The Office of National Drug Control Policy (ONDCP) leads and coordinates the Nation’s drug policy to improve the health and lives of the American people, including the development and implementation of the National Drug Control Strategy (the Strategy).  ONDCP evaluates the effectiveness of national drug control policy efforts, the Strategy’s goals and objectives, and each National Drug Control Program Agency’s program-level measures. …

The OIG evaluated the U.S. Department of Housing and Urban Development (HUD) Office of Housing’s (Housing) progress in applying zero trust security principles to protect personally identifiable information (PII) within the Federal Housing Administration (FHA) Catalyst system.HUD was in the beginning stages of implementing zero trust requirements for the data and identity pillars. HUD Office of Housing systems, including FHA Catalyst, are largely…

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess the…

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program. FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess the…

We performed an audit examining HUD’s efforts to prevent duplication of benefits when using Community Development Block Grant (CDBG) Disaster Recovery and Mitigation funds.  Our objective was to determine how the U.S. Department of Housing and Urban Development (HUD) assesses the adequacy of grantee procedures to prevent a duplication of benefits, both before and after grant execution. HUD certified grantees’ high-level processes for…

We conducted this evaluation to assess the maturity of HUD’s Robotic process automation (RPA) activities and determine whether HUD had implemented related controls to address technology and program management risks.  RPA is a software technology used to emulate human actions on a computer.  RPA software programs, referred to as “bots,” can complete repetitive tasks quickly and consistently, freeing up employees to work on other, higher…

We audited the U.S. Department of Housing and Urban Development’s (HUD) information technology (IT) infrastructure to support mandatory telework. During mandatory telework, more employees simultaneously needed remote access to HUD’s network and agency resources for an extended period, which presented unique risks and security requirements. While HUD is no longer operating under mandatory telework, understanding the challenges it faced is key to…

While conducting an ongoing audit of the Philadelphia Housing Authority’s (Authority) management of lead-based paint hazards in its public housing units, we identified a significant gap in HUD’s program requirements related to safe work practices, which we believe requires immediate action by HUD.  We identified that the Authority determined a substantial percentage of maintenance and hazard reduction work performed on surfaces with lead-…

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess…

We audited the U.S. Department of Housing and Urban Development’s (HUD) efforts to meet the Geospatial Data Act of 2018 (the Act).Our audit objective was to determine whether HUD met the 13 responsibilities stated in the Act with regard to its collection, production, acquisition, maintenance, distribution, use, and preservation of geospatial data.  The Act also generally requires covered agencies provide access to geospatial data and…

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess…

The Federal Information Security Modernization Act of 2014 (FISMA) requires all federal agencies to conduct independent security technical verification testing on a sampling of information systems annually.  In conjunction with our fiscal year 2021 FISMA evaluation (2021-OE-0001), we conducted a targeted security testing assessment of sample systems that resulted in a Topic Brief.  The objective of this application vulnerability…

We reviewed the U.S. Department of Housing and Urban Development’s (HUD) ability to effectively complete information technology (IT) acquisitions.  HUD’s IT systems and its modernization plans depend heavily on contractors, yet HUD has historically faced significant challenges with implementing effective acquisition processes. Therefore, HUD’s acquisition capacity represents a key potential risk within HUD’s IT environment. We found that a…

In February 2021, the Office of the Chief Information Officer (OCIO) identified funding risks with the development contract under which HUD contracted for Federal Housing Administration (FHA) Catalyst’s development.  In response, HUD officials took steps to slow FHA Catalyst spending on the contract while awaiting approval for additional contract funds.  Despite efforts to slow project spending, it was not enough to prevent funding…

The brief provides an update to the original 2018 topic brief, and highlights key challenges faced by HUD in managing and improving its IT program.  The brief is not based on new work, but is a summary of 83 reports and 788 recommendations from past HUD OIG and GAO reports. It discusses the present IT environment at HUD, previously identified and new IT-related challenges, and HUD’s efforts and progress in addressing these challenges.…

We reviewed the U.S. Department of Housing and Urban Development’s (HUD) information technology (IT) modernization roadmap.  A significant number of HUD’s mission-essential applications have not been modernized, which presents multiple sources of risk.  These applications are hosted on legacy information systems and mainframe platforms, which are operationally inefficient, increasingly difficult to secure, and costly to maintain.…

HUD does not have a departmentwide policy for dealing with radon contamination.  Instead, HUD relies on each program office to develop radon policies that align with HUD’s environmental regulations.  The three program offices reviewed do not have consistent radon policies.  Only Multifamily’s radon policy includes radon testing and mitigation requirements.  PIH’s policy strongly encourages but does not require public housing…

We audited information systems controls over the U.S. Department of Housing and Urban Development’s (HUD) computing environment as part of the internal control assessments for the fiscal year 2019 financial statements audit under the Chief Financial Officer’s Act of 1990. Our objective was to assess general controls over HUD’s computing environment for compliance with HUD information technology policies and Federal information system security…

The Federal Information Security Modernization Act of 2014 (FISMA) directs Inspectors General to conduct an annual evaluation of the agency information security program.  FISMA, Department of Homeland Security (DHS), Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) establish information technology (IT) security guidance and standards for Federal agencies. We conducted this evaluation to assess…

We audited the U.S. Department of Housing and Urban Development’s (HUD) Office of Policy Development and Research’s implementation of the responsibilities stated in the Geospatial Data Act of 2018 (The Act).  We performed this review in response to a congressional mandate that HUD’s geospatial data be audited at least once every 2 years.  The Act requires that we audit HUD’s collection, production, acquisition, maintenance,…