The Department of Health and Human Services will implement continuous monitoring of its systems, after an audit conducted by the department's Office of Inspector April 25 found its information security program "not effective" for fiscal year 2021, FedScoop reported May 6.
The audit report said the HHS failed to meet the "managed and measurable" maturity level for four function areas: identify, protect, detect and recover.
In order to mitigate the weaknesses surrounding risk management and contingency planning, the HHS is committing to the following:
- HHS will work with the Department of Homeland Security to implement automated Continuous Diagnostics and Mitigation tools to provide risk information to an RSA Archer suite to manage regulatory compliance and risk management.
- HHS will partner with the Cybersecurity and Infrastructure Security Agency's CDM program to implement the CDM Dashboard 2 by the end of fiscal 2022. The dashboard will collect asset, infrastructure, user and protection data.