security audit

HHS tightens FISMA compliance, but risks remain

While the Department of Health and Human Services has made progress in compliance with the Federal Information Security Modernization Act,  an audit released by the HHS Office of Inspector General found that the department has ample opportunities to further improve its security program.

Auditors found the agency has not fully implemented a department-wide continuous monitoring program that shows how its operating divisions implement strategies and report on cybersecurity metrics, according to an article on FCW, a sister site to GCN.   

The IG report also identified operating divisions that were using IT systems with expired authority to operate certificates and some that were failing to regularly implement account management procedures for shared accounts and new, transferred or terminated personnel. Other areas of weakness included lack of incident response and reporting procedures, incomplete inventories of contractor systems, failure of remote access policies, incomplete contingency planning documentation and ineffective contractor oversight.

The report’s recommendations suggest further work on vulnerability management, software assurance, information management, license management, malware detection and network management.

About the Author

Amanda Ziadeh is a former reporter/producer for GCN.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected