Information Security at the Health Resources and Services Administration Needs Improvement Because Controls Were Not Fully Implemented and Monitored
We assessed the adequacy of the Health Resources and Services Administration�s (HRSA) information security controls. Specifically, we reviewed controls over inventory management, patch management, antivirus management, event management, logical access, encryption, configuration management, Web vulnerability management, and Universal Serial Bus port control management.
We found that HRSA had not fully implemented or monitored some information security controls.
We recommended that HRSA implement our detailed recommendations to address the specific findings we identified.