U.S. flag

An official website of the United States government Here’s how you know

The .gov means it’s official.

Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.

The site is secure.

The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Hotline

Report Fraud, Waste and Abuse
Export
Date Issued
2023-OE-0007 | December 12, 2024

U.S. Department of Housing and Urban Development Personally Identifiable Information Risk Management in a Zero Trust Environment (2023-OE-0007) Evaluation Report

Policy Development & Research

  •  
    Status
      Open
      Closed
    2023-OE-0007-03
    Priority
    Priority

    We believe these open recommendations, if implemented, will have the greatest impact on helping HUD achieve its mission to create strong, sustainable, inclusive communities and quality affordable homes for all.

    The CDO should coordinate with HUD’s Records Office, Privacy Office, and program offices to develop data policies and procedures for data inventory, categorization, and labeling in support of zero trust architecture.

    Status

    HUD is working on a plan to address the recommendation. HUD OIG anticipates receiving a corrective action plan no later than April 11, 2025, with a plan for resolving this recommendation.

    Analysis

    By addressing the recommendation, HUD will be positioned better to protect and prioritize protection for data in its IT systems. This will allow HUD to have a better understanding of the specifics of the most sensitive data as well as allow recommendation 2024-OE-0002a-003 to be addressed by HUD.

    HUD maintains billions of records of PII and sensitive data within IT systems and the IT environment. Knowing more specifics about the data is essential in the ability to protect and recover from attempted exfiltration attempts.

Displaying 1 - 1 of 1 Recommendations