Office of Inspector General: 9 findings on HHS compliance with IT security

Jessica Kim Cohen -

Although HHS has made strides in IT security, there is still work to be done, according to a report by HHS' Office of Inspector General.

The report, conducted by Ernst & Young while under contract with the Office of Inspector General's Office of Audit Services, evaluates HHS' compliance with the Federal Information Security Modernization Act of 2014.

Here are the nine areas the Office of Inspector General identified as weaknesses.

  • Continuous monitoring management
  • Configuration management
  • Identity and access management
  • Incident response and reporting
  • Risk management
  • Security training
  • Plan of action and milestones
  • Contingency planning
  • Contractor systems

"Overall, in comparison to the prior year's FISMA review, HHS has made improvements," according to the report. "However, despite the progress made to improve the HHS and its [operating division's] information security program, opportunities to strengthen the overall information security program exist. "

Click here to view the full report.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.