The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
Publication Report
2019-OE-0002 | June 25, 2020
HUD Fiscal Year 2019 Federal Information Security Modernization Act of 2014 (FISMA) Evaluation Report
The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget… moreRelated Recommendations
Chief Information Officer
  
  - Status2019-OE-0002-01OpenClosedClosed on September 16, 2021SensitiveSensitiveSensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. 
- Status2019-OE-0002-02OpenClosedClosed on December 31, 2020SensitiveSensitiveSensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. 
- Status2019-OE-0002-04OpenClosedClosed on July 19, 2024SensitiveSensitiveSensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. 
- Status2019-OE-0002-05OpenClosedClosed on February 02, 2022SensitiveSensitiveSensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. 
- Status2019-OE-0002-07OpenClosedSensitiveSensitiveSensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. 
- Status2019-OE-0002-08OpenClosedClosed on November 18, 2021SensitiveSensitiveSensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. 
- Status2019-OE-0002-09OpenClosedSensitiveSensitiveSensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. 
- Status2019-OE-0002-10OpenClosedClosed on September 16, 2021SensitiveSensitiveSensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. 
- Status2019-OE-0002-11OpenClosedClosed on July 30, 2025SensitiveSensitiveSensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. 
- Status2019-OE-0002-12OpenClosedClosed on October 01, 2021SensitiveSensitiveSensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. 
- Status2019-OE-0002-13OpenClosedClosed on November 18, 2021SensitiveSensitiveSensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. 
- Status2019-OE-0002-14OpenClosedClosed on August 26, 2024SensitiveSensitiveSensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. 
- Status2019-OE-0002-15OpenClosedClosed on March 10, 2022SensitiveSensitiveSensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. 
- Status2019-OE-0002-16OpenClosedClosed on August 26, 2024SensitiveSensitiveSensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure. PriorityPriorityWe believe these open recommendations, if implemented, will have the greatest impact on helping HUD achieve its mission to create strong, sustainable, inclusive communities and quality affordable homes for all. In April 2024, HUD OIG met with HUD OCIO to discuss progress and requirements for closure of this recommendation. In addition, OIG reviewed this recommendation as part of the annual FY 2024 FISMA evaluation in April 2024 and learned from HUD OCIO that that there would be a procedure update that would implement the ingestion and monitoring of all inbound and outbound traffic. The OIG requested to be provided with these procedures when finalized and evidence of implementation on May 1, 2024. 
 Corrective Action Taken HUD OCIO updated its Cybersecurity Incident Response Plan and developed more detection and protection mechanisms to monitor network traffic in its IT environment. These mechanisms include anti-malware agents, data loss prevention, endpoint detection and response, firewalls, and intrusion detection and prevention systems. HUD’s SOC also developed standard operating procedures and playbooks for abnormal traffic alerts triggered by the above tools that are posted internally for SOC personnel to utilize. Addressing this recommendation resulted in improvement of HUD’s networking monitoring process by enhancing visibility into network traffic. It also increased HUD’s incident response program capabilities by ensuring that HUD has a plan to monitor traffic and better detect and respond to security incidents. As part of our regular Federal Information Security Act of 2014 (FISMA) assessments, HUD OIG will continue to assess HUD’s incident response effectiveness and threat detection to ensure HUD addresses new and evolving threats. 
- Status2019-OE-0002-17OpenClosedClosed on March 23, 2021SensitiveSensitiveSensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. 
- Status2019-OE-0002-18OpenClosedClosed on July 19, 2024SensitiveSensitiveSensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. 
- Status2019-OE-0002-19OpenClosedClosed on July 01, 2021SensitiveSensitiveSensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. 
- Status2019-OE-0002-20OpenClosedClosed on February 10, 2022SensitiveSensitiveSensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. 
- Status2019-OE-0002-21OpenClosedClosed on January 19, 2021SensitiveSensitiveSensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. 
- Status2019-OE-0002-22OpenClosedClosed on January 19, 2021SensitiveSensitiveSensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. 
- Status2019-OE-0002-23OpenClosedClosed on December 09, 2021SensitiveSensitiveSensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. 
- Status2019-OE-0002-24OpenClosedClosed on August 18, 2022SensitiveSensitiveSensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. 
- Status2019-OE-0002-26OpenClosedClosed on October 04, 2022SensitiveSensitiveSensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. 
Chief Financial Officer
  
  - Status2019-OE-0002-03OpenClosedClosed on January 17, 2023SensitiveSensitiveSensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. 
- Status2019-OE-0002-06OpenClosedClosed on January 10, 2023SensitiveSensitiveSensitive information refers to information that could have a damaging import if released to the public and, therefore, must be restricted from public disclosure. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. 
 
                   
                  