U.S. flag

An official website of the United States government Here’s how you know

The .gov means it’s official.

Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.

The site is secure.

The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Document

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess the overall effectiveness of the Department of Housing and Urban Development’s information security program, assess their compliance with Federal guidance, and respond to OMB reporting questions for the fiscal year 2018 annual assessment.

The OIG has determined that the contents of this report would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.  Please contact the Office of Evaluation at [email protected] to request a copy of this report.

Recommendations
Recommendation Status Date Issued Summary
2018-OE-0003-01 Open October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public
2018-OE-0003-02 Closed October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public
2018-OE-0003-03 Closed October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public
2018-OE-0003-04 Closed October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public
2018-OE-0003-05 Closed October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public
2018-OE-0003-06 Closed October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public
2018-OE-0003-07 Open October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public
2018-OE-0003-08 Open October 31, 2018 Implement and formally document a comprehensive credentialed vulnerability scan program of all network components and applications, including web applications, in accordance with HUD risk management decisions. Ensure resources for all configuration management activities are allocated in a risk-based manner. *OIG has determined the reports containing the recommendations are not appropriate for public release. In some cases, the recommendations have been summarized.
2018-OE-0003-09 Closed October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public
2018-OE-0003-10 Closed October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public
2018-OE-0003-11 Closed October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public
2018-OE-0003-12 Closed October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public
2018-OE-0003-13 Closed October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public
2018-OE-0003-14 Closed October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public
2018-OE-0003-15 Closed October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public
2018-OE-0003-16 Open October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public
2018-OE-0003-17 Closed October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public
2018-OE-0003-18 Closed October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public
2018-OE-0003-19 Closed October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public
2018-OE-0003-20 Closed October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public
2018-OE-0003-21 Closed October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public
2018-OE-0003-22 Open October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public
2018-OE-0003-23 Open October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public
2018-OE-0003-24 Closed October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public
2018-OE-0003-25 Open October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public
2018-OE-0003-26 Closed October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public
2018-OE-0003-27 Closed October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public
2018-OE-0003-28 Closed October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public
2018-OE-0003-29 Closed October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public
2018-OE-0003-30 Open October 31, 2018 The OIG has determined that the contents of this recommendation would not be appropriate for public