According to the HIPPA Journal, The US Department of Health and Human Services (HHS) has failed their security audit for a fourth consecutive year.
The audits were conducted for the HHS’ Office of Inspector General (OIG) to confirm compliance with the Federal Information Security Modernization Act of 2014 (FISMA) for fiscal years 2018 through 2021. Audits were conducted at five of the HHS’ 12 operating divisions and all resulted in the program receiving a ‘not effective’ rating. The HHS was found to have failed in all divisions to fully implement a continuous diagnostics and mitigation (CDM) strategy and stated that “The HHS … does not have a definitive schedule for fully implementing the CDM program across all operating divisions.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.