Implement adequate procedures and controls to ensure that inspection reports are uploaded to the Authority’s electronic filing system and work orders are created in a timely manner. This process should include but not be limited to providing training to its staff on the Authority’s systems, establishing timeframes for the creation of work orders, and monitoring the work order process.

Provide evidence to support that the Authority corrected the 3 non-life-threatening health and safety, and 19 non-health and safety deficiencies.

Develop and implement adequate procedures and controls to ensure that (1) the deficiencies identified during REAC inspections are corrected in a timely manner and (2) documentation is maintained to support that repairs were made.

Implement adequate controls to ensure that the Authority’s information system properly tracks the completion of work orders.

Implement adequate controls to ensure that the correction of life-threatening deficiencies is reported to HUD accurately and in a timely manner.

HUD OCIO should identify needs to address Federal requirements by performing a gap analysis on its zero trust architecture strategic plan.

HUD OCIO should establish a zero trust architecture implementation plan that includes milestones and resources to address all zero trust pillars.

HUD OCIO should develop system policies and procedures for dynamic access controls that include just-in-time and just-enough access tailored to individual actions and individual resource needs.

HUD OCIO should capture risks that are associated with zero trust architecture implementation and document these risks in its risk register.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.