security audit

HHS tightens FISMA compliance, but risks remain

While the Department of Health and Human Services has made progress in compliance with the Federal Information Security Modernization Act,  an audit released by the HHS Office of Inspector General found that the department has ample opportunities to further improve its security program.

Auditors found the agency has not fully implemented a department-wide continuous monitoring program that shows how its operating divisions implement strategies and report on cybersecurity metrics, according to an article on FCW, a sister site to GCN.   

The IG report also identified operating divisions that were using IT systems with expired authority to operate certificates and some that were failing to regularly implement account management procedures for shared accounts and new, transferred or terminated personnel. Other areas of weakness included lack of incident response and reporting procedures, incomplete inventories of contractor systems, failure of remote access policies, incomplete contingency planning documentation and ineffective contractor oversight.

The report’s recommendations suggest further work on vulnerability management, software assurance, information management, license management, malware detection and network management.

About the Author

Amanda Ziadeh is a former reporter/producer for GCN.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected