The Department of Health and Human Services’ information security program is “not effective,” according to the latest Federal Information Systems Modernization Act audit conducted by the agency’s Office of Inspector General.
The OIG’s report, released in April, identified deficiencies in implementing a departmentwide continuous diagnostics and mitigation program and noted that “there is no definitive schedule to fully implement the CDM program across all [operating divisions].” The agency concurred with the assessment and the recommendations included in the report.