The U.S. Department of Housing and Urban Development (HUD) has yet to implement various Government Accountability Office (GAO) recommendations from April of 2019 and eight more recommendations have been identified for HUD including those in cybersecurity and IT management.
“Fully implementing these open recommendations could significantly improve HUD’s operations,” GAO said in an April 23 letter addressed to HUD Secretary Ben Carson.
GAO made two recommendations for HUD regarding cybersecurity risk management (CRM) and workforce planning practices. It recommends that HUD issue a CRM strategy that contain elements called for in Federal guidance. The second recommendation is from a March 2019 report which “would help HUD track and categorize its IT and cyber workforce.” HUD told GAO that it was in the process of reviewing its IT and cyber positions in January 2019 and is working towards fully implementing the recommendation.
Further, GAO made two recommendations regarding improving IT management both over five years old. One of the recommendations, from a December 2014 report, is to establish “a process to enable HUD to identify IT governance actions and projects that are achieving cost savings and efficiencies.” The second recommendation, from a February 2014 report, is for HUD to better define its overall IT modernization strategy.
“HUD agreed with these recommendations and to date has developed a tool to help evaluate and rank IT projects and systems, as well as completed a technical assessment to identify gaps in IT and develop a modernization approach,” GAO said. To fully implement the recommendations, GAO added that HUD would need to “establish and document a process for identifying and tracking data on cost savings and efficiencies and continue to define the scope, strategy, and schedule of its IT modernizations approach.”