The OIG Office of Evaluation is initiating an evaluation of the U.S. Department of Housing and Urban Development’s (HUD) Public and Indian Housing (PIH) Information Technology (IT) Modernization program. The objectives are to assess the IT Modernization process for Enterprise Voucher Management System (EVMS) and Housing Information Portal (HIP) systems that support key PIH programs.

To assess the operational effectiveness of security controls for selected HUD IT systems or functions.

We performed an audit of Carrington Mortgage’s compliance with Federal Housing Administration (FHA) requirements for foreclosures that started in 2022. Pursuant to the Coronavirus Aid, Relief and Economic Security Act (CARES Act), as extended by the Secretary, from March 18, 2020, through July 31, 2021, there was a pause on new and ongoing foreclosures for FHA single‐family mortgages for homes that remained occupied. We selected...

We performed an audit of MidFirst’s compliance with Federal Housing Administration (FHA) requirements for foreclosures that started in 2022.  Pursuant to the Coronavirus Aid, Relief and Economic Security Act (CARES Act), as extended by the Secretary, from March 18, 2020, through July 31, 2021, there was a pause on new and ongoing foreclosures for FHA single‐family mortgages for homes that remained occupied. We selected MidFirst...

The OIG evaluated the U.S. Department of Housing and Urban Development’s (HUD) progress in applying zero trust security principles to protect personally identifiable information (PII).  HUD maintained a significant number of records that contain PII with limited zero trust controls in place to secure these data.  In FY 2022, HUD established a zero trust implementation plan to help the agency address the five zero trust...

HUD OIG is conducting the Fiscal Year (FY) 2025 evaluation of the HUD's information security (InfoSec) program and practices, as required by the Federal Information Security Modernization Act of 2014 (FISMA). The objectives are to (1) perform an independent evaluation of the effectiveness of HUD’s InfoSec program and practices as required by FISMA; (2) test the effectiveness of HUD’s InfoSec policies, procedures, and practices through...

The OIG evaluated the U.S. Department of Housing and Urban Development (HUD) Office of Housing’s (Housing) progress in applying zero trust security principles to protect personally identifiable information (PII) within the Federal Housing Administration (FHA) Catalyst system.HUD was in the beginning stages of implementing zero trust requirements for the data and identity pillars. HUD Office of Housing systems, including FHA Catalyst,...

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to...

 The Geospatial Data of 2018 (the Act) governs the collection, production, acquisition, maintenance, distribution, use, and preservation of geospatial data of covered agencies, including the U.S. Department of Housing and Urban Development (HUD).  We audited the U.S. Department of Housing and Urban Development’s (HUD) efforts to meet the geospatial data requirements stated in the Act.  The Act requires the Inspector...

We audited the Puerto Rico Housing Finance Authority’s (PRHFA) Homebuyer Assistance Program (HBA), which provides eligible applicants with closing costs and downpayment assistance for the purchase of a primary residence.  The U.S. Department of Housing and Urban Development (HUD) provided its grantee, the Puerto Rico Department of Housing (PRDOH), $495 million in Community Development Block Grant Disaster Recovery funds for HBA...

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to...

HUD OIG is performing this evaluation to assess HUD’s capability to meet privacy and data protection requirements and provide appropriate stakeholders with an understanding of any related potential risks to HUD’s data and the operational mission. The evaluation will also provide HUD an independent assessment of the level of maturity it has reached in developing the data and identify pillars of CISA's zero-trust architecture. The...

HUD OIG is conducting the Fiscal Year (FY) 2024 evaluation of the HUD's information security program and practices, as required by the Federal Information Security Modernization Act of 2014 (FISMA). The objectives are to (1) assess the maturity level of HUD’s InfoSec program and practices based on the annual IG FISMA reporting metrics. The assessment will include 20 core IG metrics that are evaluated annually and group 2 of the...

We performed an audit of loan servicers’ compliance with the Federal Housing Administration’s (FHA) requirements for providing loss mitigation assistance to borrowers after their COVID-19 forbearance ended.  We initiated the audit based on the large number of borrowers exiting forbearance, because the loss mitigation programs available to these borrowers were new and created a risk for both borrowers and the FHA insurance fund...

We audited Nationstar Mortgage, LLC’s (doing business as Mr. Cooper (Nationstar)) compliance with the Federal Housing Administration’s (FHA) requirements for providing loss mitigation assistance to borrowers after their COVID-19 forbearance ended. We concurrently conducted a nationwide audit of servicers’ compliance with the U.S. Department of Housing and Urban Development’s (HUD) COVID-19 loss mitigation requirements (HUD Office of...

We conducted this evaluation to assess the maturity of HUD’s Robotic process automation (RPA) activities and determine whether HUD had implemented related controls to address technology and program management risks.  RPA is a software technology used to emulate human actions on a computer.  RPA software programs, referred to as “bots,” can complete repetitive tasks quickly and consistently, freeing up employees to work on...

We audited the U.S. Department of Housing and Urban Development’s (HUD) efforts to proactively communicate information related to the coronavirus disease of 2019 (COVID-19) to homeowners with Federal Housing Administration (FHA)-insured mortgages.  We initiated this work based on a U.S. Government Accountability Office report that identified helping borrowers understand the protections available to them as a key challenge and...

We audited the U.S. Department of Housing and Urban Development’s (HUD) information technology (IT) infrastructure to support mandatory telework. During mandatory telework, more employees simultaneously needed remote access to HUD’s network and agency resources for an extended period, which presented unique risks and security requirements. While HUD is no longer operating under mandatory telework, understanding the challenges it faced...

HUD OIG is conducting the Fiscal Year (FY) 2023 evaluation of the HUD's information security program and practices, as required by the Federal Information Security Modernization Act of 2014 (FISMA). The objectives are to (1) assess the maturity level of HUD’s IS programs and practices based on the annual IG FISMA reporting metrics. The assessment will include 20 core IG metrics that are evaluated annually and group 1 of the...

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation...