Search
Fiscal Year 2021 Federal Information Security Modernization Act (FISMA) Evaluation Report
The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to…
February 17, 2022
Report
#2021-OE-0001
Fiscal Year 2021 Federal Information Security Modernization Act (FISMA) Evaluation Security Technical Testing Topic Brief
The Federal Information Security Modernization Act of 2014 (FISMA) requires all federal agencies to conduct independent security technical verification testing on a sampling of information systems annually. In conjunction with our fiscal year 2021 FISMA evaluation (2021-OE-0001), we conducted a targeted security testing assessment of sample systems that resulted in a Topic Brief. The objective of this application vulnerability…
February 15, 2022
Topic Brief
#2021-OE-0001a
Delays in Federal Housing Administration Catalyst’s Development
In February 2021, the Office of the Chief Information Officer (OCIO) identified funding risks with the development contract under which HUD contracted for Federal Housing Administration (FHA) Catalyst’s development. In response, HUD officials took steps to slow FHA Catalyst spending on the contract while awaiting approval for additional contract funds. Despite efforts to slow project spending, it was not enough to prevent funding…
November 17, 2021
Memorandum
#2021-OE-0003a
HUD’s Processes for Managing IT Acquisitions
We reviewed the U.S. Department of Housing and Urban Development’s (HUD) ability to effectively complete information technology (IT) acquisitions. HUD’s IT systems and its modernization plans depend heavily on contractors, yet HUD has historically faced significant challenges with implementing effective acquisition processes. Therefore, HUD’s acquisition capacity represents a key potential risk within HUD’s IT environment. We found…
November 17, 2021
Report
#2020-OE-0004
Lessons Learned and Key Considerations From Prior Audits and Evaluations of the CDBG Disaster Recovery Program
On March 27, 2020, the Coronavirus Aid, Relief, and Economic Security (CARES) Act made available $5 billion in supplemental CDBG funding for grants to prevent, prepare for, and respond to the coronavirus pandemic (CDBG-CV grants). Because of similarities, we reviewed 132 CDBG-DR program audits and evaluations issued from May 2002 to March 2020 to summarize the common CDBG-DR program weaknesses and risks for CPD to consider to help its…
November 02, 2021
Memorandum
#2022-FW-0801