The OIG Office of Evaluation is initiating an evaluation of the U.S. Department of Housing and Urban Development’s (HUD) Public and Indian Housing (PIH) Information Technology (IT) Modernization program. The objectives are to assess the IT Modernization process for Enterprise Voucher Management System (EVMS) and Housing Information Portal (HIP) systems that support key PIH programs.

To assess the operational effectiveness of security controls for selected HUD IT systems or functions.

The OIG evaluated the U.S. Department of Housing and Urban Development’s (HUD) progress in applying zero trust security principles to protect personally identifiable information (PII).  HUD maintained a significant number of records that contain PII with limited zero trust controls in place to secure these data.  In FY 2022, HUD established a zero trust implementation plan to help the agency address the five zero trust...

HUD OIG is conducting the Fiscal Year (FY) 2025 evaluation of the HUD's information security (InfoSec) program and practices, as required by the Federal Information Security Modernization Act of 2014 (FISMA). The objectives are to (1) perform an independent evaluation of the effectiveness of HUD’s InfoSec program and practices as required by FISMA; (2) test the effectiveness of HUD’s InfoSec policies, procedures, and practices through...

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to...

HUD OIG is performing this evaluation to assess HUD’s capability to meet privacy and data protection requirements and provide appropriate stakeholders with an understanding of any related potential risks to HUD’s data and the operational mission. The evaluation will also provide HUD an independent assessment of the level of maturity it has reached in developing the data and identify pillars of CISA's zero-trust architecture. The...

HUD OIG is conducting the Fiscal Year (FY) 2024 evaluation of the HUD's information security program and practices, as required by the Federal Information Security Modernization Act of 2014 (FISMA). The objectives are to (1) assess the maturity level of HUD’s InfoSec program and practices based on the annual IG FISMA reporting metrics. The assessment will include 20 core IG metrics that are evaluated annually and group 2 of the...

HUD OIG is conducting the Fiscal Year (FY) 2023 evaluation of the HUD's information security program and practices, as required by the Federal Information Security Modernization Act of 2014 (FISMA). The objectives are to (1) assess the maturity level of HUD’s IS programs and practices based on the annual IG FISMA reporting metrics. The assessment will include 20 core IG metrics that are evaluated annually and group 1 of the...

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation...

We audited the U.S. Department of Housing and Urban Development’s (HUD) efforts to meet the Geospatial Data Act of 2018 (the Act).Our audit objective was to determine whether HUD met the 13 responsibilities stated in the Act with regard to its collection, production, acquisition, maintenance, distribution, use, and preservation of geospatial data.  The Act also generally requires covered agencies provide access to geospatial data...

HUD OIG is conducting the Fiscal Year (FY) 2022 evaluation of the HUD's information security program and practices, as required by the Federal Information Security Modernization Act (FISMA) of 2014. The objectives are to (1) assess the maturity level of HUD's information security policies and procedures, (2) prepare responses for the core Inspector General (IG) FISMA reporting metrics, and (3) test and verify the technical...

We will review HUD OCIO’s most recent IT modernization roadmap and strategy along with any other supporting documentation HUD can provide regarding modernization progress and milestones. Specifically, we will identify the various ongoing modernization projects within the roadmap and obtain documentation about the status of the individual projects. We will interview HUD officials knowledgeable about HUD’s modernization plans to confirm...

To provide the HUD Secretary, senior leadership and Congress with an overview of the current status of Information Technology (IT) at HUD, the challenges they have overcome since the first 2018 IT Brief and the challenges they continue to face.

In accordance with the mandated work in FISMA, we are conducting the annual evaluation of information security practices, policies, and procedures established by HUD and the HUD Office of the Chief Information Officer. As part of the evaluation, we will also review 8 sample systems within 7 HUD program offices. Two products will result from our work; the mandated DHS CyberScope FISMA IG metrics report and a narrative report.

In accordance with the mandated work in FISMA, we are conducting the annual evaluation of information security practices, policies, and procedures established by HUD and the HUD Office of the Chief Information Officer. As part of the evaluation, we will also review 8 sample systems within 7 HUD program offices. Two products will result from our work; the mandated DHS CyberScope FISMA IG metrics report and a narrative report.