Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Security at the Health Resources and Services Administration Needs Improvement Because Controls Were Not Fully Implemented and Monitored

Issued on  | Posted on  | Report number: A-18-14-30430

Report Materials

We assessed the adequacy of the Health Resources and Services Administration's (HRSA) information security controls. Specifically, we reviewed controls over inventory management, patch management, antivirus management, event management, logical access, encryption, configuration management, Web vulnerability management, and Universal Serial Bus port control management.

We found that HRSA had not fully implemented or monitored some information security controls.

We recommended that HRSA implement our detailed recommendations to address the specific findings we identified.

Report Type
Audit
HHS Agencies
Health Resources and Services Administration
Issue Areas
-
Target Groups
-
Financial Groups
-

Notice

This report may be subject to section 5274 of the National Defense Authorization Act Fiscal Year 2023, 117 Pub. L. 263.