Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Beta This is a new resource

Department of Health and Human Services’ Compliance With Federal Regulations Related to Operating Systems and Software Beyond End of Life

Announced on  | Last Modified on  | Project Number: A-18-23-05100
Status
Active
Agency
Office of the Secretary

OBJECTIVE

Operating systems, software, and applications that are no longer supported by their vendor/provider present risks to HHS and Operating Division (OpDiv) networks. Threat actors may exploit a known vulnerability in unsupported software, the result of which could be detrimental, including but not limited to data exfiltration (e.g., loss of PII), data destruction, compromised intellectual property, and reputational harm. We will determine if the Department of Health and Human Services and select OpDivs are in compliance with Federal regulations on the usage of unsupported software. In addition, we will determine if HHS has effective oversight and mitigation controls in place to ensure assets in operation beyond their end of life do not place HHS mission critical systems and data at risk.

TIMELINE

  • June 29, 2023
    Announced
  • Today
    Office of Audit Services In-Progress
  • Est FY2026
    Estimated Fiscal Year for Project Completion
Work Plan Type
Office of Audit Services
HHS Agencies
Office of the Secretary
Issue Areas
Departmental Operational Issues Information Technology and Cybersecurity
Target Groups
-
Financial Groups
Other Funding