U.S. flag

An official website of the United States government Here’s how you know

The .gov means it’s official.

Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.

The site is secure.

The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Document

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess the overall effectiveness of the Department of Housing and Urban Development’s information security program, assess their compliance with Federal guidance, and respond to OMB reporting questions for the fiscal year 2021 annual assessment. The OIG has determined that the contents of this report would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. 

Recommendations
Recommendation Status Date Issued Summary
2021-OE-0001-01 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-02 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-03 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-04 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-05 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-06 Open February 15, 2022 Define and communicate an organization-wide SCRM strategy to address risk appetite and tolerance, outline controls, evaluate and monitor supply chain risk, define roles and responsibilities, and discuss approaches to implement the strategy (derived from OIG FISMA metric 12).
2021-OE-0001-07 Open February 15, 2022 Define and communicate SCRM policies, procedures, and processes, ensuring that roles and responsibilities, management commitment, and coordination among organizational entities, and procedures to implement the policies and supply chain and supply chain-related controls are addressed (derived from OIG FISMA metric 13).
2021-OE-0001-08 Open February 15, 2022 Define and communicate policies and procedures to ensure that its products, system components, systems, and services comply with its cybersecurity and SCRM requirements. This recommendation includes a. identification and prioritization of externally provided systems (new and legacy), components, and services; b. how HUD maintains awareness of its upstream suppliers; c. the integration of acquisition processes, tools, and techniques to use the acquisition process to protect the supply chain; and d. contract tools or procurement methods to confirm that contractors are meeting their obligations (derived from OIG FISMA metric 14).
2021-OE-0001-09 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-10 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-11 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-12 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-13 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-14 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-15 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-16 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-17 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-18 Closed February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-19 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-20 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-21 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-22 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.
2021-OE-0001-23 Open February 15, 2022 The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.