The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

Define and communicate policies and procedures to ensure that its products, system components, systems, and services comply with its cybersecurity and SCRM requirements. This recommendation includes:

• Identification and prioritization of externally provided systems (new and legacy), components, and services.
• How HUD maintains awareness of its upstream suppliers.
• The integration of acquisition processes tools, and techniques to use the acquisition process to protect the supply chain.
• Contract tools or procurement methods to confirm that contractors are meeting their obligations (derived from OIG FISMA metric 14).

Status

The Office of the Chief Information Officer (OCIO) estimated it would complete corrective action for this recommendation by August 2023. In May 2024, HUD OIG reviewed the OCIO progress in closing this recommendation as part of the FY 2024 FISMA evaluation. At that time, OCIO provided its draft SCRM Policy, draft SCRM Procedures, final SCRMES Charter, and a SCRM Technical Roadmap. Additionally, HUD provided agency-specific clauses. As of January 2025, HUD has not issued finalized SCRM policies and procedures.

Analysis

To fully address this recommendation, HUD must establish that it has defined and communicated policies and procedures to ensure that its products, system components, systems, and services comply with its cybersecurity and SCRM requirements.

Implementation of this recommendation will result in HUD continuing to mature in supply chain risk management, establishing and defining the policies and procedures of SCRM requirements as they relate to systems and system components.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

We recommend that HUD’s Deputy Assistant Secretary for Public Housing and Voucher Programs conduct additional outreach efforts to educate tenants and PHAs on their rights and responsibilities related to requests for reasonable accommodation, including technical assistance, webinars, and external communications to inform PHAs about their responsibilities and how to evaluate requests for reasonable accommodation, and help families understand their rights.

Adequately support the eligibility of payroll costs or repay its CoC grants $824,302 from non-Federal funds.

Adequately support the eligibility of rent costs or repay its CoC grants $55,545 from non-Federal funds.

Develop and implement additional written procedures and controls to ensure that employees charge time in accordance with program requirements and that the Authority fully documents and supports that salary and rental cost allocations are charged to its CoC grants in accordance with its cost allocation plan.

Develop and implement a plan to use available asset repositioning options for the remaining 284 public housing units at the Commodore Perry Homes development, including 274 dwelling units and 10 nondwelling units.

Develop and implement a plan for the original property related to the 46 units converted under the RAD transfer of assistance option to ensure that the property and proceeds from its disposition are used in accordance with requirements.

Develop and implement written policies and procedures regarding the designation of legal representation for applicants.

Establish a reasonable timeframe for grantees to resolve DRGR flags or at a minimum, if a flag cannot be resolved within the established timeframe, have the grantee provide a remediating comment explaining why the flag could not be resolved and a proposed timeline for resolution.