The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

PIH in coordination with other HUD offices as necessary, research and address potential causes of the variance in the number of EBLL cases among States on the EBLL tracker and identify solutions that are within HUD's control.

Status

As of November 13, 2024, the PIH Office of Field Operations (OFO) had completed its outreach data collection and identified 9 public housing authorities that had not completed the required EBLL reporting actions and that OFO informed the field office directors overseeing the appropriate PHAs that they had until November 6, 2024, to upload the proper information to the trackers. As of January 29, 2025, OFO field office directors and their staff were still updating and inputting EBLL cases and relevant documentation into the EBLL tracker due to delays in responses from PHAs. The estimated completion date is February 28, 2025.

Analysis

To fully address this recommendation, OFO must provide evidence that it coordinated with other HUD offices and identified the causes of the variances in the number of EBLL cases among states on the EBLL tracker. OFO must also demonstrate that it fully remedied the causes of the variances. Alternatively, OFO must provide an explanation sufficient to support a claim that it could not identify the causes of the variances or develop and implement solutions for problems it identified in its research.

Implementation of this recommendation will result in improved HUD data of EBLL cases of children living in public housing across the country. Accurate reporting of EBLL cases to HUD is essential so that HUD can ensure PHAs take effective environmental interventions that help prevent additional lead exposure.

Update HUD regulations, policies, and procedures following the regulatory process required by the amended Lead Safe Housing Rule, in consideration of CDC’s lowered BLRV of 3.5 ug/dL.

Status

On June 12, 2024, the Office of Lead Hazard Control and Healthy Homes informed HUD OIG that the draft Federal Register notice of its request for information from Lead Safe Housing Rule stakeholders and the general public on its proposal to adopt CDC's BLRV of 3.5 µg/dL as its EBLL under the rule has been circulated for OGC and preclearance review, which will be followed by Departmental clearance. OLHCHH plans on publishing the Federal Register notice by June 30, 2024, with a 60-day comment period. OLHCHH will provide the link and the link and the notice once it is published. OLHCHH will then review public comments in preparing to decide whether to change the rule's current level, and if so, to what level.

The Office of Lead Hazard Control and Healthy Homes estimated this will be completed by June 30, 2024.

Analysis

To fully address this recommendation, OLHCHH must provide evidence that it has updated its regulations, policies, and procedures so that they are consistent with CDC’s lowered BLRV of 3.5 ug/dL.

Alternatively, OLHCHH must establish that its research led it to determine that environmental interventions in cases of children with EBLLs between 3.5 and 4.9 µg/dL were ineffective in reducing the children’s blood lead levels and that lowering HUD’s EBLL regulation to 3.5 µg/dL is unnecessary.

Implementation of this recommendation will help ensure children living in public housing with EBLLs receive effective environmental interventions.

Identify short- and long-term plans for the RPA program that align its capabilities, staffing needs, funding projections, and mission needs.

Implement procedures to capture and monitor centralized logs to maintain appropriate visibility into bot activities and provide for auditability of bot actions.

Implement procedures to periodically review RPA system access and remove access for users that are not authorized or no longer have a need to use the system.

Implement procedures to ensure that attended bots use the security rights and credentials of the attending user.

HUD OCIO should implement procedures to ensure that information in cybersecurity risk registers is obtained accurately, consistently, and in a reproducible format and is used to a. quantify and aggregate security risks, b. normalize cybersecurity risk information across organizational units, and c. prioritize operational risk response (derived from metric 5).

HUD OCIO and the HUD Chief Risk Officer should coordinate to implement procedures to monitor the effectiveness of cybersecurity risk responses to ensure that risk tolerances are maintained at an appropriate level (derived from metric 5).

HUD OCIO and the Office of Administration should implement procedures to ensure proper validation of media sanitization in accordance with HUD Media Protection Procedures 2.0 (February 2022) and form HUD 1067A, Certification of Sanitization (derived from metric 36).

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

Define and communicate policies and procedures to ensure that its products, system components, systems, and services comply with its cybersecurity and SCRM requirements. This recommendation includes:

• Identification and prioritization of externally provided systems (new and legacy), components, and services.
• How HUD maintains awareness of its upstream suppliers.
• The integration of acquisition processes tools, and techniques to use the acquisition process to protect the supply chain.
• Contract tools or procurement methods to confirm that contractors are meeting their obligations (derived from OIG FISMA metric 14).

Status

On January 17, 2025, the Office of Lead Hazard Control and Healthy Homes (OLHCHH) informed HUD OIG that the Office of the Federal Register published a notice, Modifying HUD’s Elevated Blood Lead Level Threshold for Children Under Age 6 Who Are Living in Certain HUD-Assisted Target Housing Covered by the Lead Safe Housing Rule. The notice announced that HUD is lowering its EBLL threshold from 5 to 3.5 µg/dL for a child under the age of 6, consistent with the CDC’s current blood lead reference value of 3.5 µg/dL, effective January 17, 2025. Next, OLHCHH will assist the Office of Community Planning and Development, the Office of Multifamily Housing Programs, and the Office of Public and Indian Housing to draft, circulate, and publish EBLL notices. The estimated completion date is June 30, 2025.

Analysis

To fully address this recommendation, OLHCHH must provide evidence that it has updated its regulations, policies, and procedures so that they are consistent with CDC’s lowered blood lead reference value of 3.5 ug/dL.

Implementation of this recommendation will help ensure children living in public housing with elevated blood lead levels receive effective environmental interventions.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.

The OIG has determined that the contents of this recommendation would not be appropriate for public disclosure and has therefore limited its distribution to selected officials.