The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess…

Enforce the requirement for all HUD web applications and services to be approved and authorized by OCIO. The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials. Corrective Action Taken In January 2023, HUD's Office of the Chief Information Officer developed and released a Web Applications Directive to all HUD program…

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess…

The Federal Information Security Modernization Act of 2014 (FISMA) directs the Office of Inspector General (OIG) to conduct an annual evaluation of the U.S. Department of Housing and Urban Development (HUD) information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and…

We reviewed information system controls over the U.S. Department of Housing and Urban Development’s (HUD) computing environment.  This review was conducted as part of the Office of Inspector General’s audit of HUD’s financial statements for fiscal year 2015 under the Chief Financial Officer’s Act of 1990. The OIG has determined that the contents of this report would not be appropriate for public disclosure and has therefore limited its…

Office of Evaluation, IT Evaluation Division (iTED) conducted an evaluation of HUD’s IT Modernization program, which included reviews on the implementation and maturity of HUD’s capital planning and investment control (CIPIC) process and Enterprise Architecture (EA) program. With the corroboration of HUD’s Office of Chief Information Officer (OCIO), the report focuses on three major IT programs and policies within the CPIC and EA programs: IT…

The Office of Evaluation performed preliminary research of the HUD Office of the Chief Information Officer’s (OCIO) management of the agency’s reporting of financial and project information on the Federal IT Dashboard (Dashboard).  The objective of the evaluation was to determine if OCIO processes ensured accurate IT investment information was reported on the Dashboard.  We found that project managers did not consistently follow…

We reviewed information system controls over the U.S. Department of Housing and Urban Development’s (HUD) computing environment.  This review was conducted as part of the Office of Inspector General’s audit of HUD’s financial statements for fiscal year 2014 under the Chief Financial Officer’s Act of 1990. The OIG has determined that the contents of this report would not be appropriate for public disclosure and has therefore limited its…

The Federal Information Security Management Act of 2002 (FISMA) directs the Office of Inspector General (OIG) to conduct an annual evaluation of the U.S. Department of Housing and Urban Development (HUD) information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and…

Federal organizations have a fundamental responsibility to protect the privacy of individuals and their personally identifiable information (PII) that is collected, used, maintained, shared, and disposed of by agency programs and information systems. The management of U.S. Department of Housing and Urban Development (HUD) programs demands the availability and use of extensive amounts of financial, demographic, and personal information. HUD is…

The Federal Information Security Management Act of 2002 (FISMA) directs the Office of Inspector General (OIG) to conduct an annual evaluation of the U.S. Department of Housing and Urban Development (HUD) information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and…

We have completed a review to determine whether HUD followed proper policies and procedures in responding to a breach of personally identifiable information which occurred on September 21, 2012. Specifically, for this incident, we identified what actions were taken and any deficiencies within HUD policies, plans, or current practices. We determined that HUD responded to the incident properly, following United States Computer Emergency…

We audited the U.S. Department of Housing and Urban Development’s (HUD) management procedures, practices, and controls related to the Recovery Act Management and Reporting System (RAMPS). Our objective was to assess its capability to record and provide data required by the American Recovery and Reinvestment Act of 2009 on which HUD is required to report. Overall, RAMPS had the capability to record Recovery Act data and produce the reports…

We have completed an audit of the U.S. Department of Housing and Urban Development’s (HUD) information security program. We evaluated whether HUD’s Office of the Chief Information Officer (OCIO) had developed security policies, implemented procedures, and continuously monitored its entitywide information system security program. We performed this audit because it is a required component of our fiscal year 2010 consolidated financial…

We audited HUD's process for monitoring recipient reporting for the American Recovery and Reinvestment Act of 2009 (Recovery Act). The Recovery Accountability and Transparency Board (Board), created by the Recovery Act, has required the Inspector General community to evaluate Federal agencies' process for monitoring recipient reporting of Recovery Act funds for the quarter ending September 30, 2009. The audit reports are to be issued to their…

The HUD Inspector General Office the management procedures, practices, and controls related to the Recovery Act Management and Reporting System (RAMPS) to assess compliance with reporting requirements under the American Recovery and Reinvestment Act (Recovery Act). The audit found that HUD had taken actions to comply with the reporting requirements under the Recovery Act. However, HUD’s effort to implement procedures, practices, and controls…

We audited the Federal Housing Administration's (FHA) management of its information technology resources and compliance with U.S. Department of Housing and Urban Development (HUD) and other federal information security requirements. Our overall objective was to determine whether FHA effectively managed security controls relating to its information technology resources. This audit supported our financial statement audits of FHA and HUD as well…

We reviewed general and application controls for selected information systems to assess management controls over the U.S. Department of Housing and Urban Development's (HUD) computing environments as part of the Office of Inspector General's (OIG) audit of HUD's financial statements for fiscal year 2007 under the Chief Financial Officer's Act of 1990. Our review was based on the Government Accountability Office (GAO) "Federal Information…

NEWARK, N.J. – An Essex County, New Jersey, man will be arraigned today on charges that he engaged in a conspiracy to commit mortgage fraud that resulted in potential losses in excess of $1 million, U.S. Attorney Craig Carpenito announced. Cabral Simpson, 43, of Belleville, New Jersey, appeared before U.S. Magistrate Judge Leda Dunn Wettre in Newark federal court. He is charged by indictment with one count of conspiracy to commit wire fraud…

NEWARK, N.J. – Two New Jersey men were today sentenced to prison terms for their respective roles in using phony monetary instruments to obtain luxury vehicles and other high value items; one of the defendants was additionally convicted of bankruptcy fraud, U.S. Attorney Craig Carpenito announced. Germaine Howard King, a/k/a “Germaine Howard,” 47, of Elizabeth, New Jersey, was sentenced to 70 months in prison, and Daniel D. Dxrams, currently…