Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

The Information Technology Infrastructure and Operations Office Had Inadequate Information Security Controls

Issued on  | Posted on  | Report number: A-18-14-30420

Report Materials

We assessed the adequacy of the Information Technology Infrastructure and Operations Office's (ITIO) information security controls at a selection of the Department of Health and Human Services' operating divisions that are managed by ITIO. Specifically, we reviewed controls over inventory management, patch management, antivirus management, event management, logical access, encryption, configuration management, Web vulnerability management, and Universal Serial Bus port control management.

We found that ITIO had not fully implemented or monitored some information security controls.

We recommended that ITIO implement our detailed recommendations to address the specific findings we identified.

Report Type
Audit
HHS Agencies
Office of the Secretary
Issue Areas
-
Target Groups
-
Financial Groups
-

Notice

This report may be subject to section 5274 of the National Defense Authorization Act Fiscal Year 2023, 117 Pub. L. 263.