Assessing PHAs Controls for Preventing and Combating Source of Income Discrimination
HUD OIG is auditing public housing authorities' controls over source of income discrimination. As of February 2023, 20 states have passed laws prohibiting discrimination against voucher holders by officially designing source of income as a protected class. The audit objective is to assess the Read More
February 01, 2024
Work Start Notification
#BO 24 0005
Local Non-Profit Director Charged in Pernicious “Deed Fraud” Scheme Targeting Low Income Detroiters
DETROIT – Zina Thomas, 60, of Detroit was charged in a criminal complaint filed in United States District Court for her role orchestrating a fraud scheme that stole houses from dozens of Detroit residents, announced United States Attorney Dawn N. Ison.Ison was joined in the announcement by Special Read More
February 28, 2024
News
Press Release
FY 2023 FISMA
HUD OCIO should implement a process to consistently update and maintain its inventory of hardware assets and ensure that the inventory is consistent with the automated discovery scans used to perform vulnerability, configurations, and continuous diagnostics and mitigation scans and use this Read More
Open Recommendation
FY 2023 FISMA
HUD OCIO should report at least 80 percent of its government-furnished equipment through the DHS CDM program (IG FISMA metric 2).
Open Recommendation
FY 2023 FISMA
HUD OCIO should implement a process to consistently update and maintain its inventory of software assets and ensure that the inventory is consistent with the automated discovery scans used to perform vulnerability, configurations, and continuous diagnostics and mitigation scans and use this Read More
Open Recommendation
FY 2023 FISMA
HUD OCIO should update its software inventory policies and procedures to account for critical software as defined by EO 14028 (IG FISMA metrics 3 and 21).
Open Recommendation
FY 2023 FISMA
HUD OCIO should implement policies and procedures to maintain inventories of critical software and software licenses, critical software platforms, and all software installed on critical software platforms (both critical software and noncritical software) and use the inventory of critical software Read More
Open Recommendation
FY 2023 FISMA
HUD OCIO should in coordination with the Chief Risk Officer (CRO), document cybersecurity risk management roles and responsibilities in a consolidated list and; define procedures to hold personnel accountable to their assigned roles in the consolidated list (IG FISMA metric 7)
Open Recommendation
FY 2023 FISMA
HUD OCIO should consistently implement personnel accountability procedures to ensure that assigned cybersecurity risk management roles are being performed in an effective manner (IG FISMA metric 7).
Open Recommendation
FY 2023 FISMA
HUD’s Office of the Chief Financial Officer (OCFO), in coordination with other appropriate program offices, should define and implement a risk-based process to assess and document IT risk management personnel resourcing needs and that those personnel are allocated effectively to support HUD’s risk Read More
Open Recommendation
FY 2023 FISMA
HUD OCFO, in coordination with other appropriate program offices, should define and implement a process to document and allocate non-personnel risk management resources in a risk-based manner, to include but not limited to funding, processes, and technology (IG FISMA metric 7).
Open Recommendation
FY 2023 FISMA
HUD OCIO should ensure that external systems, such as cloud systems and cloud service providers, have and maintain configuration management plans that are consistent with HUD’s defined configuration management requirements (IG FISMA metric 19).
Open Recommendation
FY 2023 FISMA
HUD OCIO should define and implement metrics to monitor the effectiveness of ICAM program activities and assist in identifying areas for improvement (IG FISMA metric 26).
Open Recommendation
FY 2023 FISMA
HUD OCIO should develop a comprehensive ICAM policy, strategy, process, and technology solution roadmap, including milestones, budget estimates, and appropriate technology solution details (IG FISMA metric 27). This recommendation replaces FY 2020 FISMA recommendation 11.
Open Recommendation
FY 2023 FISMA
HUD OCIO should define policies and guidance for the use of system-specific access agreements (IG FISMA metric 29).
Open Recommendation
FY 2023 FISMA
HUD OCIO should develop a plan that includes milestones and funding requirements for implementing phishing-resistant MFA for all users in alignment with Federal requirements (IG FISMA metrics 30 and 31).
Open Recommendation
FY 2023 FISMA
HUD OCIO, in coordination with other appropriate HUD offices, should define and communicate policies and procedures for use of MFA at HUD facilities (IG FISMA metrics 30 and 31).
Open Recommendation
FY 2023 FISMA
HUD OCIO should implement procedures to ensure that digital identity risk assessments have been performed and documented in accordance with HUD’s defined procedures and Federal guidelines (IG FISMA metrics 30 and 31).
Open Recommendation
FY 2023 FISMA
HUD OCIO should define a plan to meet the logging requirements at all event logging maturity levels (basic, intermediate, advanced) in accordance with OMB M-21-31. This plan should include logging sufficient to allow for reviewing privileged user activities (IG FISMA metrics 32 and 54).
Open Recommendation
FY 2023 FISMA
HUD OCIO should develop and implement monitoring and enforcement procedures to ensure that non-GFE devices (for example, BYOD), such as those owned by contractors or HUD employees, are either: (a) prohibited from connecting to the HUD network; or (b) properly authorized and configured before Read More
Open Recommendation