities and assist in identifying areas for improvement (IG FISMA metric 26).
FY 2023 FISMA
HUD OCIO should develop a comprehensive ICAM policy, strategy, process, and technology solution roadmap, including milestones, budget estimates, and appropriate technology solution details (IG FISMA metric 27). This recommendation replaces FY 2020 FISMA recommendation 11.