Skip Navigation
United States Flag

An official website of the United States government. Here's how you know >

U.S. Flag An official website of the United States government.
Change Font Size

Review of the Department of Health and Human Services' Compliance with the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015

Overall, the Department continues to implement changes to strengthen its enterprise-wide information security program. However, opportunities were identified that will allow HHS to continue to enhance its enterprise-wide information security program. We identified several reportable exceptions in the Department's security program. Areas for improvement were identified in the Department's Continuous Monitoring Management, Configuration Management, Identity and Access Management, Incident Response and Reporting, Risk Management, Security Training, Plan of Action and Milestones, Remote Access Management, Contingency Planning, and Contractor Systems.

The Department should further strengthen its information security program. We made a series of recommendations to enhance information security controls to the Department and specific controls for the operating divisions. HHS concurred or partially concurred with all of our recommendations and described actions it has taken and plans to take to implement them.

Copies can also be obtained by contacting the Office of Public Affairs at Public.Affairs@oig.hhs.gov.

Download the complete report.

Office of Inspector General, U.S. Department of Health and Human Services | 330 Independence Avenue, SW, Washington, DC 20201