Update applicable requirements to require assisted property owners, including PHAs, to maintain adequate documentation to support their determinations that maintenance and hazard reduction activities that disturb surfaces with lead-based paint qualify for the de minimis exemption from the lead-safe work practices under the Lead Safe Housing Rule.

Status

To address this recommendation, OLHCHH agreed to:

• Issue a notice to assisted target housing owners and public housing agencies on the de minimis exception citing the correct application of the de minimis threshold; describing appropriate documentation methods for the application of the de minimis threshold; and recommendations of best practices for documenting applications.
• Collect additional data regarding the use of the de minimis threshold, including information on how private and public housing owners: (a) determine how much paint in target housing will be disturbed during a maintenance or rehabilitation project; (b) use the paint disturbance area information; (c) monitor the amount of paint disturbed in projects that are designed to disturb de minimis amounts of paint in target housing.
• Design and conduct webinars, including at least one for each program office’s major categories of stakeholders on requirements and best practices pertaining to the de minimis exception under the Lead Safe Housing Rule and its implementation; record the webinars on the HUD website (e.g., on HUD Exchange) for future viewing by stakeholders; and conduct outreach promoting the webinars

The Office of Lead Hazard Control and Healthy Homes had drafted guidance on the de minimis exception to the Lead Safe Housing Rule for PIH, Multifamily Housing, and CPD and submitted it through the clearance process on September 26, 2024, with an October 9, 2024, due date. Through October 17, six concurring comments were received as was one non-concurring comment. The OLHCHH continues to revise the draft guidance in consideration of the comments. In May 2023, HUD published a final rule establishing a new approach to defining and assessing housing quality: The National Standards for the Physical Inspection of Real Estate. Public Housing regulations were amended, and Public Housing program participants were required to comply with this final rule and use the NSPIRE standards starting July 1, 2023. The Real Estate Assessment Center and Office of Field Operations will collaborate with the Office of Lead Hazard Control and Healthy Homes, the Office of Policy Development and Research, and a statistician to evaluate data collected under the NSPIRE inspection program to estimate the number of public housing developments and associated units that contain lead-based paint and lead-based paint hazards. As of November 2024, PIH reported that inspections have had a slow start due to procurement delays. Additionally, the NSPIRE system did not get the requested functionality to collect lead inspections. The final action target date is March 31, 2025.

Analysis

To implement this recommendation, HUD needs to provide evidence that it has implemented the three actions OLHCHH agreed to complete.

Implementation of this recommendation and associated corrective actions will ensure assisted property owners are sufficiently informed regarding the requirements to support their determinations that maintenance and hazard reduction activities that disturb surfaces with lead-based paint qualify for the de minimis exemption from the lead-safe work practices under the Lead Safe Housing Rule and that assisted property owners are conducting this work safely, thereby ensuring households are residing in safe and healthy HUD-assisted housing.

HUD OCIO should implement procedures to ensure that information in cybersecurity risk registers is obtained accurately, consistently, and in a reproducible format and is used to a. quantify and aggregate security risks, b. normalize cybersecurity risk information across organizational units, and c. prioritize operational risk response (derived from metric 5).

HUD OCIO and the HUD Chief Risk Officer should coordinate to implement procedures to monitor the effectiveness of cybersecurity risk responses to ensure that risk tolerances are maintained at an appropriate level (derived from metric 5).

HUD OCIO and the Office of Administration should implement procedures to ensure proper validation of media sanitization in accordance with HUD Media Protection Procedures 2.0 (February 2022) and form HUD 1067A, Certification of Sanitization (derived from metric 36).

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

HUD OCIO should ensure that system owners and information system security officers consistently test their ISCPs and upload the test results to CSAM in accordance with HUD’s defined ISCP testing policy (derived from metric 63).

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

Define and communicate policies and procedures to ensure that its products, system components, systems, and services comply with its cybersecurity and SCRM requirements. This recommendation includes:

• Identification and prioritization of externally provided systems (new and legacy), components, and services.
• How HUD maintains awareness of its upstream suppliers.
• The integration of acquisition processes tools, and techniques to use the acquisition process to protect the supply chain.
• Contract tools or procurement methods to confirm that contractors are meeting their obligations (derived from OIG FISMA metric 14).

Status

On January 17, 2025, the Office of Lead Hazard Control and Healthy Homes (OLHCHH) informed HUD OIG that the Office of the Federal Register published a notice, Modifying HUD’s Elevated Blood Lead Level Threshold for Children Under Age 6 Who Are Living in Certain HUD-Assisted Target Housing Covered by the Lead Safe Housing Rule. The notice announced that HUD is lowering its EBLL threshold from 5 to 3.5 µg/dL for a child under the age of 6, consistent with the CDC’s current blood lead reference value of 3.5 µg/dL, effective January 17, 2025. Next, OLHCHH will assist the Office of Community Planning and Development, the Office of Multifamily Housing Programs, and the Office of Public and Indian Housing to draft, circulate, and publish EBLL notices. The estimated completion date is June 30, 2025.

Analysis

To fully address this recommendation, OLHCHH must provide evidence that it has updated its regulations, policies, and procedures so that they are consistent with CDC’s lowered blood lead reference value of 3.5 ug/dL.

Implementation of this recommendation will help ensure children living in public housing with elevated blood lead levels receive effective environmental interventions.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.